0.0.1 • Published 10 years ago

passwordless-pouchstore v0.0.1

Weekly downloads
1
License
MIT
Repository
github
Last release
10 years ago

Passwordless-PouchStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.

Tokens are stored in a PouchDB (or CouchDB) database and are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-pouchstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var PouchStore = require('passwordless-pouchstore');

var DB_NAME = 'passwordless-tokens';
passwordless.init(new PouchStore(DB_NAME));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new PouchDBStore(dbName);

Example:

var DB_NAME = 'passwordless-db';
passwordless.init(new PouchDBStore(DB_NAME));

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-pouchstore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

Tests

$ npm test

License

MIT License

Author

Dale Harvey @daleharvey

passwordless-tokenstorebcryptpouchdb
@infinitebrahmanuniverse/nolb-passw@everything-registry/sub-chunk-2415
0.0.1

10 years ago