@dwtechs/toker-express 0.7.2 โ 0.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -12
- package/dist/toker-express.js +10 -11
- package/package.json +3 -4
package/README.md
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
[](https://opensource.org/licenses/MIT)
|
|
3
3
|
[](https://www.npmjs.com/package/@dwtechs/toker-express)
|
|
4
4
|
[](https://www.npmjs.com/package/@dwtechs/toker-express)
|
|
5
|
-
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
- [Synopsis](#synopsis)
|
|
9
|
-
- [Support](#support)
|
|
10
9
|
- [Installation](#installation)
|
|
11
10
|
- [Usage](#usage)
|
|
12
11
|
- [Environment variables](#environment-variables)
|
|
13
12
|
- [API Reference](#api-reference)
|
|
14
13
|
- [Logs](#logs)
|
|
14
|
+
- [Support](#support)
|
|
15
15
|
- [Contributors](#contributors)
|
|
16
16
|
- [Stack](#stack)
|
|
17
17
|
|
|
@@ -23,17 +23,10 @@ It includes @dwtechs/toker library and adds Express middlewares to be used in a
|
|
|
23
23
|
|
|
24
24
|
- ๐ชถ Very lightweight
|
|
25
25
|
- ๐งช Thoroughly tested
|
|
26
|
-
- ๐ Shipped as
|
|
26
|
+
- ๐ Shipped as ES2022 ECMAScript module
|
|
27
27
|
- ๐ Written in Typescript
|
|
28
28
|
|
|
29
29
|
|
|
30
|
-
## Support
|
|
31
|
-
|
|
32
|
-
- node: 18
|
|
33
|
-
|
|
34
|
-
This is the oldest targeted versions.
|
|
35
|
-
|
|
36
|
-
|
|
37
30
|
## Installation
|
|
38
31
|
|
|
39
32
|
```bash
|
|
@@ -110,7 +103,7 @@ You can intialise the library using the following environment variables:
|
|
|
110
103
|
These environment variables will update the default values of the lib at start up.
|
|
111
104
|
So you do not need to init the library in the code.
|
|
112
105
|
|
|
113
|
-
Note that **TOKEN_SECRET** is mandatory.
|
|
106
|
+
Note that **TOKEN_SECRET** is mandatory and must be at least 32 characters long.
|
|
114
107
|
|
|
115
108
|
Default values :
|
|
116
109
|
|
|
@@ -410,12 +403,17 @@ res.locals.tokens.decodedRefresh = decodedToken;
|
|
|
410
403
|
All logs are in debug mode. Meaning they should not appear in production mode.
|
|
411
404
|
Log messages are passed as lazy functions (`() => string`) so string interpolation and serialization are skipped entirely when debug logging is disabled.
|
|
412
405
|
|
|
406
|
+
## Support
|
|
407
|
+
|
|
408
|
+
| Environment | Version |
|
|
409
|
+
| :---------- | :-----: |
|
|
410
|
+
| Node.js | >= 22 |
|
|
411
|
+
|
|
413
412
|
## Contributors
|
|
414
413
|
|
|
415
414
|
**Token-express.js** is still in development and we would be glad to get all the help you can provide.
|
|
416
415
|
To contribute please read **[contributor.md](https://github.com/DWTechs/Token-express.js/blob/main/contributor.md)** for detailed installation guide.
|
|
417
416
|
|
|
418
|
-
|
|
419
417
|
## Stack
|
|
420
418
|
|
|
421
419
|
| Purpose | Choice | Motivation |
|
package/dist/toker-express.js
CHANGED
|
@@ -34,6 +34,8 @@ if (!TOKEN_SECRET)
|
|
|
34
34
|
throw new Error(`${LOGS_PREFIX}Missing TOKEN_SECRET environment variable`);
|
|
35
35
|
if (!isString(TOKEN_SECRET, "!0"))
|
|
36
36
|
throw new Error(`${LOGS_PREFIX}Invalid TOKEN_SECRET environment variable`);
|
|
37
|
+
if (TOKEN_SECRET.length < 32)
|
|
38
|
+
throw new Error(`${LOGS_PREFIX}TOKEN_SECRET must be at least 32 characters`);
|
|
37
39
|
const secrets = [TOKEN_SECRET];
|
|
38
40
|
const accessDuration = isNumber(ACCESS_TOKEN_DURATION, false) ? Number(ACCESS_TOKEN_DURATION) : 600;
|
|
39
41
|
const refreshDuration = isNumber(REFRESH_TOKEN_DURATION, false) ? Number(REFRESH_TOKEN_DURATION) : 86400;
|
|
@@ -54,7 +56,7 @@ function createTokens(req, res, next) {
|
|
|
54
56
|
next(err);
|
|
55
57
|
return;
|
|
56
58
|
}
|
|
