npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

parse-server-otp-auth-adapter

v1.0.1

Published

Parse server auth adapter to sign with one time password

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

0xtiby0xtiby

Keywords

parseserverauthadapterotp

Readme

OTP Auth Adapter for Parse Server

The OTP Auth Adapter integrates seamlessly with Parse Server to enable One-Time Password (OTP) based authentication. This adapter facilitates secure user authentication using email-based OTP verification.

Features

  • Email-based OTP Authentication: Allow users to sign up and log in using their email addresses and one-time passwords.
  • Customizable OTP Validity: Set custom expiration times for OTPs.
  • Max Attempts Limit: Configurable maximum number of OTP entry attempts to prevent brute-force attacks.
  • Custom Email Sending: Integrate with your preferred email service to send OTPs.

Installation

To install the OTP Auth Adapter, add it to your Parse Server project via npm:

npm install parse-server-otp-auth-adapter

Configuration

To use the OTP Auth Adapter in your Parse Server, configure it in the authentication section of your Parse Server options.

  • otpValidityInMs: The validity duration of the OTP in milliseconds. Example: 300000 (which is equivalent to 5 minutes).
  • applicationId: The application ID for which the adapter is configured, typically the Parse Server application ID. Example: "YOUR_APP_ID".
  • mountPath: The path where the Parse Server is mounted. Example: "/parse".
  • maxAttempts: The maximum number of OTP entry attempts allowed before invalidation. Example: 3.
  • sendEmail: A function that handles sending the OTP to the user's email. You need to implement this function to integrate with your email service.
const { initializeOtpAdapter } = require("parse-server-otp-auth-adapter");

const otpOptions = {
  otpValidityInMs: 300000, // 5 minutes
  applicationId: "YOUR_APP_ID",
  mountPath: "/parse",
  maxAttempts: 3,
  sendEmail: async (email, otp) => {
    // Implement your email sending logic here
    // For example:
    // await sendEmailWithYourService(email, `Your OTP is: ${otp}`);
  },
};

const otpAdapter = initializeOtpAdapter(otpOptions);

const api = new ParseServer({
  appId: "YOUR_APP_ID",
  masterKey: "YOUR_MASTER_KEY",
  serverURL: "http://localhost:1337/parse",
  auth: {
    otp: otpAdapter,
  },
});

Usage

This section explains how to integrate the OTP Auth Adapter with your client-side application. The example below shows the complete process from requesting an OTP to authenticating the user via Parse Server.

const login = async () => {
  const parseUrl = "http://localhost:5001/parse";
  const appId = "yourAppId";
  const email = "[email protected]";

  // 1. Request OTP
  await fetch(`${parseUrl}/challenge`, {
    method: "POST",
    headers: {
      "X-Parse-Application-Id": appId,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      challengeData: {
        otp: {
          email,
        },
      },
    }),
  });

  // 2. User receives OTP via email

  // 3. Authenticate with Parse using the received OTP
  const otp = "123456"; // OTP entered by the user
  const authData = {
    email,
    otp,
  };

  const user = new Parse.User();
  user.set("username", email);
  await user.linkWith("otp", { authData });
};

OTP Table

The OTP Auth Adapter automatically sets up an OTP table in your Parse Server database with the following fields:

  • email: The email address associated with the OTP.
  • otp: The generated one-time password.
  • expiresAt: The expiration timestamp for the OTP.
  • attempts: The number of attempts made to verify this OTP.

Class-Level Permissions (CLP) are configured to restrict direct access to this table, ensuring that OTP management is securely handled through server-side logic.

Cleanup Job for Expired OTPs

To maintain the OTP table and remove expired entries, you can set up a background job in Parse Server.

Here's an example of how to create this job:

// Background job to clean up expired OTPs
Parse.Cloud.job("cleanupExpiredOTPs", async () => {
  const query = new Parse.Query(OTP_TABLE_NAME);
  query.lessThan("expiresAt", new Date());

  const expiredOTPs = await query.find({ useMasterKey: true });
  await Parse.Object.destroyAll(expiredOTPs, { useMasterKey: true });

  console.log(`Cleaned up ${expiredOTPs.length} expired OTPs`);
});

Contributing

Contributions are welcome! Please feel free to submit pull requests or open issues to discuss new features or improvements.

License

This project is licensed under the MIT License - see the LICENSE file for details.