npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

x-auth-plugin

v0.3.4

Published

X-Auth is a plugin built for the Dynamic Route Generator that gives you a fully fledged login system for your web applications

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jackthomsonnjackthomsonn

Keywords

dynamicroutegeneratorauthenticationplugandplayX Auth

Readme

X-Auth

X-Auth is a plugin built for the Dynamic Route Generator that gives you a fully fledged login system for your web applications. This is a plug and play plugin with a few lines of configuration setup.

Features

  • Login (Complete)
  • Register (Complete)
  • Two Factor Login (In progress)
  • Forgot Password (Complete)
  • Change Password (Complete)
  • Email Verifications (Complete)
  • SMS Integration for two factor authentication (Optional, will need to pay; current client configured is Text Magic)

This plugin is in beta and SHOULD NOT be used in a production environment as of yet. There is a lot of work and testing that needs to be carried out to prove this system is secure

Example Setup

const app = require('express')()
const mongoose = require('mongoose')

const { RouteGenerator } = require('dynamic-route-generator')

const { XAuth, CheckAuthentication } = require('x-auth')

const GameModel = require('./game.model')

mongoose.connect('mongo_uri')

XAuth.setupProps({
  appName: 'Application Name',
  authSecretKey: process.env.AUTH_SECRET_KEY,
  authSecretKeyForgottenPassword: process.env.AUTH_SECRET_KEY_FORGOTTEN_PASSWORD,
  cookieName: 'cookie-name',
  cookieNameForgottenPassword: 'cookie-forgotten-password-name',
  domainEmail: '[email protected]',
  baseUri: 'api',
  jwtTokenExpiration: 120000, // 2 minutes
  saltWorkFactor: 10,
  databaseUri: 'mongo_uri',
  themeColour: '#449DD1',
  emailVerification: true,
  passwordStrength: '1', // 1 includes special chracters and 0 does not
  refreshTokenExpiration: 3600000, // 1 hour
  refreshTokenSecretKey: process.env.REFRESH_TOKEN_SECRET_KEY,
  refreshTokenCookieName: 'cookie-refresh-name'
})

new RouteGenerator({
  routes: [{
    uri: '/list/games',
    model: GameModel,
    handlers: [CheckAuthentication],
    methods: [{
      name: 'get'
    }]
  }],
  app,
  plugins: {
    pre: [XAuth],
    post: []
  }
})

app.listen(process.env.PORT || 8080)

Access Api

The example above will be hosted on port 8080. The endpoints are as follows:

/auth/login - Used for the login process

When a user logs in, an access token is generated and set as a cookie on the client machine with the name specified in the XAuth options above cookieName. Your application will need to get the values from this cookie and send them with every request. Make sure you are using an SSL encryption otherwise these values will be transferred over the wire in plain text, SSL will make sure to serialize the values so if anyone is sniffing the traffic, it will make it a lot harder for them to gain access to the users account

{
  "username": "admin",
  "password": "password"
}

/auth/login/authenticate - Handles two factor authentication

For this, you must provide the username as a query param that you are trying to authenticate and the token is part of the POST request. The token code will be sent to the users mobile

/auth/login/authenticate?q=username=admin

{
  "token": "5135"
}

/auth/register - Used for the registration process

This request is made when adding a user to the service. If you wish to add any custom values to the user object you can populate the property, properties with any custom values you like. Be mindful that this data is stored as part of the JWT so refrain from storing any personal data here

{
  "username": "admin",
  "password": "password",
  "email": "[email protected]",
  "phoneNumber": "00112233445",
  "twoFactorAuthEnabled": false // Optional,
  "properties": {} // Custom properties you may want store for the user for example home address, age etc (Optional)
}

/auth/reset-password-request - Used for an initial reset password request

If a valid email is supplied, the user will recieve an email with a link that points to /auth/forgotten-password. You must create a page which lives on this url and has both an email and new password input and makes a call to the /auth/update-password endpoint

{
  "email": "[email protected]"
}

/auth/update-password - Used to reset a password

When a call is made to this endpoint a check will be made to make sure the password strength matches the services rules. If successful, the password will be changed and the user will be redirected to the login page

{
  "email": "[email protected]",
  "password": "newPassword"
}

/auth/change-password - Used for changing a password

{
  "email": "[email protected]",
  "password": "password",
  "newPassword": "Passw0rD"
}