npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sails-hook-jwtoken

v0.0.9

Published

jsonwebtoken hook for Sails.js v1

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jorgevrgsjorgevrgs

Keywords

sailsjwtjsonwebtokensails-hookssails-helpers

Readme

sails-hook-jwtoken - jsonwebtoken hook for Sails.js v1

Installation

npm i sails-hook-jwtoken

npm

Travis (.org)

Node.js Package

How to use

sails.helpers.jwt.sign(payload) Generate your token

// api/controller/entrance/login
...
const jwtToken = await sails.helpers.jwt.sign({
  sub: userRecord.id,
});

return jwtToken;

sails.helpers.jwt.verify(req, res) Verify token

By default the module include a validation hook for the authorization header, however the user could disable the default and implement a custom one with the configuration set to sails.config.jwt.enableRequestHook = false.

Process your req.me object

The hook expose req.me to be used either in a controller or a policy. However, the user is able to disable this hook to implement one manually with the option sails.config.jwt.enableRequestHook = false in the configuration.

Configuration

There are a couple of options to configure a Json Web Token signature, either with a private/public string or a private/public key file.

Default configuration:

module.exports.jwt: {
  model: 'user',
  privateFile: false,
  publicFile: false,
  privateFileName: 'private',
  publicFileName: 'public',
  ext: '.pem',
  passphrase: '',
  privateKey: 'super-secret-string',
  publicKey: 'super-secret-string',
  enableRequestHook: true,
  signOptions: {
    algorithm: 'HS256',
    expiresIn: '7d',
  },
  verifyOptions: {
    algorithms: ['HS256'],
  },
},

String Configuration

Example:

// config/jwt.js

module.exports.jwt: {
  privateKey: 'an-impoved-super-secret-string',
  publicKey: 'an-impoved-super-secret-string',
},

File Configuration

Example:

// config/jwt.js

module.exports.jwt: {
  privateFile: true,
  privateFileName: 'private_passphrase', // Default 'private'
  publicFile: true,
  publicFileName: 'public_passphrase', // Default 'public'
  ext: '.pem', // Default
  passphrase: 'test' // Default ''

  signOptions: {
    algorithm: 'RS256',
    expiresIn: '7d',
  },
  verifyOptions: {
    algorithms: ['RS256'],
  },
},

When use a private/public file, create your files with the privateFileName, publicFileName and ext configuration:

private: config/keys/private.pem

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

public: config/keys/public.pem

-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----

Check this example in StackOverflow to generate a private / public key.

openssl genrsa -aes256 -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem

Or another article Creating RSA Keys using OpenSSL.

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

Example

If you want to implement your own token verification process, then set configuration sails.config.jwt.enableRequestHook = false in the config/jwt.js file:

// config/jwt.js
module.exports.jwt = {
  ...
  enableRequestHook: false
}

Implement a Policy

Run sails generate policy check-token.

Check the token:

// api/policies/check-token.js
// req.authorization = 'Bearer {{token}}'
module.exports = async function (req, res) {
  const user = await sails.helpers.jwt
    .verify(req, res, next)
    .tolerate((err) => sails.log.silly(err));
  if (user) {
    req.me = user;
  }

  next();
};

Use the policy in the controllers:

// config/policies.js
module.exports.policies = {
  '*': 'is-super-admin',
  'private/*': ['check-token', 'check-permissions', 'other-policies'],
  'public/*': true,
};

Implement a Hook

Run sails generate hook check-token.

Check the token:

// api/hooks/check-token/index.js
// req.authorization = 'Bearer {{token}}'
...
routes: {
  before: {
    '/*': {
      skipAssets: true,
      fn: async function(req, res, next) {
        const user = await sails.helpers.jwt.verify(req, res).tolerate((err) => sails.log.silly(err));
        if (user) {
          req.me = user;
        }
        next();
      }
    }
  }
}