api-secure

Server side router and client-side AJAX middleware for secure APIs

Architecture

TBD

Server route features

• Designed for Express
• Login route to return access/refresh tokens
• Refresh token route to acquire access token (http-only cookie)
• Middleware to check for valid access tokens and expose down chain
• Configurable data storage
• Rate limiter
• CSRF Support

Client side features

• Designed for Axios
• Configs for attaching tokens to requests
• Interceptors for automatic access token refresh before expiration response
• In-memory storage of u/p, refresh token, access token
• Configurable callback on u/p needed for new refresh token
• Logout method
• CSRF Support