managercc v1.1.3

managercc: Manager Center Controller

A framwork to manage private/public keys and generate bearer token for manager's authorization system.

Installation

Installation is done using the npm install command:

npm install managercc -g

Help

Use following command to list all command

managercc -h

Features

• singup as a manager
• manager login/logout
• create a group (system/platform)
• get public key
• generate bearer token for a group (system/platform)

Quick Start

signup as a manager first

signup a manager account first

$ managercc signup
$ please provide manager's email: <your email>
$ Please provide manager's name: <your name>
$ Please provide manager's password: <your password>
$ Please provide manager's phone: <your phone>
manager's information: {
  email: 'abc@abc.com',
  name: 'ABC',
  password: 'thisisyourpassword',
  phone: '+1-1256678999'
}
$ Is it correct? (Y/n) <Y>
hi, ABC singup successfully

Now you own a manager account.

manager login

Login first and start to build manager's authorization system

$ managercc login
$ manager's email: <your email>
$ login password: <your password>
manager login successfully

you also can logout when you finish your job

$ managercc logout

create a group

As a manager, you can create a group that contains multiple bearer tokens and a public key.
Managers can generate multiple bearer tokens and provide them to front-end developers or third-party callers.
The developer/caller puts bearer tokens into the header authorization of each http request to call the api.
At this time, the managers can verify whether the bearer token in the request is legal through the public key in the called api. now, let us start to create a group

$ managercc create group
$ please provide code of the new group: <your system code>
$ please provide name of the new group: <your system name>
new group: {
  suuid: 'XkPz5djrTts5wMcwLeZZ',
  manager_name: 'ABC',
  group_code: 'crm',
  data: { code: 'crm', name: 'customer relationship managerment system' }
}

Now you start to own a group. you can get public key or generate bearer token for this group

generate bearer token

After creating a group, managers can generate bearer tokens.
The beaer token will incloude the information such as group_code, group_name and Unchangeable signature.
Beaer token will be used in heaed authorization in every http request.
When you generate, this beaer token will be expired in 3 months in default (you can input expired time you want)
Beaer token will be a new one when everytime managers generate.

$ managercc generate bearertoken
$ enter group code: <your system code>
$ please provide expired time (secs) for bearer token <press enter to setup 3 months in default>: 7776000
bearer token of the group[crm]:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJncm91cF9jb2RlIjoiY3JtIiwiZ3JvdXBfbmFtZSI6ImN1c3RvbWVyIHJlbGF0aW9uc2hpcCBtYW5hZ2VybWVudCBzeXN0ZW0iLCJncm91cF9zdXVpZCI6IlhrUHo1ZGpyVHRzNXdNY3dMZVpaIiwibWFuYWdlcl9zdXVpZCI6IkZoNUpubmNFYUhOMEdWdjhDV0lZIiwiaWF0IjoxNjU4NzI5NTkxLCJleHAiOjE2NjY1MDU1OTEsImF1ZCI6IkFCQyIsImlzcyI6ImF1dGhvcml6YXRpb24tbWFuYWdlci1jZW50ZXIiLCJzdWIiOiJCZWFyZXIgVG9rZW4ifQ.DoLVAntdrgHWiEk4J1AinR9CmF0Zn69vY_9_Sf0TsPcgMVvEOyBSGT5ovvzKRfRHSG-jq4RsSJQyBdAC3bQRHKtrzvhxryk4gGhpl8g6LFv8g3fVBOtIsfeaLqAQNIE6sdN3umbrxhY6Jj448YIMyg7223QOKC1VE3jqnUW5k6k

You can give the bearer token to you system developer or third party people. Now, you control every incoming http request.

get public key

The public key is used to check beaer token. It can help you to get payload information in bearer token and check bearer token is valid or not.
This public key is also saved in your local file system when you get.
Public key cannot be changed forever.

$ managercc get publickey
manager's public key is:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOeY892UlaQd7hnXeahoDFbr6I
JNo9DKBVC3HB1b38NgT89qq8aHeTxRRnafpYrdr/DHlEcRWCIafSlIGH3tEDM/z3
5x0TTF8rAhrA+49KQx9ywHc/s4w0Zw64jlkGiEBP9sBOTi+oh89gXqWpBatBqxFr
SDfMli3+DIZQrHxMXQIDAQAB
-----END PUBLIC KEY-----

Put the public.key in your system's root folder. Then, you can also check out the code samples that follow.

Code example

managercc is used in express

1. first, make sure the file, public.key in your system root folder
2. Install in your system

npm install managercc -g

3. put the following code in app.js. set public.key in your app settings

var fs = require('fs');
var path = require('path');
app.set('public.key', fs.readFileSync(path.join(__dirname, 'public.key'), 'utf8'));

3. now, you can check incoming requests with bearer token authorization available or not.

var express = require('express');
var router = express.Router();
var { checkBearerToken } = require('managercc').validator();

router.route('/')
  .get([
    checkBearerToken
  ], async (req, res, next) => {
    try {

      let payload = req.payload;

      res.status(200).send({
        success: true,
        data: {
          payload
        }
      })

    } catch (e) {
      return next(e);
    };
  })

module.exports = router;

You will see that payload included group_code, group_name, and expired time you set. This way you can check which group the bearer token belongs to and check if the bearer token is valid.

4. if the beaerer token is not valid (or change by someone), system will return 403 response with the following messages.

{
  "success": false,
  "errors": {
    "name": "JsonWebTokenError",
    "message": "invalid signature"
  }
}

s 5. if the bearer token is expired, system will return 403 response with the following messages.

{
  "success": false,
  "errors": {
    "name": "TokenExpiredError",
    "message": "jwt expired",
    "expiredAt": "2011-07-28T13:06:36.000Z"
  }
}