Auth-api NPM | npm.io

Purpose

Reuse authentication part code of REST server, easily and flexibly. Thanks to express.Router.

Features

jwt to verify user;
nodemailer to send verification emails;
mongoose to drive mongodb (user model: https://github.com/timqian/auth-api/blob/master/src/models/User.js);
axios to test RESTful api(axios can be used both on browser and node, that means the test code can be reused in your web app);

Sample usage:

Install auth-api and his peerDependencies:
npm install auth-api express body-parser mongoose --save
Run the sample code below and boom~~ the auth server will be listening at http://localhost:3000

var authApi        = require('auth-api');
var express        = require('express');
var bodyParser     = require('body-parser');
var mongoose       = require('mongoose');

mongoose.connect('mongodb://localhost/database'); // connect to database

var userConfig = {
  APP_NAME: 'STOCK APP',
  SECRET: 'ilovetim',                             // jwt secret
  CLIENT_TOKEN_EXPIRES_IN: 60 * 24 * 60 * 60,     // client token expires time(60day)
  EMAIL_TOKEN_EXPIRES_IN: 24 * 60 * 60,           // email token expires time(24h)

  EMAIL_SENDER: {                                 // used to send mail by nodemailer
    service: 'Gmail',
    auth: {
      user: 'qianlijiang123@gmail.com',
      pass: '321qianqian',
    }
  },

  USER_MESSAGE: {                                 // message sent to client
    MAIL_SENT: 'mail sent',
    NAME_TAKEN: 'Name or email has been taken',
    USER_NOT_FOUND: 'User not found',
    WRONG_PASSWORD: 'wrong password',
    LOGIN_SUCCESS: 'Enjoy your token!',
    NEED_EMAIL_VERIFICATION: 'You need to verify your email first',
  },

  API_URL: 'http://localhost:3000'              // to be used in the mail
};

authApi.init(userConfig);

var app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use('/', authApi.authRouter);

// protecting api
app.get('/needingToken', authApi.verifyToken, (req, res) => {

  // send back the jwt claim directly
  var claim = req.decoded;
  res.status(200).json(claim);
});

app.get('/needingTokenAndEmailVerified', authApi.verifyToken, (req, res) => {
  if (req.decoded.verified) {
    res.status(200).json(req.decoded);
  } else {
    res.status(400).json({
      success: false,
      message: 'Please verify your email before doing this!'
    });
  }
});


app.listen(3000);
console.log('API magic happens at http://localhost:3000');

// handle unhandled promise rejection
// https://nodejs.org/api/process.html#process_event_unhandledrejection
process.on('unhandledRejection', function(reason, p) {
    console.log('Unhandled Rejection at: Promise ', p, ' reason: ', reason);
    // application specific logging, throwing an error, or other logic here
});

(es6 sample: https://github.com/timqian/auth-api/blob/master/testServer.js)

What does the above code do for you

Generate the following auth api for you at http://localhost:3000

Method	url	data(if needed)	server action(if request is good)
POST	/signup	{name: ..., email: ..., password: ...}	create a user in mongodb and send verification email
POST	/login	{name/email: ..., password: ...}	check user and return jwt token
POST	/password_reset	{email: ..., password(the new password): ...}	send verification link to email
GET	/email_verification		verify token and change password

(more details in the code)

Module api

authApi.init(config): configure the module
authApi.authRouter: an express router I wrote for you
authApi.verifyToken: an express middleware used to verify token sent by client