2.4.0 • Published 5 months ago

@cyphercider/e2ee-appkit-node v2.4.0

Weekly downloads
-
License
MIT
Repository
github
Last release
5 months ago

E2ee-appkit-node

A small node.js library, written in Typescript, that provides authentication components that are complimentary with @cyphercider/e2ee-appkit-browser.

Overall Design

This library runs in node and provides:

  • Signature verification using a user signing public key
  • Challenge generation (for user login)
  • Challenge response verification and user token (JWT) generation if verification is successful

Installation

npm i -S @cyphercider/e2ee-{appkit-node,appkit-shared-models}

Usage

Import CryptoKit

CryptoKit is a stateless class with static methods, and so requires no initialization.

import { CryptoKit } from '@cyphercider/e2ee-appkit-node'

Get challenge example function

This requires you plug in your own persistence to retrieve the user from your database.

import { ChallengeResponseInterface, UserInterface, CryptoKit } from '@cyphercider/e2ee-appkit-shared-models'

async function getChallenge(login: LoginRequestResource): Promise<ChallengeResponseInterface> {
  const user = // ... your function to retrieve the user definition from storage.  Must implement UserInterface

  if (!user) {
    throw new NotFoundException(`Could not find user ${login.username}`)
  }

  const challenge = CryptoKit.getChallenge(user)

  return { ...challenge, ...any other attributes you need to return }
}

Submit challenge example function

import { ChallengeResponseInterface, UserInterface, CryptoKit } from '@cyphercider/e2ee-appkit-shared-models'

async function submitChallengeWrapped(submit: SubmitChallengeInterface): Promise<string> {
  // Bring your own persistence to retrieve the user, implementing UserInterface
  const user = await usersService.getUser(submit.username)

  const payload = await CryptoKit.submitChallenge(
    submit,
    user,
    {
      username: user.id,
      tokenattr2: value,
      tokenattr3: value,
      ...
    }, // Optional. default {}
    5, // Optional.  Max age of challenge.  Beyond this, the user will need a new challenge to sign.
    BadRequestException as any, // Optional. If you want to bring your own exception
    ForbiddenException as any, // Optional. If you want to bring your own exception
  )

  // replace this with your own jwt signing service or library
  const jwt = jwtService.sign(payload)
  return jwt
}

Verify a signature

You can verify a signature manually using the verifySignature function.

try {
  await this.verifySignature(
    '[serialized signature]',
    '["protected" string created during signing]',
    '[public signing key]',
    '[original string that was signed]',
  )
} catch (err) {
  // Handle the case that verification fails.
}

Algorithms used

These are the encryption algorithmns used by this library:

  • Asymmetric signing and verification - RS256
@everything-registry/sub-chunk-212
2.4.0

5 months ago

2.3.0

8 months ago

2.2.0

9 months ago

2.1.1

9 months ago

2.1.0

9 months ago

2.0.2

10 months ago

2.0.1

10 months ago

2.0.0

10 months ago

1.1.1

10 months ago

1.1.0

10 months ago

1.0.1

1 year ago

1.0.0

1 year ago

0.2.0

1 year ago

0.1.0

1 year ago