npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@jumpitt/retake

v0.1.12

Published

A React/Koa proxy for safe token distribution and API calls

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jumpittjumpitt

Keywords

KoaReactSafeToken

Readme

Retake : REacT sAfe toKEn

Retake is a highly opinionated and experimental API auth package for Koa

This package saves your access_token ,refresh_token in a database of your election and returns a UUID through a cookie you can use in a JS app

####Installation

npm i @jumpitt/retake

Add this to your index.js or similar file of your koa app

const Koa = require('koa');
const app = new Koa();
const Auth = require('@jumpitt/retake')
app.context.auth_id = 'any_string_you_want';

const auth = new Auth(app // -> Instance of your koa app, {
  baseURL: '' , // -> base url of your auth service,
  cookieName: 'uuid_session' // ->  The cookie name for your JS app ,
  authSuffix: 'oauth/token' // -> suffix for your service login,
  
  
  // Your service secrets
  secrets: {
    client_id: 123,
    client_secret: 1234,
  },
  // Your database credentials
  db: { 
    client: 'pg',
    connection: {
      host: 127.0.0.1,
      user: 'user',
      password: 'password',
      database: 'database',
      tableName: 'tokens' // -> any name you want to set your token table,
    },
  },
});

Required

This package needs a unique identifier to work app.context.auth_id = '' should be set before instantiation

This package needs a table in your database that is complaint with this db schema. Maybe you could leave some of the fields nullable but access_token , refresh_token , valid,ip, shouldn't

   table.uuid('id').unsigned().primary()'));
   table.string('access_token', 999).notNullable();
   table.string('refresh_token', 255).notNullable();
   table.string('scope', 255).notNullable();
   table.string('token_type', 255).notNullable();
   table.string('ip', 255).notNullable();
   table.boolean('valid').defaultTo(1 // -> true);
   table.integer('expires_in', 11).notNullable();
   table.timestamps(true, true);

Your Auth service

this package expects your service to respond with this schema/json when authenticating

{
 "access_token": "",// -> required
 "token_type": "Bearer",// -> optional
 "expires_in": 3600 // -> optional,
 "refresh_token": "" // -> required,
 "scope": "users:r" // -> optional
}

####Usage

In this code example im using koa-router and koa-body

After instantiation this package exposes 3 routes

  • login
  • logout
  • refresh

this routes control the auth flow of your app and they accept a callback The callback is neccesary because all the routes are awaiting a next() method. In the case you miss the callback the route will render a http 404

const Router = require('koa-router')
const kb = require('koa-body')

const router = new Router() //- > Koa router

router.post('/login', kb(), auth.login, ctx => {
  ctx.status = 201;
  ctx.body = 'Success';
});
router.post('/logout', auth.logout, ctx => {
  ctx.status = 200;
  ctx.body = 'Success';
});
router.post('/refresh', auth.refresh, ctx => {
  ctx.status = 200;
  ctx.body = 'Success';
})

####Retrieving the token

This package also has a method to get the token. When ctx is available you will have a way to retrieve the token with this method

router.get('/user', kb(), async (ctx) => {
   const uuid = ctx.cookies.get('uuid_session');
   if (!uuid) {
    ctx.throw(401, 'Unauthorized');
   }
   //This is where we use the unique identifier that was set before
   const { access_token, valid } = await ctx[ctx.auth_id].token(uuid); 
})

Now we are using our auth_id context to get our token

A note on the database client

This package uses knex to connect to your database. That means if you want to use a client you have to install the dependency. You can pick one of these to use with this package

# add a --save flag
$ npm install pg
$ npm install sqlite3
$ npm install mysql
$ npm install mysql2
$ npm install oracle
$ npm install mssql

A note on UUID

In the case of Postgres before using uuid an extension should be installed CREATE EXTENSION IF NOT EXISTS "uuid-ossp";. This returns a uuid instead of a regular id which is more safe

In the case of other clients/engines it should be kinda like the same method.

####Todos

  • Tests
  • Tests with other DB clients

####License

MIT