bearer

BearerJS

NodeJS/ExpressJS module for Bearer/Token authentication.

Usage

In your ExpressJS application init script, add the following before setting any other route:

var bearer = require('bearer'); var app = express(); bearer({ //Make sure to pass in the app (express) object so we can set routes app:app, //Please change server key for your own safety! serverKey:"12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678", tokenUrl:'/token', //Call this URL to get your token. Accepts only POST method createToken:function(req){ //If your user is not valid just return "underfined" from this method. var username=req.body.username; var userValid=true; //You are aware that this is where you check username/password in your DB, right!? if (userValid) return({ expire: moment(Date.now()).add('days', 1).format('YYYY-MM-DD HH:mm:ss'), username: username, contentType: req.get('Content-Type'), ip: req.ip, userAgent: req.header('user-agent'), custom_id: '55555', another: 'Some data you need in your token', moreData: 'Some more data you need' }); return undefined; }, validateToken:function(req, token){ //you could also check if request came from same IP using req.ip==token.ip for example if (token){ return moment(token.expire)>moment(new Date()); } return false; }, afterAuthorized:function(token){ //This is in case you would like to check user account status in DB each time he attempts to do something. //Doing this will affect your performance but its your choice if you really need it //Returning false from this method will reject user even if his token is OK return true; }, secureRoutes:[ {url:'/users', method:'get'} ] });