Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

passwordless-lokijsstore

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passwordless-lokijsstore

LokiJS TokenStore for Passwordless

  • 1.0.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2
increased by100%
Maintainers
1
Weekly downloads
 
Created
Source

Passwordless-LokiJSStore

This module provides token storage for Passwordless -- a node.js module for express that allows website authentication without passwords. Visit the project's website https://passwordless.net for more details.

This module allows token to be stored in a LokiJS database. Tokens are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-lokijsstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var LokiJSStore = require('passwordless-lokijsstore');

passwordless.init(new LokiJSStore('tokens.json'));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });
    
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new LokiJSStore(file, [options]);
  • file: (string) Name of the file to be saved to. Further documentation can be found on the LokiJS website
  • [options]: (object) Optional. This can include LokiJS options as described in the docs as well as LokiJSStore-specific ones as described below. All options are combined in one object as shown in the example below:

Example:

passwordless.init(new LokiJSStore('tokens.json', {
    autosave: true,
    autosaveInterval: 5000,
    lokijsstore: {
        disablesaveatwrite: true
    }
}));

Options

  • [lokijsstore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
  • [lokijsstore.disablesaveatwrite]: (boolean) Optional. Disables automatic write to disk whenever changes to the database occur. Recommended for more intense workloads. Should only be set to true when LokiJS's autosave is set to true. Default: false

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected the same way. passwordless-lokijsstore uses bcryptjs with automatically created random salts (10 rounds).

Tests

$ npm test

License

MIT License

Author

Florian Heinemann @thesumofall

Keywords

FAQs

Package last updated on 13 Nov 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc