@luckbox/token-data-middleware
Advanced tools
Validates and extracts data from signed tokens
const express = require('express');
const fs = require('fs');
const app = express();
const { tokenData } = require('@luckbox/token-data-middleware');
const publicKey = fs.readFileSync('id_ecdsa.pub.pem');
app.use(tokenData(publicKey, 'Custom-Token-Header'));
app.post('/message', (req, res) => {
if (!req.tokenData.id) {
return res.status(403).send('Permission denied');
}
// new message logic goes here...
});
app.listen(80);
const fs = require('fs');
const { parser } = require('@luckbox/token-data-middleware');
const publicKey = fs.readFileSync('id_ecdsa.pub.pem');
const tokenParser = parser(publicKey);
const token = 'qZPb3DyNIOnTeRv4oSy5TraslRO41AYjDlxSttpW5PWIcKIwqvlGDgMWPjhbIKpdcoX6mfsG9dwC-JRz5wbVAgeyJpZCI6MTIzNDV9';
const tokenData = tokenParser(token);
console.log(tokenData); // { id: 12345 }
module#parser(publicKey) : tokenParser()Initializes a new token parser.
| Name | Type | Description |
|---|---|---|
| publicKey | `String | Buffer` |
module#tokenData(publicKey[, headerName]) : ExpressMiddlewareCreates a new Express 4.x middleware.
| Name | Type | Default | Description |
|---|---|---|---|
| publicKey | `String | Buffer` | |
| headerName | String | "Token" | An optional name for the header from which to extract the token data |
sign(payload, privateKey) : ObjectSigns a payload and generates a token provided an ECDSA private key.
| Name | Type | Description |
|---|---|---|
| payload | any | Payload to sign |
| privateKey | String | PEM-formatted private key |
tokenParser(token) : ObjectParses a signed token and returns the data contained within. In case the token is invalid, an empty object is returned.
| Name | Type | Description |
|---|---|---|
| publicKey | String | PEM-formatted public key |
FAQs
Validates and extracts data from signed tokens
We found that @luckbox/token-data-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.
Research
/Security News
Campaign of 108 extensions harvests identities, steals sessions, and adds backdoors to browsers, all tied to the same C2 infrastructure.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.