@authelion/api-utils v0.1.7

@authelion/api-utils 🛡

The main propose of this package, is to provide general utilities for authorization & authentication.

Table of Contents

• Installation
• Usage
  • KeyPair
  • Sign/Verify
  • Hash

Installation

npm install @authelion/api-utils --save

Usage

KeyPair

The following context parameters are all optional and will inherit default values, if not otherwise specified.

import {
    DSAKeyPairOptions,
    ECKeyPairOptions,
    RSAKeyPairOptions,
    RSAPSSKeyPairOptions,
} from 'crypto';

type KeyPairContext = {
    /**
     * default: 'rsa'
     */
    type: 'rsa' | 'rsa-pss' | 'dsa' | 'ec',
    /**
     * default: {
     *     modulusLength: 2048,
     *     privateKeyEncoding: {
     *         type: 'pkcs8',
     *         format: 'pem'
     *     },
     *     publicKeyEncoding: {
     *         type: 'spki',
     *         format: 'pem'
     *     }
     * }
     */
    options?: RSAKeyPairOptions<'pem', 'pem'> | 
        RSAPSSKeyPairOptions<'pem', 'pem'> |
        DSAKeyPairOptions<'pem' | 'pem'> |
        ECKeyPairOptions<'pem', 'pem'>,
    /**
     * default: process.cwd()
     */
    directory?: string,
    /**
     * default: 'private'
     */
    privateName?: string,
    /**
     * default: pem
     */
    privateExtension?: string,
    /**
     * default: 'public' 
     */
    publicName?: string,
    /**
     * default: pem
     */
    publicExtension?: string,
    /**
     * default: undefined
     */
    passphrase?: string,
    /**
     * default: true
     */
    save?: boolean
}

The useKeyPair method will

• create a key-pair, if it does not already exist
• use an internal runtime cache, if the key was once loaded before during runtime

import path from 'path';
import {
    useKeyPair,
    KeyPairContext
} from "@authelion/server";

const context: KeyPairContext = {
    directory: path.join(__dirname, 'writable'),
}

(async () => {
    const keyPair = await useKeyPair(context);
    
    console.log(keyPair);
    // {privateKey: 'xxx', publicKey: 'xxx'}
})();

Sign & Verify

The signToken and verifyToken provide a simple way to sign and verify a token (default: RS256). A private- & public-key will be automatically generated if none already exists.

import path from 'path';
import {
    KeyPairContext,
    signToken,
    verifyToken
} from "@authelion/api-utils";


const keyPair: KeyPairContext = {
    directory: path.join(__dirname, 'writable')
}

(async () => {
    const token : Record<string, any> = {foo: 'bar'};
    const tokenSigned = await signToken(token, {
        options: {
            expiresIn: 3600
        },
        keyPair
    });
    
    const tokenVerified = await verifyToken(tokenSigned);
    
    console.log(tokenVerified);
    // {iat: 1642942322, exp: 1642945922, foo: 'bar', ... }
})();

Hash

To simply hash and verify a password with the password hashing-function bcrypt based on the Blowfish cipher, use the methods hash & compare.

import {
    hash,
    compare
} from "@authelion/api-utils";


(async () => {
    const hashed = await hash('start123', 10); // 10 rounds
    let isValid = await compare('start123', hashed);
    console.log(isValid);
    // true
    
    isValid = await compare('star1234', hashed);
    console.log(isValid);
    // false
})();