npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

evanauth

v0.1.0

Published

> npm module that adds secure authorization capabilities to your node API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

stavroskenstavrosken

Keywords

Readme

EvaNAuth - The Evalest Node Authentication

npm module that adds secure authorization capabilities to your node API

Features

Out of the box, you 'll get the following endpoint capabilities :

  • Register - subscribes a new user to your api
  • Unregister - unsibscribes a user to your api
  • Login - creates session
  • Logout - destroys session
  • User - CRUD operations to your users

You will also get the following functionalities:

  • Session expiration
  • Endpoint Protection Middleware

Installation

  • Install evanauth in your project: npm install evanauth --save
  • Create a local empty MongoDB database named 'evanauth'

Set up

  • Include evanauth and body-parser in your Express.js project
const bodyParser  = require('body-parser');
const EvaNauth = require('evanauth');
  • Make you app use body-parser
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
  • After you define a starting point of your router, call Evanauth passing your router
EvaNauth.init(router);

You now have all default endpoints configured and your api is ready to manipulate users.

Endpoint Protection Usage

To protect any endpoint of your api, call the EvaNauth middleware "Protect"

router.use(EvaNauth.Protect);
// after EvaNauth middleware, all routes are protected

All endpoints before the Protect middleware, will be publicly accessible from anyone. All endpoints defined after that will be protected and accessible only by authorized users.

How it works

When you instantiate it, EvaNauth listens for calls to specific endpoints:

Unprotected:

  • /register, POST (email, password)
  • /session, POST (email, password)

Protected:

  • /register, DELETE
  • /session, DELETE
  • /user, GET
  • /user, POST
  • /user/:id, GET
  • /user/:id, PUT
  • /user/:id, DELETE

Each, responds appropriately, communicating with its associated database

You can protect any endpoint using the 'Protect' middleware of EvaNauth. This, will receive the HTTP headers send with the request and validate the user against these before proceeding with the normal execution of your endpoints.

A high level description of the authentication method:

EvaNauth expects a 'z-user' and a 'z-token' HTTP header along with every request to a protected endpoint. 'z-user' is the current user's email exactly as he mentioned it during the registration. 'z-token' should be created by the forntend and it should be the sha1 version of the concatination of several things. These are:

  • The full url the request is sent to
  • The string version of the request body (if it is a POST request)
  • The token the user was provided with during the login process (normally stored in a cookie or local storage)

When a request is made to a protected endpoint, EvaNauth will use the z-user header to find the user who makes the call. If he exists and he is not unregistered (user.active == false), it will retrieve his most recent token. If his token is still valid and not expired, it will create a hash-token. The hash token is a sha1 version of the concatination of following things:

  • The full url the user requested
  • The string version of the request body (if it is a POST request)
  • The most recen user token.

If the hash-token and the z-token match it will grant the request access to the protected endpoint.

Extras

  • EvaNauth exposes a function GetCurrentUser for your convenience to retrieve the user that made the current request.
  • It also utilizes date expiration of the session. This defaults to 7 days.
  • See the example project located inside the EvaNauth folder for a demonstration.

License

MIT license