npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

secure-auth-utils

v1.0.6

Published

SecureAuth is a comprehensive Node.js package that provides easy-to-use utilities for authentication and security-related tasks. It includes functions for generating and verifying JWT tokens, hashing passwords securely, and refreshing authentication token

Downloads

436

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rakib17rakib17

Keywords

crypto-utilsjsonwebtoken-helperpassword-hashertoken-generatorauth-utilsauthenticationsecurityjwttokenspasswordhashingencryptionauthentication-utilsauthsecure-auth

Readme

secure-auth-utils

SecureAuth is a comprehensive Node.js package that provides easy-to-use utilities for authentication and security-related tasks. It includes functions for generating and verifying JWT tokens, hashing passwords securely, and refreshing authentication tokens. With SecureAuth, developers can quickly implement secure authentication mechanisms in their Node.js applications, ensuring the integrity and confidentiality of user data.

Installation

You can install this package via npm:

npm install secure-auth-utils jsonwebtoken
yarn add secure-auth-utils jsonwebtoken

Usage

Generating a Token

const { generateToken } = require('secure-auth-utils');

// Generate a token
const token = generateToken({
  data: { userId: 123 },
  tokenSecret: 'your-secret-key'
});
console.log('Generated Token:', token);

Decoding a Token

const { decodedToken } = require('secure-auth-utils');

// Decode a token
const decodedData = decodedToken({
  token: 'your-encoded-token',
  tokenSecret: 'your-secret-key'
});
console.log('Decoded Data:', decodedData);

Refreshing a Token

expiresIn : Eg: 60, "2 days", "10h", "7d"

const { refreshTokenEncoded } = require('secure-auth-utils');

// Refresh a token with hashed password
const refreshedToken = refreshTokenEncoded({
  hashedPass: 'your-hashed-password',
  data: { userId: 123 },
  expiresIn: '7 days',
  tokenSecret: 'your-secret-key'
});
console.log('Refreshed Token:', refreshedToken);
const getRefreshToken = refreshTokenEncoded({
  data:{email:"[email protected]", role: 'user',},
  hashedPass: hashedPass,
  expiresIn: '7 days',
  tokenSecret: 'your-secret-key'
})

NB: Recommend you use hashedPass (hash) for extra security . 🤫🤐🔐..

const tokenDecode = await decodedToken({
  token: ref_tkn,
  tokenSecret: process.env.USER_REFRESH_TOKEN
});

  if (tokenDecode.success) {
    const { data, sessionToken, role } = tokenDecode?.data
    // if use hashedPass then you get sessionToken;
    const getSalt = sessionToken?.split('####')?.[0];
    const getHash = sessionToken?.split('####')?.[1];
    //check hashed 
    // make sure encoding, algorithm are same
    const check = passwordHashing({salt: getSalt,hash: hashedPass}).hash == getHash;
    // code execute
  }
  else{
    // code execute
  }

Hashing a Password

const { passwordHashing } = require('secure-auth-utils');

// Hash a password
const hashedPassword = passwordHashing({
  password: 'your-password',
  salt: 'your-salt',
  algorithm: 'sha256',
  encoding: 'base64'
});
console.log('Hashed Password:', hashedPassword.hash);

Checking Password

const { checkPassword } = require('secure-auth-utils');

// Check if password matches hash
const isMatch = checkPassword({
  salt: 'your-salt',
  hash: 'your-hashed-password',
  password: 'your-password'
});
console.log('Password Match:', isMatch);

API Reference

generateToken(options)

Generates a JWT token.

  • options (object):
    • data (object): The data payload to be included in the token.
    • tokenSecret (string): The secret key used for token generation.
    • expiresIn (string): The expiration time for the token (optional, defaults to '24h').
    • algorithm (string): The signing algorithm to be used (optional, defaults to "HS256").

Returns an object containing the generated token and success status.

decodedToken(options)

Decodes a JWT token.

  • options (object):
    • tokenSecret (string): The secret key used for token verification.
    • token (string): The JWT token to be decoded.

Returns an object containing the decoded data and success status.

refreshTokenEncoded(options)

Refreshes a token encoded.

  • options (object):
    • hashedPass (string): The hashed password (optional).
    • data (object): Additional data to be included in the token.
    • expiresIn (string): The expiration time for the token (optional).
    • tokenSecret (string): The secret key used for token generation.

Returns the refreshed token or null if hashedPass is not provided.

passwordHashing(options)

Hashes a password.

  • options (object):
    • salt (string): The salt used for hashing (optional, autogenerated if not provided).
    • password (string): The password to be hashed.
    • algorithm (string): The hashing algorithm to be used (optional, defaults to SHA256).
    • encoding (string): The encoding format for the hash (optional, defaults to 'base64').

Returns an object containing the salt, success status, and hashed password.

checkPassword(options)

Checks if a password matches the hashed value.

  • options (object):
    • salt (string): The salt used for hashing.
    • hash (string): The hashed password to be checked.
    • password (string): The password to be validated.

Returns true if the password matches the hash, false otherwise.

Replace Your Package Name with the actual name of your package and secure-auth-utils with the npm package name. Also, make sure to update the function examples with relevant data and keys.