This is a quick app to demonstrate how to use koa and koa-jwt to create a secure rest api.
This README assumes you're using yarn. If not, you can substitute npm commands where appropriate.
- clone the git repo:
git clone https://github.com/clintmod/koa-jwt-login-example.git
- run
yarn
to install the dependencies - run
yarn local
to run node via nodemon to auto-reboot node if you edit source files
You can run the tests with the usual:
yarn test
If you want to develop more tests you can run:
yarn test-mocha-watch
This will start mocha in watch mode.
- use
curl
to register a new user:
curl -X POST --data '{"username":"thedude", "password":"abides", "email":"[email protected]", "name":"Mr. Lebowski"}' http://localhost:9000/public/register
- use
curl
to login with that user and get a token:
curl -X POST --data '{"username":"thedude", "password":"abides", "email":"[email protected]", "name":"Mr. Lebowski"}' http://localhost:9000/public/register
- use
curl
to access the securedapi/v1
route with the token you received in the login step
curl -X GET -H "Authorization: Bearer INSERT_TOKEN_HERE" http://localhost:9000/sacred
You'll notice in the package.json
I'm using a forked version of koa-jwt
. This is because currently, there's no "documented" way to know when a token expires. I've opened an issue and sent a pull request with what I think is an appropriate fix. When the pull request gets merged and released I'll update the demo with the new version of koa-jwt.
I also hash the password using bcrypt because you should always hash your passwords.