npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

bcryptjs-user

v2.0.5

Published

Abstract library to create, update and authenticate users using bcryptjs

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jaalfarojaalfaro

Keywords

bcryptuseraccountbcryptjs

Readme

bcryptjs-user

Abstract library to create, update and authenticate users using bcrypt.

Use this module to implement a user account module that uses bcrypt passwords with your own storage engine. See mongo-bcryptjs-user and array-bcrypt-user for two real world implementations.

Example

Implementation using array based storage

Note, this example is based on array-bcrypt-user and uses the match npm.

var util = require('util');

var BcryptUser = require('bcryptjs-user');
var async = require('async');
var match = require('match-object');

// store and verify user accounts in an array named `db` using bcrypt passwords
function User(db, username, opts) {
  if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
  if (typeof username !== 'string') { throw new TypeError('username must be a string'); }

  // setup a user database resolver, this is a custom storage engine
  var resolver = {
    find: function(lookup, cb) {
      var found = null;
      async.some(db, function(user, cb2) {
        if (match(lookup, user)) {
          found = user;
          cb2(true);
          return;
        }
        cb2(false);
      }, function() { cb(null, found); });
    },
    insert: function(user, cb) {
      db.push(user);
      process.nextTick(cb);
    },
    updateHash: function(lookup, hash, cb) {
      async.some(db, function(user, cb2) {
        if (match(lookup, user)) {
          user.password = hash;
          cb2(true);
          return;
        }
        cb2(false);
      }, function(result) {
        if (!result) {
          cb(new Error('failed to update password'));
          return;
        }

        cb(null);
      });
    }
  };

  BcryptUser.call(this, resolver, username, opts || {});
}

util.inherits(User, BcryptUser);
module.exports = User;

// create a new user with a certain password and save it to the database
User.register = function register(db, username, password, realm, cb) {
  if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
  if (typeof realm === 'function') {
    cb = realm;
    realm = '_default';
  }

  try {
    var user = new User(db, username, { realm: realm });
    user.register(password, function(err) {
      if (err) { cb(err); return; }

      cb(null, user);
    });
  } catch(err) {
    process.nextTick(function() {
      cb(err);
    });
    return;
  }
};

// find and return a user from the database
User.find = function find(db, username, realm, cb) {
  if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
  if (typeof realm === 'function') {
    cb = realm;
    realm = '_default';
  }

  try {
    var user = new User(db, username, { realm: realm });
    user.find(function(err) {
      if (err) { cb(err); return; }

      cb(null, user);
    });
  } catch(err) {
    process.nextTick(function() {
      cb(err);
    });
    return;
  }
};

Use the above, create a new user named "foo" with the password "secr3t".

var assert = require('assert');
var User = // previously created module

var db = [];

User.register(db, 'foo', 'secr3t', function(err, user) {
  if (err) { throw err; }
  assert.equal(db.length, 1);
});

Check if the password "secr3t" is correct for user "foo".

// same setup as previous example

User.find(db, 'foo', 'bar', function(err, user) {
  if (err) { throw err; }
  user.verifyPassword('secr3t', function(err, correct) {
    if (err) { throw err; }
    assert(correct, true);
  });
});

Installation

$ npm install bcryptjs-user

API

new User(db, username, [opts])

  • db {Object} resolver that implements find, updateHash and insert methods
  • username {String} the name of the user to bind this instance to
  • [opts] {Object} object containing optional parameters

opts:

  • realm {String, default "_default"} optional realm the user belongs to
  • debug {Boolean, default false} whether to do extra console logging or not
  • hide {Boolean, default false} whether to suppress errors or not (for testing)

Create a new User object. Either for maintenance, verification or registration. A user may be bound to a realm.

Three functions db must support:

find should accept: lookup, callback
  lookup {Object}:
    realm {String}
    username {String}
  callback {Function} should call back with:
    err {Object}     error object or null
    user {Object}    user object

updateHash should accept: lookup, hash, callback
  lookup {Object}:
    realm {String}
    username {String}
  hash {String}      bcrypt hash
  callback {Function} should call back with:
    err {Object}     error object or null

insert should accept: user, callback
  user {Object}:
    realm {String}
    username {String}
  callback {Function} should call back with:
    err {Object}     error object or null

user.find(cb)

  • cb {Function} first parameter will be an error or null, second parameter will be true when user is found, otherwise false.

Return a user from the database. This method should be implemented.

Note, the following keys are illegal and should not exist in the user db object:

  • _protectedDbKeys
  • _illegalDbKeys
  • _db
  • _debug
  • _hide

user.verifyPassword(password, cb)

  • password {String} the password to verify
  • cb {Function} first parameter will be an error or null, second parameter contains a boolean about whether the password is valid or not.

Verify if the given password is valid.

user.setPassword(password, cb)

  • password {String} the password to use
  • cb {Function} first parameter will be either an error object or null on success.

Update the password.

Note: the user has to exist in the database.

user.register(password, cb)

  • password {String} the password to use, at least 6 characters
  • cb {Function} first parameter will be either an error object or null on success.

Register a new user with a certain password. This method should be implemented.

Tests

$ npm test

License

ISC

Copyright (c) 2017 John Alfaro Copyright (c) 2014, 2015 Tim Kuijsten

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.