npm - impulse-api - Versions diffs - 3.0.3 → 3.0.5 - Mend

impulse-api 3.0.3 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/readme.md +86 -8
package/src/api.js +2 -2
package/src/auth.js +19 -9
package/src/server.js +5 -1
package/test/custom-jwt-validation.js +6 -4
package/test/server-test.js +144 -0

package/package.json CHANGED Viewed

@@ -12,7 +12,7 @@
     "test": "nyc --reporter=lcov --reporter=text-summary mocha",
     "test-server": "node ./test/integration/test-server.js"
   },
-  "version": "3.0.3",
+  "version": "3.0.5",
   "engines": {
     "node": ">=22"
   },

package/readme.md CHANGED Viewed

@@ -95,16 +95,94 @@ Impulse-Api comes with [JSON web token](https://www.npmjs.com/package/jsonwebtok
 Additionally, any variables that are encoded in the token are accessible once the token has been decoded via `inputs.decoded`.
-Token generation is handled via `Impulse.Auth` which again utilizes the [JSON web token](https://www.npmjs.com/package/jsonwebtoken) package.
+#### Token Generation
+Token generation is handled via the `Auth` class. You must create an `Auth` instance with your `secretKey`, then you can generate and verify tokens without passing the secret key on every call.
+```js
+const Impulse = require('impulse-api');
+const Auth = Impulse.Auth;
+// Create an Auth instance with your secret key
+const auth = new Auth('your-secret-key');
+// Generate a token (no need to pass secretKey again)
+const token = auth.generateToken({
+    userId: '123',
+    username: 'john.doe',
+    role: 'admin'
+});
+// Verify a token (no need to pass secretKey again)
+const decoded = auth.verifyToken(token);
+console.log(decoded.userId); // '123'
+console.log(decoded.username); // 'john.doe'
+```
+**Important:** The `Auth` class requires a `secretKey` in the constructor. If you don't provide one, it will throw an error.
+```js
+// This will throw an error
+const auth = new Auth(); // Error: Auth instance must be initialized with secretKey
+// This is correct
+const auth = new Auth('your-secret-key');
+```
+When using the server with `secretKey` in the config, the server automatically creates an `Auth` instance internally. You can also create your own `Auth` instances for token generation in your application code (e.g., in login routes).
+**Example: Login Route**
+Here's a complete example of a login route that generates tokens:
 ```js
-const { Auth } = require('impulse-api');
-{ decode: [Function],
-  verify: [Function],
-  sign: [Function],
-  JsonWebTokenError: [Function: JsonWebTokenError],
-  NotBeforeError: [Function: NotBeforeError],
-  TokenExpiredError: [Function: TokenExpiredError] }
+// routes/auth.js
+const Impulse = require('impulse-api');
+const Auth = Impulse.Auth;
+// Create Auth instance with your secret key (same as server config)
+const auth = new Auth(process.env.SECRET_KEY || 'your-secret-key');
+exports.login = {
+    name: 'login',
+    description: 'User login endpoint',
+    method: 'post',
+    endpoint: '/api/login',
+    version: 'v1',
+    inputs: {
+        email: {
+            required: true,
+            validate: (val) => typeof val === 'string' && val.includes('@')
+        },
+        password: {
+            required: true
+        }
+    },
+    run: (services, inputs, next) => {
+        // Authenticate user (check database, etc.)
+        const user = services.userService.authenticate(inputs.email, inputs.password);
+        if (!user) {
+            return next(401, { error: 'Invalid credentials' });
+        }
+        // Generate token with user data
+        const token = auth.generateToken({
+            userId: user.id,
+            email: user.email,
+            role: user.role
+        });
+        next(200, {
+            token,
+            user: {
+                id: user.id,
+                email: user.email,
+                role: user.role
+            }
+        });
+    }
+};
 ```
 #### Custom JWT Validation

