@jlcarveth/auth.js v2.1.0
auth.js
auth.js is a Node.js module that provides several functions for handling authentication and security in a Node.js application. It uses the jsonwebtoken library to generate and verify JSON Web Tokens (JWTs) and the Node.js crypto library to generate salts and hash passwords.
Installation
Simply install the package from npm:
npm i @jlcarveth/auth.jsUsage
auth.js requires a SECRET_KEY environment variable to be defined. You can generate one with the following command: openssl rand -base64 32
To use the functions provided by auth.js, you need to import them into your code. Here's an example of how you might use the generateToken function to create a new JWT:
import { generateToken } from "@jlcarveth/auth.js";
async function createToken() {
const token = await generateToken({ email: 'user@example.com', role: 'admin' });
console.log(token);
}In this example, we import the generateToken function from the auth.js module and use it to create a new token for a user with the email address user@example.com and the role admin.
Configuration
The auth.js module uses a secret key to sign JWTs. This key should be set as an environment variable named SECRET_KEY. Make sure to use a strong and unique secret key to prevent attackers from forging tokens.
API
The auth.js module exports the following functions:
generateToken(payload)
Generates a new JWT with the given payload. The payload should be an object, usually containing relevant information about the user requesting the token, such as an email address or role information.
verifyToken(token)
Verifies the given JWT and returns its payload if it is valid. Throws an error if the token is invalid or expired.
generateSalt()
Generates a new salt string for hashing passwords.
hashPassword(password)
Hashes the given password using a randomly generated salt and returns the resulting hash.
hashWithSalt(password, salt)
Hashes the given password using the specified salt and returns the resulting hash.
comparePassword(password, hash)
Compares the given plaintext password with the given hash and returns true if they match, or false otherwise.
middleware(request, response, next)
Express middleware function that verifies the JWT provided in the request's x-access-token header or token cookie. If the token is valid, it sets the email and role properties of the response.locals object and calls the next function. If the token is invalid or not provided, it sends an error response.