access-token-api
Advanced tools
A simple api access token support count and ttl,which base on nodejs. It can protect your api,prevent CSRF attacks, api called count with ttl.
npm install access-token-api
Single Process
`nodejs`
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(html,token,callback){
//if you want to custom you webtoken inject in hmlt , you can do in this function. example:
var htmlEndIndex = html.indexOf('</html>');
var tokenScript = '<script>window.' + this.config.webTokenVarName + '=' + token + '</script>';
var prevHtml = html.substring(0, htmlEndIndex);
var nextHtml = html.substr(htmlEndIndex);
prevHtml += tokenScript;
prevHtml += nextHtml;
callback(null, prevHtml);
}
});
`web javascript`
//get the token
window[webTokenVarName]
Multi Process
`nodejs`
var redis = require("redis"),
client = redis.createClient(6379,'localhost');
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
//store token in database(provide get , set, remove function)
storeConfig:{
get:function(key,callback){
client.GET(key,function(err,reply){
callback(err,reply);
});
},
set:function(key,data,ttl,callback){
client.PSETEX(key,ttl,data,function(err,reply){
callback(err,reply);
});
},
remove:function(key,callback){
client.DEL(key,function(err,data){
callback(err);
});
}
},
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(){
//if you want to custom you webtoken inject in hmlt , you can do in this function.
}
});
TokenApi.issue(10,10,function(err,token){
//todo
});
TokenApi.verify('token',function(err,count){
//todo
});
storeConfig more params's config please to see
store-ttl
web page can get token by window[webTokenVarName] , default to window.encrypt_api_tokenStr
issue
issue random token.
/**
* [issuse token]
* @param {[number]} [token ttl, default unit is second]
* @param {[number]} [token avalid count]
* @return {[string]} [return token]
*/
TokenApi.issue(10,5,function(err,data){
console.log(err,data);
})
//issue given token
TokenApi.issue(10,5,'givenToken',function(err,data){
console.log(err,data);//data is equal 'givenToken'
})
limit
limit function call times with ttl.
/**
* [limit function call some time]
* @param {[number]} [functionkey ttl, default unit is second]
* @param {[number]} [function avalid count]
* @return {[string]} [return err]
*/
// apiname can call 5 times in 10 senconds
TokenApi.limit('apiname', 10, 5,function(err){
if(!err){
//todo
}
})
pass
verify and decline token times, when the token is valid.
TokenApi.pass('token',function(err,data){
console.log(err,data);//err ,data: {code:0, passed: true, count: 2}, when code is zero and passed is true, token is valid.
})
passPromise
verify and decline token times, when the token is valid.
TokenApi.passPromise('token').then(function(data) {
}).catch(function (err) {
})
verify
verify the token
TokenApi.verify('token',function(err,data){
console.log(err,data);
})
remove
remove the token
TokenApi.remove('token',function(err,data){
console.log(err,data);
})
decline
decline the token times
TokenApi.decline('token',function(err,data){
console.log(err);
})
webInject
custom web frontend way to inject token into page
TokenApi.webInject('html','token',function(err,html){
console.log(err);
})
//test
1. redis-server
2. npm test
//coverage
npm run cov
0.2.1 add api passPromise , other api support promise.
0.2.0 add api limit , which one key can call some times with ttl.
0.1.0 issuse api support issue given token.
FAQs
encrypt you api
We found that access-token-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
Security News
Rustâs crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.
Security News
/Research
Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.