connect-authentication
Advanced tools
A simple (opinionated) connect-style authentication middleware.
This middleware directly use jws package to implement a simpler version of JsonWebToken to authenticate the users via cookie or the Authentication header.
Readers can read the source code to get the idea and replace the token encode/decode mechanism with jsonwebtoken, or use this package directly. This package does not follow the standard of jsonwebtoken. However, it is well tested in it owns implementation.
const express = require('express')
const connectAuthentication = require('connect-authentication').default
const cookieParser = require('cookie-parser')
const asyncMiddleware = require('middleware-async').default
const bodyParser = require('body-parser')
const user = {id: '1', first: 'hello', last: 'world', username: 'admin'}
const encode = u => u.id
const decode = id => id === '1' && user
const app = express()
app.use(
cookieParser('cookie-secret'),
connectAuthentication(encode, decode, 'jws-secret')
)
app.get('/', (req, res) => res.status(200).send('hello world!'))
app.post('/login',
bodyParser.json(),
asyncMiddleware(async (req, res) => {
const {body: {username, password}} = req
if (username === 'admin' && password === 'password') {
const token = await req.login(user)
res.status(200).json(token)
} else res.status(401).json({error: 'wrong credential'})
})
)
app.get('/me', (req, res) => {
if (req.user) res.status(200).json(req.user)
else res.status(403).json({error: 'please login'})
})
app.get('/logout', asyncMiddleware(async (req, res) => {
await req.logout()
res.send('logout success')
}))
app.listen(3000, () => console.log('Server is listening at port 3000'))
Interface of the default export
export default function connectAuthentication<IUser, IPayload>(
encode: (user: IUser) => CanAwait<IPayload>,
decode: (payload: IPayload) => CanAwait<IUser | undefined>,
secret: string | Buffer,
{
ttl = '1 week',
alg = 'HS256',
encoding = 'utf8',
cookieKey = 'jwt',
isTokenRevoked,
revokeToken,
cookieOptions = {
httpOnly: true,
sameSite: 'lax',
secure: true,
signed: false,
},
}: {
ttl?: number | string
alg?: Algorithm
encoding?: string
cookieKey?: string | false
isTokenRevoked?: (token: string) => CanAwait<boolean>
revokeToken?: (token: string, expire: Date) => CanAwait<void>
cookieOptions?: CookieOptions
} = {}
): RequestHandler
FAQs
Simple express credential/authentication middleware
The npm package connect-authentication receives a total of 0 weekly downloads. As such, connect-authentication popularity was classified as not popular.
We found that connect-authentication demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.