npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

passport-jwt-site

v1.0.0

Published

Passport web application authentication strategy using JSON Web Tokens

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

epsilon_devepsilon_dev

Keywords

PassportStrategyWebApplicationJSONTokenJWT

Readme

passport-jwt-site

Build Status Code Climate

A Passport strategy for authenticating with a JSON Web Token.

This module is another version of the original passport-jwt by Mike Nicholson that let's you authenticate a Node.js web-application's middleware endpoints using a JSON web token. Unlike, the generic passport-jwt, the following module allows to include JSON web tokens in the http-request body and session authorization variable.

Supported By

If you want to quickly add secure token-based authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at auth0.com/overview

Install

npm install [email protected]

What was changed...

Specifically, I've modified the JwtStrategy.prototype.authenticate(...) method by providing the functionality that allows to retrieve JSON web tokens not only from the standard Authorization header, but also the http-request body and session authorization variable:

JwtStrategy.prototype.authenticate = function(req, options) {
    var self = this; var token = null;
    // Retrieve JSON web token from the http-request body
    if ((req.body["Authorization"] != null) && 
        (req.body["Authorization"] != undefined)) {
            token = req.body["Authorization"];
    }
    // Retrieve JSON web token from the session Authorization variable
    else if ((req.session["Authorization"] != null) && 
             (req.session["Authorization"] != undefined)) {
                token = req.session["Authorization"];
    }

    if ((token != null) && (token != undefined)) {
        // Extract a valid JSON web token string
        token = token.substr(token.indexOf(' ') + 1);
    }
    else {
        // Retrieve JSON web token from the Authorization header
        token = self._jwtFromRequest(req);
    }

    if (!token) {
        return self.fail(new Error("No auth token"));
    }
    // ****
};

The following fragment of code listed above, while being executed, first attempts to retrieve JSON web token from the http-request body and assign it to the token local variable. If the http-request body variable Authorization is null or undefined, it performs another check if the JSON web token is included in the session authorization variable instead. If so, it retrieves and assigns a valid token string to the same token variable. Finally, if neither the http-request body nor session authorization variable contains a valid token, it regularly retrieves the token from the authorization header by executing token = self._jwtFromRequest(req) method.

Usage

Normally, with the re-engineered passport-jwt-site strategy module you can include JSON web tokens to the either http-request body or session authorization variable. Here's how:

Including JWT To The HTTP-Request Body

With passport-jwt-site, now, you can include JSON web tokens to the Ajax http-request body:

index.html

$.get('/profile', {"Authorization": "Bearer " + token}, function(response) => { ... });
$.post('/profile', {"Authorization": "Bearer " + token}, function(response) => { ... });

Including JWT To Session Authorization Variable

server.js

Also, you can include JSON web tokens to the session Authorization variable:

router.post('/login', function(req, res, next) {
  auth.passport.authenticate('jwt', {session: false},
   function(err, user, info) {
    if (err) { return next(err); }
    req.logIn(user, function(err) {
      if (user != false) {
           // Include JWT to the session Authorization variable
           req.session.Authorization = req.body["Authorization"];
      }
      return res.status(200).send(user);
    });
  })(req, res, next);
});

This is typically done to have an ability to perform authenticated web-page redirects such as:

index.html

$.post('/login', {"Authorization": "Bearer " + token}, 
    (response) => {
        // Redirect to the users profile web page
        $(location).attr('href', '/profile');
    });

Create an authenticated middleware, rendering the users profile's web page:

server.js

router.get('/profile', passport.authenticate('jwt', {session: false }),
    function(req, res, next) { 
        res.statusCode = 200; res.render('profile');
    });

Migrating

The the Migration Guide for help upgrading to the latest major version of passport-jwt

Tests

npm install
npm test

To generate test-coverage reports:

npm install -g istanbul
npm run-script testcov
istanbul report

License

The MIT License

Copyright (c) 2019 by Arthur V. Ratz