@tool-developer/egg-jwt
Advanced tools
JWT for egg plugin that supports server - and client-side custom authorization failure (return JSON data, or jump to the specified page).
$ npm i @tool-developer/egg-jwt --save
// {app_root}/config/plugin.js
exports.jwt = {
enable: true,
package: '@tool-developer/egg-jwt',
};
generate token, by payload include user id info, like this:
const payload = {
uid
}
const token = this.app.jwt.sign(payload);
validate token, get user id info
const valid = this.app.jwt.verify(token);
const {uid} = valid;
// {app_root}/config/config.default.js
exports.jwt = {
secret:'',
// enable middleware,default false
enableMiddleware:false,
//
cookieTokenSet:'auth-token',
//{[headerAuthorization]:'[headerAuthorizationScheme] [token]'}
headerAuthorization:'authorization',
headerAuthorizationScheme:'Bearer',
//{[headerPassthroughSet]:false}
headerPassthroughSet:'x-custom-passthrough',
//
// sign page route path
signPageRoutePath:'',
//
authOptions:{
// passthrough
},
//
// ctx.state.secret
contextStateSecret:'secret',
// ctx.state.user
contextStateUser:'user',
// jwt.sign options
signOptions:{
expiresIn:'2d'
},
// jwt.verify options
verifyOptions:{},
// ignore route path
ignore:[]
};
see config/config.default.js for more detail.
server authorization options
true:
return json data, like{code:401,info}
false:
when set signPageRoutePath, to redirect signPageRoutePath.
no set signPageRoutePath, to throw.
/a/b/c:
to redirect the url.
client authorization options, by headerPassthroughSet, same as the authOptions.
signOptions, to see jsonwebtoken jwt.sign
signOptions.expiresIn token expired time, default 2h, to see zeit/ms
verifyOptions, to see jsonwebtoken jwt.verify
to see egg math and ignore
Please open an issue here.
FAQs
jwt plugin for egg
The npm package @tool-developer/egg-jwt receives a total of 13 weekly downloads. As such, @tool-developer/egg-jwt popularity was classified as not popular.
We found that @tool-developer/egg-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.
Research
/Security News
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.
Research
Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.