sf-token

Service for creating and checking temporary tokens.

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
sf-token
2.0.06 years ago9 years agoMinified + gzip package size for sf-token in KB

Readme

sf-token
Service for creating and checking temporary tokens.

NPM version Build status Dependency Status devDependency Status Coverage Status Code Climate

Usage

import TokenService  from 'sf-token';
import createObjectId from 'mongodb/objectid';

// Create a token service instance
let tokenService = new TokenService({
  uniqueId: createObjectId,
  secret: 'mysecret',
});

// create a token: the content may be any JSON serializable data
let endOfLife = Date.now() + 36000;
let {hash, ...envelope} = Service.createToken({
  method: 'GET',
  uri: '/user/abbacacaabbacacaabbacaca/subscriptions/report_received',
}, endOfLife);

// `hash` is for the client, you'll need it and `_id` to check the token
// validity

// `envelope` contains the token id (`_id` key), its validity (`endOfLife` key)
// and the given contents (`contents` key), you can store it as is in your
// database

// when the user connect to a uri
myApp.get('/tokens/:_id?hash=:hash', (req, res, next) {
  getFromDb(req._id)
    .then((envelope) => {
      tokenService.checkToken(envelope, req.hash);
      // Accept access (redirection may be based on the `envelope` contents )
    }).catch((err) => {
      // Refuse access
    });
});

Note that this only verify the hash and its validity regarding to the current time. You'll have to manage persistence yourself.

Modules

sf-token
## Classes
TokenService
## sf-token Api: public
## TokenService Kind: global class
Api: public
TokenService
* [new TokenService()](#new_TokenService_new)
* [.createToken](#TokenService+createToken) ⇒ <code>Object</code>
* [.checkToken](#TokenService+checkToken) ⇒ <code>void</code>
* [.createHash](#TokenService+createHash) ⇒ <code>String</code>
### new TokenService() Create a new TokenService instance
Returns: Object - A TokenService instance
Throws:
- YError(EBADSECRET) If there is no secret given - YError(ENOIDGENERATOR) If there is no id generator available - YError(EBADTIME) If the given time function is not right - YError(EBADALGORITHM) If the given algorithm is not supported
| Param | Type | Description | | --- | --- | --- | | options.secret | String | Some salt for hash | | options.uniqueId | function | A unique id generator | | options.time | function | A time function (defaults to Date.now()) | | options.algorithm | String | Algorithm to use (default to 'sha256') |
Example
```js let tk = new TokenService({
secret: 'mysecret',
uniqueId: createObjectId,
time: Date.now.bind(Date),
algorithm: 'md5',
   });
``` ### tokenService.createToken ⇒ Object Create a new token and return it envelope
Kind: instance property of TokenService
Returns: Object - The token envelope.
Throws:
- YError(ENOCONTENT) If there is no content - YError(ENOENDOFLIFE) If there is no end of life - YError(EPASTENDOFLIFE) If the end of life is past
Api: public
| Param | Type | Description | | --- | --- | --- | | contents | Object | Some JSON serializable content. | | endOfLife | Number | The time when the token is outdated. |
Example
```js tk.createToken({
uri: '/plop'
}, Date.now() + 3600000); // { // id: 'abbacacaabbacacaabbacaca', // endOfLife: 1441981754461, // hash: '13371ee713371ee713371ee7', // contents: { uri: '/plop' }, // } ``` ### tokenService.checkToken ⇒ void Check a token envelope against a given hash
Kind: instance property of TokenService

Throws:
- YError(ENOHASH) If there is no hash - YError(ENOID) If there is no id - YError(ENOCONTENT) If there is no content - YError(ENOENDOFLIFE) If there is no end of life - YError(EBADHASH) If the hash do not match - YError(EPASTENDOFLIFE) If the end of life is past
Api: public
| Param | Type | Description | | --- | --- | --- | | envelope.id | String | The token id | | envelope.endOfLife | Number | The token validity | | envelope.contents | Object | The token contents | | hash | String | The given hash to check against |
Example
```js tk.checkToken({ //
id: 'abbacacaabbacacaabbacaca', // endOfLife: 1441981754461, // contents: { uri: '/plop' }, }, '13371ee713371ee713371ee7'); ``` ### tokenService.createHash ⇒ String Create a hash from the given envelope
Kind: instance property of TokenService
Returns: String - The resulting hash
Api: private
| Param | Type | Description | | --- | --- | --- | | envelope.id | String | The token id | | envelope.endOfLife | Number | The token validity | | envelope.contents | Object | The token contents |