@rexfng/auth v9.24.0

Auth

Description

Auth is a library that provides helpers to manage user authorization via bearer token, with express routers. This library depends on @rexfng/db

Define Environment Variables

Define the follow environment variable. They are all required. | Variable Name | Description | |---------------|-------------| | APP_NAME | App name for 2fa issuer | | APP_URL | The website of the project| | AUTH_SECRET | Server side static salts | | EMAIL_PASS | Sendgrid email api credentials for emailresetpasswordtouser api routes| | MONGODB_DATABASE_URL | Mongodb database url | | SYSTEM_EMAIL | The email the emailresetpasswordtouser sent from| | TWILIO_API_KEY | twilio api key for sms verifying code |

Initialize Express Middleware

Auth can be passed in as an express middleware to check for validity of bearer token. (The middleware looks for req.token which is provided by node module express-bearer-token)

const authCheck = require('@rexfng/auth').middleware.authCheck
const bearerToken = require('express-bearer-token'); 

app.use(bearerToken());
app.use(authCheck());

Creating Routes Exceptions for authchecks

const authCheck = require('@rexfng/auth').middleware.authCheck
const unless = require('express-unless');
app.use(authCheck().unless({ 
	path: [
		'/', 
		'/api/v1/token',
		'/api/v1/register', 
		'/\/test*/',
		'/ac'
	]
}));

SMS Get Code / Verification Helper

Options are accessible from the raw Twilio API

const smsgetcode = require('@rexfng/auth').helper.smsgetcode({
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"code_length": Integer //4-10 default to 6
}) //returns a promise
const smsverifycode = require('@rexfng/auth').helper.smsverifycode({
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"verification_code": String //"2421"
}) //returns a promise

Router Helper

const Auth = require('@rexfng/auth')
const Register = Auth.routes.api.register
const Login = Auth.routes.api.login
const Logout = Auth.routes.api.logout
app.use('/', Register) // POST /register
app.use('/', Login) // POST /login
app.use('/', Logout) //POST /logout

Register Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/register POST

{
	"username": String,
	"password": String,
	"udid": String //optional! unique device id so user can login and logout specifc device if this is provided
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 406 | PASSWORD_COMPROMISED | Server checked with https://api.pwnedpasswords.com and found that the provided password had been previously compromised. | | 409 | USERNAME_ALREADY_EXIST | Server checked with MONGODB and found the same username already exist | | 422 | MISSING_KEYS | The provided body must have "username" and "password" and both should be strings. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	refresh_token: String // JWT Token expires in 60 days
}

Login Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/login POST

{
	"username": String,
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 401 | UNAUTHROIZED | Server checked with MONGODB and found the same username, but the password was not matching, therefore denying access. | | 404 | USERNAME_NOT_FOUND | Cannot find provided username from the database. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	id_token: String, // JWT Token expires in 15 minutes
	refresh_token: String // JWT Token expires in 60 days
}

Refresh Token Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/token/refresh POST

{
	refresh_token: String // JWT Token expires in 60 days
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 401 | UNAUTHROIZED | Server found refresh_token invalid | | 422 | MISSING_KEYS | Cannot find provided refresh_token from the request. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	id_token: String // JWT Token expires in 15 minutes
}

Has User Email Been Breached?

Pairing with Password Strength Endpoint, Your app can check wheather an email account had been breached in the pass via making a GET request to https://haveibeenpwned.com/api/v2/breachedaccount/bob@example.com

Password Strength Endpoint

The endpoint consider the password's strength and whether it had been compromised. It can be used to encourage end user to choose a strong password and avoid weak or compromised ones. The endpoint combines PasswordMeter Module and https://haveibeenpwned.com

The endpoint takes in JSON Body in the following format http://localhost:3000/passwordstrength POST

{
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 200 | ACCEPTED | Successfully submitted a request | | 500 | INTERNAL_ERROR | Server side error |

Response

//Scores Table
{
	"0": "compromised",
    "40": "veryWeak",    // 001 <= x <  040
    "80": "weak",        // 040 <= x <  080
    "120": "medium",     // 080 <= x <  120
    "180": "strong",     // 120 <= x <  180
    "200": "veryStrong", // 180 <= x <  200
    "_": "perfect"       //        x >= 200
}

{
    "score": 0,
    "status": "compromised",
    "percent": 8.5
}

Password Change Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/passwordchange POST

{
	"oldpassword": String,
	"newpassword": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 204 | ACCEPTED | Successfully change password of a user | | 401 | UNAUTHORIZED | The old password provided was incorrect | | 500 | INTERNAL_ERROR | Server side error |

Response

//no content

Password Reset Endpoint

The endpoint takes in JSON Body in the following format

Email

http://localhost:3000/email/resetpassword POST

{
	"email": String,
	"token": String,
	"subject": String
}

Email Confirmation

http://localhost:3000/email/resetpassword_confirmation POST

{
	"email": String,
	"token": String,
	"password": String
}

SMS

http://localhost:3000/sms/resetpassword POST

{
	"phone_number": String, 
	"country_code": String
}

SMS Confirmation

http://localhost:3000/sms/resetpassword_confirmation POST

{
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"verification_code": String //"2421"
	"password": String
}

Voice

http://localhost:3000/voice/resetpassword POST

{
	"from": String,
	"to": String, // +16041234567
	"url": String //Twixml Template - {{code}} will be replaced.
}

Voice Confirmation

http://localhost:3000/voice/resetpassword_confirmation POST

{
	"label": String,
	"token": String,
	"to": String, // +16041234567
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 200 | SUCCESS | OK | | 500 | INTERNAL_ERROR | Server side error |

Response

//no content