Generate token with HS256 (HMAC with SHA-256) symmetric algorithm
Store token in cache to double check if token is generated by our machine
How to use:
npm install incache-jws-session --save
const Session = require('incache-jws-session')
const config = {
secret: '@2e£$1#1&$23_-!',
serverHost: 'www.mdslab.org',
time: 1
}
const auth = new Session(config)
Generate a new token passing the user ID and the user type for example ‘root’, ‘admin’, ‘user’, ‘visitor’, etc
const token = await auth.createToken(1, 'user')
Store the new session token
const session = {
user: 1,
token: 'your token string',
exp: new Date().getTime() + 1,
type: 'user'
}
await auth.insert(session)
const result = await auth.check(token)
Decode an existing token and check if is valid and generated by our machine:
const decoded = await auth.decodeToken(token)
Using the session handler as middleware in Koa
Attach the session handler over the Koa context
app.context.auth = auth
Create a Middleware
module.exports = function(){
return async function(ctx, next){
if(!ctx.request.body.token)
return ctx.body = { isLogged : false, token: false , message: 'You must provide a token for this route' }
let status = await ctx.auth.check(ctx.request.body.token)
if(!status.isLogged)
return ctx.body = { isLogged : false, token: false , message: 'You are not logged in please do the log-in again' }
await next()
}
}
Now you can use it in your route file
const router = require('koa-router')()
const body = require('koa-body')()
const auth = require('./authMiddleware')
router.post('/admin', body, auth(), yourProtectedFunction)
Author
Davide Polano