npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@authelion/api-core

v0.1.11

Published

This is the core package of the auth-server and can be used as extension to an existing codebase

Downloads

131

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tada5hitada5hi

Keywords

authmoduleservertypescriptoauth2oauth2-clientmiddlewarekey-pairpasswordtoken

Readme

@authelion/api-core 🍀

npm version main codecov Known Vulnerabilities

This package should be used as an extension to an existing (express) application and should therefore only be used on the server-side.

Important NOTE

The README.md is still under construction ☂ at the moment. So please stay patient or contribute to it, till it covers all parts ⭐.

Table of Contents

Installation

npm install @authelion/api-core --save

Usage

This package consists of some submodules (e.g. http & database). These submodules should be configured globally. But the global configuration, can be overwritten when embedding a submodul 🔥.

Config

All options inherit default values, so it is not required to pass any options at all.

import { setConfig } from '@authelion/api-core';

setConfig({
    env: 'development',
    port: 3010,
    database: {
        admin: {
            username: 'admin',
            password: 'start123'
        },
        robot: {
            enabled: true,
            secret: false
        }
    },
    tokenMaxAge: {
        accessToken: 3600, // 1 hour
        refreshToken: 36000 // 10 hours
    },
})

HTTP

The controllers & middlewares, which are part of the http-module, can be registered as described in the following:

Middlewares

import {
    registerMiddlewares
} from "@authelion/api-core";

import express from "express";
import path from "path";

const app = express();

// Setup middleware
registerMiddlewares(app);

// Register controllers
// Register error middleware

app.listen(3010);

The api endpoints throw errors on failure, which must be handled by an error-middleware. You can either provide your own error-middleware, or use the existing one:

import { errorMiddleware } from '@authelion/api-core';
import { express } from 'express';

const app = express();

// Register middlewares
// Register controllers

app.use(errorMiddleware);

app.listen(3010);

The error middleware should be the last middleware in the chain.

Controllers

Be aware, that the controllers must be registered after the common middlewares, but before the error middleware.

import {
    registerControllers
} from "@authelion/api-core";

import express from "express";
import path from "path";

const app = express();

// Register middlewares

// Register client, role, user, ... controllers
registerControllers(app);

// Register error middleware

app.listen(3010);

Database

Entities & Subscribers

All domain entities, which can be managed by the REST-API, must be registered to the typeorm DataSource. In addition to these entities, it is also necessary to include the corresponding subscriber, to invalidate the entity cache, when caching is enabled.

Therefore, use the utility function extendDataSourceOptions to extend the typeorm DataSourceOptions.

import {
    extendDataSourceOptions
} from '@authelion/api-core';

import { 
    DataSource,
    DataSourceOptions
} from 'typeorm';

(async () => {
    const options : DataSourceOptions = {
        // ...
    };

    extendDataSourceOptions(options);

    const dataSource = new DataSource(options);
    await dataSource.initialize();
})();

Seeding

Another import thing to do, is to seed the database with an initial data set ⚡.

The DatabaseSeeder populates the database with default entities:

  • User: admin
  • Role: admin
  • Permission(s): user_add, user_edit, ...

and also all possible relations between:

  • user - role
  • role - permissions
import {
    DatabaseSeeder,
    extendDataSourceOptions
} from '@authelion/api-core';

import {
    DataSource,
    DataSourceOptions
} from 'typeorm';

(async () => {
    const options : DataSourceOptions = {
        // ...
    };

    extendDataSourceOptions(options);

    const dataSource = new DataSource(options);
    await dataSource.initialize();
    
    // ------------------------------------

    const config = await useConfig();
    const seeder = new DatabaseSeeder(config.database.seed);
    
    await seeder.run(connection);
})();

Aggregators

OAuth2Token

The last step is to register the OAuth2Token aggregator, which is responsible for removing expired access- & refresh-tokens 🔥. The aggregator should be registered on startup of the application.

import {
    buildOAuth2TokenAggregator,
    DatabaseSeeder,
    extendDataSourceOptions
} from '@authelion/api-core';

import {
    DataSource,
    DataSourceOptions
} from 'typeorm';

(async () => {
    const options : DataSourceOptions = {
        // ...
    };

    extendDataSourceOptions(options);

    const dataSource = new DataSource(options);
    await dataSource.initialize();

    // ------------------------------------
    
    const { start } = buildOAuth2TokenAggregator();

    await start();
})();