@sempervirens/authorizer
v0.6.0
Published
Middleware for authorizing requests to an Express server
Downloads
13
Maintainers
Readme
Sempervirens Authorizer
Middleware for authorizing requests to an Express server.
Installation
npm i @sempervirens/authorizer
Usage
Overview
- Create JWT private and public keys.
mkdir security && cd security && mkdir jwt && cd jwt
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
Import
authorizer
into the server's main file, and then initializeauthorizer
with the JWT public and private keys.Set up a route that uses
authorizer.encrypt
to create a token and return the token to the client.Set up another route with a protected resource that requires a valid token.
From the client, send a request to the server to get the token.
From the client, send a second request for the protected resource, including the
'Authorization': 'Bearer ${token}'
header.
Example
import { readFileSync } from 'fs';
import express from 'express';
import authorizer from '@sempervirens/authorizer';
const jwtPublicKey = readFileSync('./security/jwt/jwtRS256.key.pub', 'utf8');
const jwtPrivateKey = readFileSync('./security/jwt/jwtRS256.key', 'utf8');
authorizer.init({ jwtPublicKey, jwtPrivateKey });
const app = express();
app.use(express.json());
// Set up a /login route
app.post('/login', async (req, res, next) => {
const { email, password } = req.body;
// Validate email/password combination; do not use the following except for testing
const isValid = email == '[email protected]' && password == 'testpassword';
if (isValid) {
const token = authorizer.encrypt({
expiresIn: '10m',
data: { email }
});
res.json({ token });
} else {
res.json({ error: 'Invalid credentials' });
}
});
// Set up a protected resource route
app.get('/profile/:id', async (req, res, next) => {
if (authorizer.isAuthorized(req)) { // Pass request header 'Authorization': 'Bearer ${token}'
const profile = {
email: '[email protected]',
name: 'FirstTest LastTest'
};
res.json({ profile });
} else {
authorizer.sendUnauthorized(res); // Or send a custom response
}
});
API
authorizer (Singleton instance)
| Prop | Type | Params | Description |
|-------|------|--------|-------------|
| init
| function | { jwtPublicKey = '', jwtPrivateKey = '' }
| Initializes the instance properties. |
| encrypt
| function | { expiresIn = '', data: {} }
| Returns a JWT token. |
| decrypt
| function | tokenOrReq
| Decrypts a JWT token. The token itself or an Express request object containing the authorization header may be given. |
| isValid
| function | tokenOrReq
| Returns true
or false
. The token itself or an Express request object containing the authorization header may be given. |
| invalidate
| function | tokenOrReq
| Invalidates a token within authorizer
. |
| reset
| function | tokenOrReq
| Decrypts the original token, calculates the original token's expiresIn
, and adds the origIat
property to the data before generating a new token. |
| isAuthorized
| function | req: express.Request
| Parses a token from the 'Authorization': 'Bearer ${token}'
, checks if it's valid, and returns true
or false
. |
| authorize
| function | req: express.Request, res: express.Request, next
| Checks if the token is valid. If so, it calls next. If not, it calls sendUnauthorized
.|
| sendUnauthorized
| function | res: express.Request
| Sends a 401 response with a pre-formatted data object in the same shape as @sempervirens/endpoint
's error response. |