sf-token v2.0.0
sf-token
Service for creating and checking temporary tokens.
Usage
import TokenService from 'sf-token';
import createObjectId from 'mongodb/objectid';
// Create a token service instance
let tokenService = new TokenService({
uniqueId: createObjectId,
secret: 'mysecret',
});
// create a token: the content may be any JSON serializable data
let endOfLife = Date.now() + 36000;
let {hash, ...envelope} = Service.createToken({
method: 'GET',
uri: '/user/abbacacaabbacacaabbacaca/subscriptions/report_received',
}, endOfLife);
// `hash` is for the client, you'll need it and `_id` to check the token
// validity
// `envelope` contains the token id (`_id` key), its validity (`endOfLife` key)
// and the given contents (`contents` key), you can store it as is in your
// database
// when the user connect to a uri
myApp.get('/tokens/:_id?hash=:hash', (req, res, next) {
getFromDb(req._id)
.then((envelope) => {
tokenService.checkToken(envelope, req.hash);
// Accept access (redirection may be based on the `envelope` contents )
}).catch((err) => {
// Refuse access
});
});
Note that this only verify the hash and its validity regarding to the current time. You'll have to manage persistence yourself.
Modules
- new TokenService()
- .createToken ⇒ Object
- .checkToken ⇒ void
- .createHash ⇒ String
new TokenService()
Create a new TokenService instance
Returns: Object - A TokenService instance
Throws:
- YError(E_BAD_SECRET) If there is no secret given
- YError(E_NO_ID_GENERATOR) If there is no id generator available
- YError(E_BAD_TIME) If the given time function is not right
- YError(E_BAD_ALGORITHM) If the given algorithm is not supported
Param | Type | Description |
---|---|---|
options.secret | String | Some salt for hash |
options.uniqueId | function | A unique id generator |
options.time | function | A time function (defaults to Date.now()) |
options.algorithm | String | Algorithm to use (default to 'sha256') |
Example
let tk = new TokenService({
secret: 'mysecret',
uniqueId: createObjectId,
time: Date.now.bind(Date),
algorithm: 'md5',
});
tokenService.createToken ⇒ Object
Create a new token and return it envelope
Kind: instance property of TokenService
Returns: Object - The token envelope.
Throws:
- YError(E_NO_CONTENT) If there is no content
- YError(E_NO_END_OF_LIFE) If there is no end of life
YError(E_PAST_END_OF_LIFE) If the end of life is past
Api: public
Param Type Description contents Object Some JSON serializable content. endOfLife Number The time when the token is outdated. Example
tk.createToken({ uri: '/plop' }, Date.now() + 3600000); // { // _id: 'abbacacaabbacacaabbacaca', // endOfLife: 1441981754461, // hash: '13371ee713371ee713371ee7', // contents: { uri: '/plop' }, // }
tokenService.checkToken ⇒ void
Check a token envelope against a given hash
Kind: instance property of TokenService
Throws:YError(E_NO_HASH) If there is no hash
- YError(E_NO_ID) If there is no id
- YError(E_NO_CONTENT) If there is no content
- YError(E_NO_END_OF_LIFE) If there is no end of life
- YError(E_BAD_HASH) If the hash do not match
YError(E_PAST_END_OF_LIFE) If the end of life is past
Api: public
Param Type Description envelope._id String The token id envelope.endOfLife Number The token validity envelope.contents Object The token contents hash String The given hash to check against Example
tk.checkToken({ // _id: 'abbacacaabbacacaabbacaca', // endOfLife: 1441981754461, // contents: { uri: '/plop' }, }, '13371ee713371ee713371ee7');
tokenService.createHash ⇒ String
Create a hash from the given envelope
Kind: instance property of TokenService
Returns: String - The resulting hash
Api: privateParam Type Description envelope._id String The token id envelope.endOfLife Number The token validity envelope.contents Object The token contents