npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@transomjs/transom-mongoose-nonce

v1.2.0

Published

Add Nonce functions to a Transom REST API

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

binaryops.markbinaryops.markbinaryops.wiebobinaryops.wiebo

Keywords

noncetokens

Readme

transom-mongoose-nonce

Create and consume one-time-use, short lifetime tokens with a payload within Transom.

Build Status

Installation

$ npm install --save @transomjs/transom-mongoose-nonce

Usage

Created specifically for SocketIO handshaking but useful for many things, the transom-mongoose-nonce module uses mongoose to provide the ability to create and consume nonces. On initialization, a nonce handler is created and added to the Transom server registry. It has only two methods, createNonce and verifyNonce.

createNonce

createNonce takes three arguments, as follows:

  • payload can be any JavaScript object. It will get stored until the Nonce is consumed.
  • expirySeconds a period after which the nonce is no longer valid and cannot be consumed.
  • callback is called after the nonce is created. Arguments are (err, nonce).

verifyNonce

verifyNonce takes two arguments, as follows:

  • token this is a 64 byte unique key
  • callback is called with the result of the nonce lookup. Arguments are (err, payload).

Example: createNonce

This is an example endpoint to create a nonce for the SocketIO handshake, switching from an AJAX request to a socket connection.

function handleSocketToken(req, res, next) {
  var p = new Promise(function (resolve, reject) {
    // Create the nonce with the current User object as it's payload.
    const expirySeconds = 5;

    // The NonceHandler is stored in the server Registry.
    const transomNonce = server.registry.get('transomNonce');

    transomNonce.createNonce(req.locals.user, expirySeconds, function (err, nonce) {
      if (err) {
        return reject(err);
      }
      resolve(nonce);
    });
  }).then(function (nonce) {
    res.json({
      token: nonce.token
    });
    next();
  }).catch(function (err) {
    next(err);
  });
};

Example: verifyNonce

This example middleware used on the SocketIO side, telling the socket connection which user it is for.

function nonceAuthMiddleware(socket, next) {

  // Get the NonceHandler from the server Registry.
  const nonce = args.server.registry.get('transomNonce');

  nonce.verifyNonce(socket.handshake.query.token, function (err, payload) {
    if (err) {
      setTimeout(function () {
        // Socket Authentication failed. Disconnecting.
        socket.disconnect(true);
      }, 20);
      return next(new Error(INVALID_TOKEN));
    }
    // Store the User object on each verified socket connection,
    // we can use this later to emit data to specific users.
    socket.transomUser = payload;
    return next();
  });
}