package/src/api.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const Server = require('./server');
 const Errors = require('./errors');
-const JSONWebToken = require('jsonwebtoken');
+const Auth = require('./auth');
 class Api {
     constructor(config) {
@@ -10,6 +10,6 @@ class Api {
 }
 Api.Errors = Errors;
-Api.Auth = JSONWebToken;
+Api.Auth = Auth;
 module.exports = Api;

package/src/auth.js CHANGED Viewed

@@ -1,11 +1,21 @@
 const jwt = require('jsonwebtoken');
-const auth = {
-    generateToken(params, config) {
-        return(jwt.sign(params, config.secretKey));
-    },
-    verifyToken(token, secretKey) {
-        return jwt.verify(token, secretKey);
-    },
+class Auth {
+    constructor(secretKey) {
+        if (!secretKey) {
+            throw new Error('Auth instance must be initialized with secretKey');
+        }
+        this.secretKey = secretKey;
+    }
+    generateToken(params) {
+        return jwt.sign(params, this.secretKey);
+    }
+    verifyToken(token) {
+        return jwt.verify(token, this.secretKey);
+    }
     // Helper function to create custom validators
     createCustomValidator(validatorFn) {
         if (typeof validatorFn !== 'function') {
@@ -13,6 +23,6 @@ const auth = {
         }
         return validatorFn;
     }
-};
+}
-module.exports = auth;
+module.exports = Auth;

package/src/server.js CHANGED Viewed

@@ -36,6 +36,7 @@ class Server {
         this.heartbeat = config.heartbeat || null;
         this.container = new Container(config.services);
         this.secretKey = config.secretKey;
+        this.auth = config.secretKey ? new Auth(config.secretKey) : null;
         this.tokenValidator = config.tokenValidator || null;
         this.errors = config.errors || Errors;
         process.env.NODE_ENV = this.env || 'dev';
@@ -225,7 +226,10 @@ class Server {
                     decoded = await this.tokenValidator(token, this.container);
                 } else {
                     // Default JWT validation
-                    decoded = await Auth.verifyToken(token, this.secretKey);
+                    if (!this.auth) {
+                        throw new Error(`Route ${route.name} requires token auth but server was not initialized with secretKey`);
+                    }
+                    decoded = this.auth.verifyToken(token);
                 }
                 // Allow route-specific validation to override the global validator

package/test/custom-jwt-validation.js CHANGED Viewed

@@ -99,8 +99,9 @@ exports.testRoute = {
             await api.init();
             // Test default JWT validation
-            const token = Auth.generateToken({ userId: 'test-user' }, { secretKey: 'test-secret' });
-            const decoded = Auth.verifyToken(token, 'test-secret');
+            const auth = new Auth('test-secret');
+            const token = auth.generateToken({ userId: 'test-user' });
+            const decoded = auth.verifyToken(token);
             assert.strictEqual(decoded.userId, 'test-user');
         });
     });
@@ -290,8 +291,9 @@ exports.testRoute = {
             await api.init();
             // Test that default JWT validation still works
-            const token = Auth.generateToken({ userId: 'legacy-user' }, { secretKey: 'test-secret' });
-            const decoded = Auth.verifyToken(token, 'test-secret');
+            const auth = new Auth('test-secret');
+            const token = auth.generateToken({ userId: 'legacy-user' });
+            const decoded = auth.verifyToken(token);
             assert.strictEqual(decoded.userId, 'legacy-user');
         });
     });

