Git Product home page Git Product logo

auth-basic-jwt's Introduction

Build Status NPM Version Node.js Version NPM Downloads Test Coverage

auth-basic-jwt

Basic auth + JWT middleware for Express

Initialization

const authModule = require('auth-basic-jwt')
const auth = authModule(
    secret,         // String or Buffer (can be forwarded by a promise) 
    userGetter*,    // function(userLogin) must return an object with at least a "pass" 
                    // attribute in order to be compared with basic auth credentials
    options         // Object (see below)
)

Note that the "userLogin" parameter must match the expected basic auth login

Options:
{
    token: {
        filter* :   function(user) or var, // Data to put in the token.user attribute 
                       // (default is the whole user param without the pass attribute)
                       // must return a "role" attribute in order to be compared with the
                       // auth.hasRole(...) method.
        decode* :   function(token) or var, // Data to put in the req.user attribute 
                       // (default is the token.user data)
        exp :       function(user) or var,
        iss :       function(user) or var,  
        sub :       function(user) or var,       
        aud :       function(user) or var,       
    },
    session: {
        filter* :   function(user), // Data to put in the req.user attribute
                       // (default is the whole user param without the pass attribute)
                       // must return a "role" attribute in order to be compared with the
                       // auth.hasRole(...) method.
    },
    password: {
        compare*:   function(user, pass):boolean // function used to compare 
                       // the user password (user.pass) and the provided credential (pass). 
                       // Default is "user.pass == pass"
    },
    unauthorized: function(error, req, res, next), // method )
    login: {
        path: string // path to match for a jwt request (default '/login') 
        method: string // method to match for a jwt request (default 'POST')
    }
}
  • Functions marked with * can return a promise.
  • Note that the user parameter is the object forwarded by your userGetter.
  • Be careful: if you don't set token.filter, user must be an object, in order to let the default filter delete the pass attribute (if you use mongoose for example ensure that it have been converted with the toObject method (or define the session & token filters))

Usage

Example of usage:

your-auth-config.js

function userGetter(userLogin) {
    return {
        email: userLogin,
        pass: 'password',
        roles: ['user']
    }
}
// OR //
function userGetter(userLogin) {
    return Promise.resolve({email: userLogin, pass: 'password', roles: ['user']});
}

const app = require('express')();
const auth = require('auth-basic-jwt')({
    secret: 'SECRET',
    getter: userGetter,
    /* options */
});

module.exports = auth;

express entry point

/// require ... ///
const auth = require('./your-auth-config');
app.use(auth.default);

const routeA = require('./routes/routeA');
const routeB = require('./routes/routeB');
const routeC = require('./routes/routeC');

app.get('/userinfo', auth.user, yourFunction);

app.use('/a', routeA);
app.use('/b', auth.user, routeB);
app.use('/c', auth.admin, routeC);
app.use('/d', auth.hasRole('custom'), routeD);

app.use(auth.unauthorized); // catch errors that are instance of AuthenticationError

Note that auth.user and auth.admin are just aliases of auth.hasRole('user') and auth.hasRole('admin').

RouteA.js

/// require ... ///
const auth = require('./your-auth-config')

router.get('yourPath', auth.user ,yourFunction);

module.exports = router;

auth-basic-jwt's People

Contributors

max-lt avatar maxx-t avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.