npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

strajah-token

v2.0.4

Published

Ciphered accessToken management

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bot-strajahbot-strajah

Keywords

Readme

Circle CI

cipherToken

A method to create ciphered accessToken based on the following principles:

  • must include id information.
  • must include expiration information.
  • must be a designed token to transport, but not to store it.

NodeJS

Require

const cipherToken = require('cipherToken');

Usage

cipherToken is designed to be used as a module.

Initiate the token generator for a set of settings

const accessTokenCreator = cipherToken(settings);

Tokens are created this way

const cipheredToken = accessTokenCreator.create.userId('my-id12').data({'some': 'data'}).encode();

and can be decoded back to a more readable state with

const decodedToken = accessTokenCreator.decode(cipheredToken);

Settings

Settings is a hash with the following properties

  • cipherKey : (required) used to cipher the accessToken
  • firmKey : (required) used to firm the accessToken
  • tokenExpirationMinutes : minutes of accessToken life (90 minutes by default)
  • cipherAlgorithm : algorithm used to cipher the token (aes-256-cbc by default)
  • hmacAlgorithm : algorithm used to build the hmac (md5 by default)
  • hmacDigestEncoding : encoding used in the outbound of the hmac digest (hex by default)
  • plainEncoding : encoding used in the data content in the token (utf8 by default)
  • tokenEncoding : encoding used in the token format (base64 by default)
  • enableSessionId : sessionId of an accessToken, can be preset at accessToken creation

Settings must be passed to cipherToken in each call. Only cipherKey and firmKey are required.

Create tokens

First thing you need is a cipherToken for your settings

const accessTokenCreator = cipherToken(settings);

After that you'll create a set for a given user which will contain data to be encoded in the token

const cipheredToken = accessTokenCreator.set.userId('my-id12').data({'some': 'data'}).sessionId('my-previous-session-id').encode();

UserId can be an username or any other thing you use to identify your customers. SessionId is only to be submitted when you want to create a token associated to the same session of another token (usually near expiration). If you have enableSessionId in your settings enabled but that's the first time creating a token for a new session, then you don't need to use the method 'sessionId' and a random UUID v4 will be generated. Data is to encode the payload you want to travel with the token.

The result, cipheredToken, is an object which for now has only two properties

  • token: contains the token itself
  • error: only when there was an error during encoding process

Decode tokens

You'll need an accessTokenCreator (still looking for a better name) initialized with the same settings as the ones used in the encoding process

const decodedToken = accessTokenCreator.decode(validToken.token);

decodedToken has the following properties

  • set: the data encoded within the token, contains: userId, expiresAtTimestamp, data and sessionId if enabled
  • error: if an error occurred during decoding

The only one added by cipherToken is expiresAtTimestamp: at creation, gets the actual time and add to it the time expiration to calculate when will the token expire. Cipher token doesn't care if the token has expired or not.

Example

const cipherToken = require('cipherToken');

const settings = {
    cipherKey: 'myCipherKey123',
    firmKey:  'myFirmKey123'
};

const accessTokenCreator = cipherToken(settings);

const cipheredToken = accessTokenCreator.create.userId('John Spartan').data('validData').encode();
const decodedToken = accessTokenCreator.decode(cipheredToken);

console.log(decodedToken.set.userId)
console.log(decodedToken.set.expiresAtTimestamp)
console.log(decodedToken.set.data)
console.log(decodedToken.set.sessionId)