Stubber-aaa-pkg NPM

stubber-authentication-pkg

note on testing, for testing to work, you have to copy a live stubber-auth-token (eg from your postman) to the jwt variable, and a live sessiontoken (the payload for the session in redis) to the sessiontoken variable in AuthHandler.test.js, and then update the expect for each test to be the sessionuuid of the live token

This is the Stubber Authentication Package, used by services to validate jwt tokens, and get user sessions from redis.

Authentication Handler

The package exports a single class called AuthHandler.

Instantation

The constructor of this class is an async function, and thus instantiation has to be awaited with await. An instance of the class can be instantiated as follows:

import { AuthHandler } from 'stubber-authentication-pkg'

const authHandler = await new AuthHandler({
  redis,
  connectionParams,
  authTokenPubKeyFilePath,
  sessionTokenPubKeyfilePath,
  authTokenKey,
  sessionKey
})

where we have:

redis as a ioredis Redis instance.
connectionParams as ioredis socket connection params as

const connectionParams = {
  host: process.env.REDIS_HOST,
  port: process.env.REDIS_PORT,
  family: 4,
  password: process.env.REDIS_PASSWORD,
  db: process.env.REDIS_DB
}

authTokenPubKeyFilePath as a fully qualified path name to the auth token public key .pem file.
sessionTokenPubKeyFile as a fully qualified path name to the session token public key .pem file.
authTokenKey if you rather want to specify the key (useful for sveltekit apps)
sessionKey

Methods

AuthHandler has 4 methods:

validateJwt - Low level function, takes a jwt and a key as parameters, validates the jwt and returns the decoded payload.
validateAuthToken - Takes an auth jwt token as a parameter, uses validateJwt and the auth pub key to return the payload.
validateSessionToken - Takes a session jwt token as a parameter, uses validateJwt and the session pub key to return the payload.
getSessionFromAuthToken - Takes an auth token as a parameter, uses validateAuthToken to get sessionuuid, reads session from redis, uses validateSessionToken to decode payload from session and returns it.