sk-simple-token-security
Advanced tools
JWT security for SignalK Node Server
Make sure you have the latest node server and use the App Store to install the signalk-jwt-security-config plugin.
To enabled security on node server, add an authentication section to your settings .json file.
Here is an example:
"security": {
"strategy": "sk-simple-token-security",
"jwtSecretKey": "tyPaYnCtpZLZjNXyLRKnspZHQyLGZUgkYvtwE7quwZDaZmAnqpKntRqDjTciVazV",
}
For a full example settings file see example-node-server-settings.json
admin - an admin can do anything incuding installing plugins, configuring plugins, restarting the server, etc. Including anything that the readonly and readwrite users can do.readwrite - a readwrite user can use web apps, read from the rest and ws api's, and post to the rest api.readonly - a readlony user can read from the rest, ws and /plugin apisWhen JWT is turned on, all requests require a valid token to be present.
JWT requires a secret key, which is the jwtSecretKey in the example above. This can be any string, but it's recommended to use a good password generator that can generate a long string.
JWT tokens should have an expriation time, this is set using the jwtExpiration setting above. This defaults to 1 hour.
To get a token (which will expire), send a PUT request to /signalk/v1/login. This should contain a json object with username and password.
Example using curl:
curl -v -H 'Content-Type: application/json' -X PUT -d '{ "username": "admin", "password": "password"}' http://localhost:3000/signalk/v1/login
This returns a json object which includes the token:
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTg1MjAwfQ.c5hR66gm_GdE1c8eukUCxNhv-SEApCpMo3JCdUqEDEk"}
All REST requests should then include the standard Authorization HTTP header with all requests. The value of the header should be JWT a space and then the token.
Example using curl:
curl -v -H 'Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTYwMzEwfQ.7xvxLUechuztChRvGaYq_bpjYvu4NMpZe-uZqeAQV5c' http://localhost:3000/signalk/v1/api/vessels/self
These requests can use the same method as REST requests above or include the token as a query parameter.
Example using wscat:
wscat -c "ws://localhost:3000/signalk/v1/stream?subscribe=all&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTYwMzEwfQ.7xvxLUechuztChRvGaYq_bpjYvu4NMpZe-uZqeAQV5c"
FAQs
Simple token based security strategy for SignalK Node Server
We found that sk-simple-token-security demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Replit is integrating Socket Firewall into its AI-powered development experience to help protect builders from malicious open source packages.
Security News
npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.
Research
/Security News
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.