1.0.4 • Published 3 years ago

authentication-middlewares v1.0.4

Weekly downloads
-
License
ISC
Repository
-
Last release
3 years ago

Authentication-Middlewares

With these middlewares you can easily create login, registration and route protection, role handling.

Authentication Middleware

this middleware will put the roles[] to the req.roles

Keep in mind: this require to use AuthenticationMiddlewares.signAccessToken or just put a roles: string[] to the token

AuthenticationMiddlewares.setup({
    jwtSecret: 'secret',
    isBearer: false, // your token starts with "bearer xx.yy.zz"
    tokenPath: 'token' // token location in header req.headers[tokenPath]
});

app.use(AuthenticationMiddlewares.authenticationMiddleware()); // get the roles every request

Password encryption

AuthenticationMiddlewares(passwordField: string, bcryptPasswordPath: string)

it will get the request.body[passwordField] and encrypt it then put to request[bcryptPasswordPath]

// REGISTRATION
// the req.body['password'] filed will be encrypted to req['bcryptedPassword'];
app.post('/registration', AuthenticationMiddlewares.passwordBcryptMiddleware('password', 'bcryptedPassword'), (req: any, res: any) => {
    console.log(req.bcryptedPassword) // encrypted password
})

Login services

you can use:

  • BcryptService.isMatchHashPassword(password: string, hashPassword: string) - correct password?
  • TokenService.signAccessToken({roles: string[]}) - crete token with role
// LOGIN - this part is mostly your implementation.. but when you sign a token you must put in a roles: sting[] array
app.post('/login', async (req: any, res: any) => {
    const isPassMatch = await BcryptService.isMatchHashPassword(req.body.password, "$2b$10$2wO3DGR9BufUnIhyOrhzIeFVpwO/UX8PJo08UBz5nkD2ZigJTPRxa") // the hash password what you get back by registration
    const token = await TokenService.signAccessToken({roles: ['user']});
 
    // ....
})

Authorisation middleware

AuthenticationMiddlewares.authorisationMiddleware(requiredRole: string)

  • if the token role don't match with the "requiredRole" it will send back "access denied"
app.get('/secret', AuthenticationMiddlewares.authorisationMiddleware('admin'), (req: any, res: any) => {
    console.log('access enabled')
})
authenticationauthorisationloginregistrationtoken
bcryptjsonwebtoken
1.0.2

3 years ago

1.0.1

3 years ago

1.0.4

3 years ago

1.0.3

3 years ago

1.0.0

3 years ago