@shivamycodee/confession NPM

@shivamycodee/confession

A secure communication package for Express.js applications to prevent replay attacks.

Installation

Install the package using npm:

npm install @shivamycodee/confession

Features

JWT token generation and verification
Request encryption and decryption of post request only.
Protection against Postman requests (optional)
Configurable secret key and cache time
Easy integration with Express.js applications
Built using bun

Usage

Here's an example of how to use the @shivamycodee/confession package in Node.js application:

Install this packges for your server code...

const express = require('express');
const cors = require('cors');
const { 
  generateJwtToken,
  blockPostmanRequests,
  DecryptRequest,
  verifyToken,
  ApplySecretKey,
  ApplyCacheTime
} = require('@shivamycodee/confession')

const app = express();
const PORT = 3000;

// Middleware setup
app.use(cors());
app.use(express.json()); 


app.use(verifyToken);  // middleware to protect from Replay attack, DOS and DDOS attack.
app.use(blockPostmanRequests); // Optional: Remove if you want to allow Postman requests

// Configure the package
ApplySecretKey('i3ifjnqwfin-2q938in2') // Set a private key (mandatory)
ApplyCacheTime(40); // set time (in seconds) for JWT expire time.

// Route to generate JWT token
app.get('/generateJWT/:mixer?', (req, res) => {
    try {
        let input = req?.params;
        let token = generateJwtToken(input);
        if (token?.status == 403) return res.status(403).json({ error: token.message });
        return res.send(token)
    } catch (e) {
        console.log(e)
        return res.status(403).json({ error: 'generateJWT requests are not allowed' });
    }
})

// exampler post request.
app.post('/checkData', (req, res) => {
    let encryptedData = req.body.encryptedData;
    let decryptedPayload = DecryptRequest(encryptedData);
    res.send(decryptedPayload)
})

// Example route
app.get('/', (req, res) => {
    res.send('WELCOME TO CONFESSION!');
});

// Start the server
app.listen(PORT, () => {
    console.log(`Server started on port ${PORT}`);
});

Here is how you have to wrap your call from client side for JWT TOKEN & Payload Encryption:

import {encryptPayload,ApplySecretKey} from '@shivamycodee/confession'

const SECRET_KEY = 'i3ifjnqwfin-2q938in2';
ApplySecretKey(SECRET_KEY); // Make sure to use the same SECRET_KEY you used on server side (Mandotary)


  const getJWTToken = async(str)=>{
    try{
        const response = await axios.get(`http://localhost:3000/generateJWT/${str}`);
        let token = response.data;
        return token;
    }catch(e){
        console.error('getJWTToken err : ',e)
    }

}

// exmpalry call to server...

const payload = {
            name:'major',
            value: '12.233.545.65',
}

const checkData = async()=>{
    try{
        let str = new Date().getTime().toString();
        let response = await getJWTToken(str); // fetch jwt token.
        let token = response.token;

        let encryptedData = encryptPayload(payload);  // encrypt your payload.

       await axios.post('http://localhost:3000/checkData',{encryptedData},{
            headers:{
                'Authorization':`Bearer ${token}`,
            }
        })
    }catch(e){
        console.error('err in checkData...',e)
    }
}