57
|
-
log.debug(() =>
|
|
59
|
+
log.debug(() => `${LOGS_PREFIX}Tokens created for user ${iss}`);
|
|
58
60
|
req.body.rows[0].accessToken = at;
|
|
59
61
|
req.body.rows[0].refreshToken = rt;
|
|
60
62
|
next();
|
|
@@ -76,20 +78,19 @@ function refreshTokens(req, res, next) {
|
|
|
76
78
|
next(err);
|
|
77
79
|
return;
|
|
78
80
|
}
|
|
79
|
-
log.debug(() =>
|
|
81
|
+
log.debug(() => `${LOGS_PREFIX}Tokens refreshed for user ${iss}`);
|
|
80
82
|
req.body.rows[0].accessToken = at;
|
|
81
83
|
req.body.rows[0].refreshToken = rt;
|
|
82
84
|
next();
|
|
83
85
|
}
|
|
84
86
|
function parseBearer(req, res, next) {
|
|
85
|
-
var _a;
|
|
86
87
|
if (!res.locals?.route?.isProtected && !res.locals?.route?.protected) {
|
|
87
88
|
next();
|
|
88
89
|
return;
|
|
89
90
|
}
|
|
90
91
|
log.debug(() => `${LOGS_PREFIX}parse bearer to get access token`);
|
|
91
92
|
try {
|
|
92
|
-
|
|
93
|
+
res.locals.tokens ??= {};
|
|
93
94
|
res.locals.tokens.access = parseBearer$1(req.headers.authorization);
|
|
94
95
|
}
|
|
95
96
|
catch (e) {
|
|
@@ -99,7 +100,6 @@ function parseBearer(req, res, next) {
|
|
|
99
100
|
next();
|
|
100
101
|
}
|
|
101
102
|
function decodeAccess(_req, res, next) {
|
|
102
|
-
var _a;
|
|
103
103
|
log.debug(() => `${LOGS_PREFIX}decode access token`);
|
|
104
104
|
if (!res.locals?.route?.isProtected && !res.locals?.route?.protected) {
|
|
105
105
|
next();
|
|
@@ -123,15 +123,14 @@ function decodeAccess(_req, res, next) {
|
|
|
123
123
|
next({ statusCode: 400, message: `${LOGS_PREFIX}Missing iss` });
|
|
124
124
|
return;
|
|
125
125
|
}
|
|
126
|
-
log.debug(() => `${LOGS_PREFIX}
|
|
127
|
-
|
|
126
|
+
log.debug(() => `${LOGS_PREFIX}Access token decoded for user ${dt.iss}`);
|
|
127
|
+
res.locals.tokens ??= {};
|
|
128
128
|
res.locals.tokens.decodedAccess = dt;
|
|
129
129
|
next();
|
|
130
130
|
}
|
|
131
131
|
function decodeRefresh(req, res, next) {
|
|
132
|
-
var _a;
|
|
133
132
|
const t = req.body?.refreshToken;
|
|
134
|
-
log.debug(() => `${LOGS_PREFIX}
|
|
133
|
+
log.debug(() => `${LOGS_PREFIX}Decoding refresh token`);
|
|
135
134
|
if (!isJWT(t)) {
|
|
136
135
|
next({ statusCode: 401, message: `${LOGS_PREFIX}Invalid refresh token` });
|
|
137
136
|
return;
|
|
@@ -148,8 +147,8 @@ function decodeRefresh(req, res, next) {
|
|
|
148
147
|
next({ statusCode: 400, message: `${LOGS_PREFIX}Missing iss` });
|
|
149
148
|
return;
|
|
150
149
|
}
|
|
151
|
-
log.debug(() => `${LOGS_PREFIX}
|
|
152
|
-
|
|
150
|
+
log.debug(() => `${LOGS_PREFIX}Refresh token decoded for user ${dt.iss}`);
|
|
151
|
+
res.locals.tokens ??= {};
|
|
153
152
|
res.locals.tokens.decodedRefresh = dt;
|
|
154
153
|
next();
|
|
155
154
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dwtechs/toker-express",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Open source JWT management library for Express.js to refresh and decode tokens safely.",
|
|
6
6
|
"keywords": [
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
},
|
|
26
26
|
"license": "MIT",
|
|
27
27
|
"engines": {
|
|
28
|
-
"node": ">=
|
|
28
|
+
"node": ">=22"
|
|
29
29
|
},
|
|
30
30
|
"author": {
|
|
31
31
|
"name": "Ludovic Cluber",
|
|
@@ -44,12 +44,11 @@
|
|
|
44
44
|
],
|
|
45
45
|
"dependencies": {
|
|
46
46
|
"@dwtechs/checkard": "3.6.0",
|
|
47
|
-
"@dwtechs/toker": "0.1
|
|
47
|
+
"@dwtechs/toker": "0.2.1",
|
|
48
48
|
"@dwtechs/winstan": "0.7.0"
|
|
49
49
|
},
|
|
50
50
|
"devDependencies": {
|
|
51
51
|
"@babel/preset-env": "7.26.0",
|
|
52
|
-
"@rollup/plugin-node-resolve": "15.3.0",
|
|
53
52
|
"@types/express": "5.0.6",
|
|
54
53
|
"babel-jest": "29.7.0",
|
|
55
54
|
"jest": "29.7.0",
|