sk-simple-token-security v1.3.0
sk-simple-token-security
JWT security for SignalK Node Server
Installation
Make sure you have the latest node server and use the App Store to install the signalk-jwt-security-config plugin.
Security
To enabled security on node server, add an authentication
section to your settings .json file.
Here is an example:
"security": {
"strategy": "sk-simple-token-security",
"jwtSecretKey": "tyPaYnCtpZLZjNXyLRKnspZHQyLGZUgkYvtwE7quwZDaZmAnqpKntRqDjTciVazV",
}
For a full example settings file see example-node-server-settings.json
User Types
admin
- an admin can do anything incuding installing plugins, configuring plugins, restarting the server, etc. Including anything that the readonly and readwrite users can do.readwrite
- a readwrite user can use web apps, read from the rest and ws api's, and post to the rest api.readonly
- a readlony user can read from the rest, ws and /plugin apis
JWT Usage
When JWT is turned on, all requests require a valid token to be present.
JWT requires a secret key, which is the jwtSecretKey
in the example above. This can be any string, but it's recommended to use a good password generator that can generate a long string.
JWT tokens should have an expriation time, this is set using the jwtExpiration
setting above. This defaults to 1 hour.
Getting a token
To get a token (which will expire), send a PUT request to /signalk/v1/login
. This should contain a json object with username
and password
.
Example using curl:
curl -v -H 'Content-Type: application/json' -X PUT -d '{ "username": "admin", "password": "password"}' http://localhost:3000/signalk/v1/login
This returns a json object which includes the token:
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTg1MjAwfQ.c5hR66gm_GdE1c8eukUCxNhv-SEApCpMo3JCdUqEDEk"}
Using the JWT token for REST requests
All REST requests should then include the standard Authorization
HTTP header with all requests. The value of the header should be JWT
a space and then the token.
Example using curl:
curl -v -H 'Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTYwMzEwfQ.7xvxLUechuztChRvGaYq_bpjYvu4NMpZe-uZqeAQV5c' http://localhost:3000/signalk/v1/api/vessels/self
Using the JWT token for streaming requests
These requests can use the same method as REST requests above or include the token as a query parameter.
Example using wscat:
wscat -c "ws://localhost:3000/signalk/v1/stream?subscribe=all&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFkbWluIiwiaWF0IjoxNDk4MTYwMzEwfQ.7xvxLUechuztChRvGaYq_bpjYvu4NMpZe-uZqeAQV5c"