Storyblok-preview-auth NPM

storyblok-preview-auth

storyblok-preview-auth is a node.js package for providing a Connect/Express middleware to securely validate if the user is in Storyblok edit mode

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install storyblok-preview-auth

API

var previewAuthenticator = require('storyblok-preview-auth')

previewAuthenticator(options)

Create a previewAuthenticator middleware with the given options.

The user is authenticated based on _storyblok_tk[token] url parameter as described here. If authentication fails, previewAuthenticator middleware will respond with a 401 Unauthorized status, and any additional route handlers will not be invoked. If authentication succeeds, the next handler will be invoked and the _storyblok_tk property will be set in req.session to authenticate subsequent requests.

Options

storyblok-preview-auth accepts these properties in the options object.

previewToken

Your preview token. This token allows you to access the draft and published version of your content and can be generated in the Storyblok dashboard at app.storyblok.com.

maxAge

A number representing the seconds from Date.now() for expiry. previewAuthenticator middleware will respond with a 401 Unauthorized status if timestamp provided as _storyblok_tk[timestamp] query parameter is older than maxAge. (1 hour by default)

Usage

A simple example using storyblok-preview-auth to securely validate if the user is in edit mode.

var express = require('express')
var session = require('cookie-session')
var previewAuthenticator = require('storyblok-preview-auth')

var app = express()

app.use(session())

app.use(previewAuthenticator({
  previewToken: 'YOUR_PREVIEW_TOKEN',
  maxAge: 1 * 60 * 60 // 1 hour
}))

app.use(...) // Will be invoked only if in edit mode

app.listen(3000);