package/test/server-test.js CHANGED Viewed

@@ -1,4 +1,5 @@
 const Server = require('../src/server');
+const Auth = require('../src/auth');
 const assert = require('assert');
 const sinon = require('sinon');
@@ -355,4 +356,147 @@ describe('server-test', () => {
             sinon.assert.notCalled(spy);
         });
     });
+    describe('Auth module', () => {
+        describe('instantiation', () => {
+            it('should throw an error if secretKey is not provided', () => {
+                try {
+                    new Auth();
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.contains(e.message, 'must be initialized with secretKey');
+                }
+            });
+            it('should throw an error if secretKey is null', () => {
+                try {
+                    new Auth(null);
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.contains(e.message, 'must be initialized with secretKey');
+                }
+            });
+            it('should throw an error if secretKey is undefined', () => {
+                try {
+                    new Auth(undefined);
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.contains(e.message, 'must be initialized with secretKey');
+                }
+            });
+            it('should create an instance when secretKey is provided', () => {
+                const auth = new Auth('test-secret-key');
+                assert.strictEqual(auth.secretKey, 'test-secret-key');
+            });
+        });
+        describe('generateToken', () => {
+            it('should generate a token without requiring secretKey parameter', () => {
+                const auth = new Auth('test-secret-key');
+                const params = { userId: 'test-user', role: 'admin' };
+                const token = auth.generateToken(params);
+                assert.strictEqual(typeof token, 'string');
+                assert.strictEqual(token.length > 0, true);
+            });
+            it('should generate different tokens for different params', () => {
+                const auth = new Auth('test-secret-key');
+                const token1 = auth.generateToken({ userId: 'user1' });
+                const token2 = auth.generateToken({ userId: 'user2' });
+                assert.notStrictEqual(token1, token2);
+            });
+        });
+        describe('verifyToken', () => {
+            it('should verify a token without requiring secretKey parameter', () => {
+                const auth = new Auth('test-secret-key');
+                const params = { userId: 'test-user', role: 'admin' };
+                const token = auth.generateToken(params);
+                const decoded = auth.verifyToken(token);
+                assert.strictEqual(decoded.userId, 'test-user');
+                assert.strictEqual(decoded.role, 'admin');
+            });
+            it('should throw an error when verifying a token with wrong secretKey', () => {
+                const auth1 = new Auth('secret-key-1');
+                const auth2 = new Auth('secret-key-2');
+                const token = auth1.generateToken({ userId: 'test-user' });
+                try {
+                    auth2.verifyToken(token);
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.contains(e.message, 'invalid signature');
+                }
+            });
+            it('should throw an error when verifying an invalid token', () => {
+                const auth = new Auth('test-secret-key');
+                try {
+                    auth.verifyToken('invalid-token-string');
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.strictEqual(typeof e.message, 'string');
+                }
+            });
+        });
+        describe('createCustomValidator', () => {
+            it('should throw an error if validator is not a function', () => {
+                const auth = new Auth('test-secret-key');
+                try {
+                    auth.createCustomValidator('not-a-function');
+                    assert.fail('Should have thrown an error');
+                } catch (e) {
+                    assert.contains(e.message, 'must be a function');
+                }
+            });
+            it('should return the validator function if valid', () => {
+                const auth = new Auth('test-secret-key');
+                const validatorFn = () => true;
+                const result = auth.createCustomValidator(validatorFn);
+                assert.strictEqual(result, validatorFn);
+            });
+        });
+    });
+    describe('Server Auth integration', () => {
+        it('should create auth instance when secretKey is provided', () => {
+            const server = new Server({
+                name: 'test-server',
+                routeDir: './test-routes',
+                port: 4000,
+                env: 'test',
+                secretKey: 'test-secret-key',
+                services: {}
+            });
+            assert.strictEqual(server.auth !== null, true);
+            assert.strictEqual(server.auth.secretKey, 'test-secret-key');
+        });
+        it('should not create auth instance when secretKey is not provided', () => {
+            const server = new Server({
+                name: 'test-server',
+                routeDir: './test-routes',
+                port: 4000,
+                env: 'test',
+                services: {}
+            });
+            assert.strictEqual(server.auth, null);
+        });
+        it('should not create auth instance when secretKey is null', () => {
+            const server = new Server({
+                name: 'test-server',
+                routeDir: './test-routes',
+                port: 4000,
+                env: 'test',
+                secretKey: null,
+                services: {}
+            });
+            assert.strictEqual(server.auth, null);
+        });
+    });
 });