npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sails-api-jwt

v1.2.1

Published

An example implementation of JWT-based API for user registration and authorization.

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

deliazdeliaz

Keywords

SailsSails.jsJWTJSON Web TokenauthorizationAPI

Readme

JSON Web Token authorization API

Based on Sails.js

Build status Coverage Status

An example implementation of JWT-based API for user registration and authorization.

It supports:

  1. User register;
  2. User login;
  3. Token generation and validation;
  4. Password reset (with a reset token);
  5. Password change (with JWT credentials);
  6. Account locking.

Things to do:

  1. Optional email notifications (based on environment);
  2. Keep reset token encrypted and with a validity date;
  3. Unlock after some freeze period;
  4. Registration confirmation (with a confirm token).

Start

npm run start

or, if you have Sails globally:

sails lift

For security reasons, please change JWT_SECRET in api/config/env/development.js.

JWT Token

Token-free endpoints:

/user/create
/user/login
/user/forgot
/user/reset_password

Token-required endpoints:

/user
/change_password

To pass a JWT token use Authorization header:

Authorization: Bearer <JWT Token>

API methods description

For some reasons I do not use REST. Shortcuts also disabled by default (see api/config/blueprints.js).

/user/create

Creates a new user. Requirements for the password: length is 6-24, use letters and digits.

request

{
  "email": "[email protected]",
  "password": "abc123",
  "password_confirm": "abc123"
}

response

{
  "token": "<JWT Token>"
}

/user/login

request

{
  "email": "[email protected]",
  "password": "abc123"
}

response

{
  "token": "<JWT Token>"
}

N.B. Account will be blocked after 5 fails in 2 mins (configurable in api/services/UserManager.js).

/user/change_password

Changes user password. User should be authorized.

request

{
  "email": "[email protected]",
  "password": "abc123", 
  "new_password": "xyz321",
  "new_password_confirm": "xyz321"
}

response

{
  "token": "<JWT Token>"
}

N.B. All old tokens will be invalid after changing password.

/user/forgot

Initiates procedure of password recovery.

request

{
  "email": "[email protected]"
}

response

{
  "message": "Check your email"
}

/user/reset_password

Reset password to a new one with a reset token. Reset token sends to a user after /user/forgot.

request

{
  "email": "[email protected]",
  "reset_token": "<Password Reset Token>",
  "new_password": "xyz321",
  "new_password_confirm": "xyz321"
}

response

{
  "message": "Done"
}

HTTP codes

All endpoints uses HTTP status codes to notify about execution results

  • 200 ok, reqeust executed successfully;
  • 201 created, new user created successfully;
  • 400 bad requests, usually means wrong params;
  • 403 forbidden, for locked accounts;
  • 500 server error, something went wrong.

Tests

The project uses Travis-CI and Coveralls integration and has some tests. Run it via:

npm run test

Inspired by

This project is based on this repo: https://github.com/swelham/sails-jwt-example (unlicensed).
I refactored and improved it for myself.

License

It is MIT.