storyblok-preview-auth v0.1.5
storyblok-preview-auth
storyblok-preview-auth is a node.js package for providing a Connect/Express middleware to securely validate if the user is in Storyblok edit mode
Installation
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install storyblok-preview-auth
API
var previewAuthenticator = require('storyblok-preview-auth')
previewAuthenticator(options)
Create a previewAuthenticator middleware with the given options
.
The user is authenticated based on _storyblok_tk[token]
url parameter as described here.
If authentication fails, previewAuthenticator middleware will respond with a 401 Unauthorized status, and any additional route handlers will not be invoked. If authentication succeeds, the next handler will be invoked and the _storyblok_tk property will be set in req.session
to authenticate subsequent requests.
Options
storyblok-preview-auth
accepts these properties in the options object.
previewToken
Your preview token. This token allows you to access the draft and published version of your content and can be generated in the Storyblok dashboard at app.storyblok.com.
maxAge
A number representing the seconds from Date.now()
for expiry. previewAuthenticator middleware will respond with a 401 Unauthorized status if timestamp provided as _storyblok_tk[timestamp]
query parameter is older than maxAge. (1 hour by default)
Usage
A simple example using storyblok-preview-auth
to securely validate if the user is in edit mode.
var express = require('express')
var session = require('cookie-session')
var previewAuthenticator = require('storyblok-preview-auth')
var app = express()
app.use(session())
app.use(previewAuthenticator({
previewToken: 'YOUR_PREVIEW_TOKEN',
maxAge: 1 * 60 * 60 // 1 hour
}))
app.use(...) // Will be invoked only if in edit mode
app.listen(3000);
Todo
- Testing
- more more more?