express-jwt-auth
Advanced tools
Middleware for user authorization and authentication with JSON Web Token. Uses MongoDB for data storage.
Middleware for user authorization and authentication with JSON Web Token. Uses MongoDB for data storage.
The module is in early beta stage.
npm install express-jwt-auth
var express = require('express');
var app = express();
var http = require('http');
var server = http.Server(app);
var path = require('path');
var bodyParser = require('body-parser');
var settings = {
mongoconnection: 'mongodb://localhost:27017/dbname',
logFile: path.join(__dirname, 'authlogger.log'),
corsDomains: ['http://localhost:5000'],
// Nodemailer settings, used for resetting password
mailer: {
mailerFrom : 'your.mail@example.com',
mailerTitle : 'Password reset',
transporter : {
service: 'Gmail',
auth: {
user: 'your.mail@gmail.com',
pass: '<app_token>'
}
}
}
};
var auth = require('express-jwt-auth')(app, settings);
app.use(bodyParser.json());
app.get('/api/test', auth, function(req, res) {
res.send('Secured access.');
});
server.listen(3000);
express-jwt-auth is a middleware, meaning you can pass the module to express routing as an agrument, as in the integration example above: app.get('/api/test', auth, function(req, res) { ...
| Name | Default value | Description |
|---|---|---|
mongoconnection | - | MongoDB connection string, ex. mongodb://localhost:27017/my-notes. |
urlStrings | { signup: '/signup', login: '/login', remindpassword: '/remindpassword', resetpassword: '/resetpassword', checkauth: '/checkauth', keepalive: '/keepalive', editprofile: '/editprofile', removeaccount: '/removeaccount' } | Object with url strings. |
removeCallback | - | Execute a callback on account remove. The callback returns removed user id. |
logFile | - | Log file name/path. |
tokenSecret | 53cr3t-h3re-p9t | String for salting token encryption. |
tokenExpire | 300 | Token expiration period in seconds. |
corsDomains | - | Array with allowed domains. Ex. ['http://mydomain.com', 'http://example.com'] |
mailer | - | Transport settings for nodemailer module. More details |
Secured requests must contain a header parameter with JSON Web Token string: Authorization:Bearer <JWT string>
###signup
If the signup request is valid (payload parameters validated: username, email and password) it returns a json object: {token: <JWT string>}
If the payload data is invalid (username, email, password) the server returns a collection of error objects, for example: [{"param":"username","msg":"Username must be at least 4 characters long","value":"dd"},{"param":"password","msg":"Password must be at least 4 characters long","value":"ee"}] with status code 400.
In case of data conflict (existing username or email): [{"msg":"Email already exists","param":"email"},{"msg":"Username already exists","param":"username"}]. Status code is 409.
###login
Successful login (request payload parameters: username and password) returns a json object: {token: <JWT string>}
Object: {"msg":"Unauthorized"}. Status code 401.
###editprofile
If payload parameters are valid (username, email and optional password) retuns a json object: {token: <JWT string>}. Updates password only if the password string is not empty.
The same as for signup.
###removeaccount
###checkauth
Returns code 200 or 401 in case the token is not validated
###keepalive
Should be send using intervals. Returns refreshed token: {token: <JWT string>}.
###remindpassword
The post data must contain email and url parameters. url should be the domain of your service. For example for url set to http://example.com a reset password link will be generated and sent to the user: http://example.com/resetpassword?token=<token_string>.
If the payload email is validated sends an email with reset password link. Returns: {"msg":"new_password_sent"}. Requires nodemailer transport settings.
[{"msg":"Email not found","param":"email"}]. Status code 400.
###resetpassword
Sends a new password provided by user. Payload parameters: password string, reset token from query string parameter.
Run tests with npm test.
Angularjs example can be found in a separate repository: https://github.com/baniol/angularjs-auth
Follow the instructions from the readme file.
Copyright (c) 2014 Marcin Baniowski http://baniowski.net
FAQs
Middleware for user authorization and authentication with JSON Web Token. Uses MongoDB for data storage.
We found that express-jwt-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
Research
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Security News
TeamPCP is partnering with ransomware group Vect to turn open source supply chain attacks on tools like Trivy and LiteLLM into large-scale ransomware operations.