# auth-server-helper version: 2.0.0 customizable and simple authentication ## Installation npm: > npm i --save auth-server-helper yarn: > yarn add auth-server-helper ## Usage ### 1. put a gateway in front of the routes you want to secure ```js const {create_gateway} = require('@sapphirecode/auth-server-helper'); const gateway = create_gateway({ redirect_url: '/auth', cookie_name: 'auth_cookie', // if defined, access tokens will be read from this cookie }); // express app.use(gateway); // node http http.createServer((main_req, main_res) => gateway(main_req, main_res, (req, res) => { // your request handler }); ); ``` the gateway will forward any authorized requests to the next handler and redirect all others to the specified url ### 2. creating the auth endpoint ```js const {create_auth_handler} = require('@sapphirecode/auth-server-helper'); const handler = create_auth_handler( async (req) => { if (req.user === 'foo' && req.password === 'bar') const {access_token_id, refresh_token_id} = await req.allow_access({ access_token_expires_in: 600, // seconds until access tokens expire include_refresh_token: true, // should the answer include a refresh token? default: false refresh_token_expires_in: 3600, // seconds until refresh tokens expire (required if refresh tokens are generated) data: {user: 'foo'}, // additional custom data to include in the token }); if (req.user === 'part' && req.password === 'baz') const part_id = await req.allow_part( 60, // seconds until part_token expires 'some_module', // next module handler (defined below) {foo: 'bar'} // custom data to attach to the token ); // all allow_ functions return a token id, which can later be used to invalidate specific tokens from the server side req.deny(); }, { refresh: { /*...same options as allow_access */ }, // define the behaviour of refresh tokens. Refresh tokens will not be accepted if this option is undefined modules: { some_module(req) { // request handlers for part_tokens // access custom data: const auth_data = req.request.connection.auth; auth_data.token_id; // token id auth_data.token_data; // custom data // the same works in handlers after the gateway, information is always stored in request.connection.auth }, }, cookie_name: 'auth_cookie', // if defined, access tokens will be stored in this cookie } ); // express app.use(handler); // node http // ... create server, on path /auth run the handler handler(req, res); ``` after the auth handler, the request will be completed, no additional content should be served here. ### Invalidating tokens after they are delivered to the client ```js const {blacklist} = require('@sapphirecode/auth-server-helper'); blacklist.add_signature(token_id); // the token id is returned from any function that creates tokens ``` ### Exporting and importing public keys to validate tokens across server instances ```js const {keystore} = require('@sapphirecode/auth-server-helper'); const export = keystore.export_verification_data(); // second instance keystore.import_verification_data(export); ``` ### Exporting and importing blacklist entries across server instances ```js const {blacklist} = require('@sapphirecode/auth-server-helper'); const export = blacklist.export_blacklist(); // second instance blacklist.import_blacklist(export); ``` ## License MIT © Timo Hocker