npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

account-rescue

v0.3.0

Published

Account reset/rescue framework for NodeJS

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

perrymitchellperrymitchell

Keywords

accountresetrescueloginbackup

Readme

🚨 Account Rescue

Account reset/rescue framework for NodeJS

Build Status

About

Account Rescue is a framework designed to make the process of generating account rescue information easier. Such information should provide the web host and its users with enough control and security to implement a basic account retrieval system in the event that a user loses/forgets their password.

The output of this system is a HTML or PDF file that contains information that the user can use to reset their account or simply log in. The output contents are extremely sensitive and care should be taken when delivering it to the user.

Implementation

The framework requires a user account identifier and account secret (usually an email or account ID and a password). The secret is then encrypted with a new password (randomly generated) and the encrypted result is split into local and remote payloads. The remote payload should be stored remotely on the server whereas the local payload is incorporated into the resulting document.

Disclaimer

No owner, developer or contributor for this repository accept any responsibility for the use or misuse of this framework. It is solely the consumer's responsibility when it comes to using this framework.

Installation

Install on NodeJS version 8 or newer by running:

npm install account-rescue --save

Usage

Usage is very simple:

const fs = require("fs");
const { renderRescue } = require("account-rescue");

// output a PDF file
renderRescue({ accountIdentifier: "[email protected]", accountSecret: "mySecurePassword", output: "pdf" })
    .then(output => {
        // output contains 'remote' which should be stored on the server and not
        // provided to the user
        fs.writeFileSync("./test.pdf", output.data);
    });

// output a HTML file
renderRescue({ accountIdentifier: "[email protected]", accountSecret: "mySecurePassword", output: "html" })
    .then(output => {
        fs.writeFileSync("./test.html", output.data);
    });

You can see an example of the resulting document here.

Implementing the rescue protocol

Creating an account rescue feature is an important process for highly-secure systems, and great care should be taken in ensuring the implementation is sound.

This library creates 2 primary deliverables - A document which is to be given to the user, and a remote secret designed to be stored server-side. The document contains a passphrase and part of an encrypted payload. The other part of the encrypted payload is the remote secret which is not provided to the user and stored on the server.

When this library is charged to create rescue information, the output should be separated immediately, with the remote secret being stored in a database and the rescue document being given to the user in the form of a download.

The document provided allows the user to enter the details in some web or app interface, for recovery, or simply scan the QR code with an app in your suite. An optional url parameter can be specified at creation time which is provided in the document - this could be used to help the user navigate to the correct recovery page (it could also include their account ID).

Performing recovery

In the case that the rescue information needs to be used, the user will provide several data points:

  • Upon scanning their QR code or entering their details manually:
    • Account identifier
    • Passcode
    • Encrypted secret

Use the account identifier to retrieve the remote portion of the payload (this should be done server-side and should not be exposed to the user) and call the following method:

const { regenerateSecret } = require("account-rescue");

const secret = await regenerateSecret(fetchedRemote, receivedLocal, receivedPassword);
// Secret will be what you stored using `renderRescue` earlier

If the user scanned their QR code, the process can be expanded to:

const { decodeQRCodePayload, regenerateSecret } = require("account-rescue");

const {
    id,
    payload: local,
    password
} = decodeQRCodePayload(scannedQRDataString);

// fetch remote for `id`

const secret = await regenerateSecret(remote, local, password);