Generate token with HS256 (HMAC with SHA-256) symmetric algorithm
Store token in redis to double check if token is generated by our machine
Before you start to use this package you need to install Redis on your server or local machine
How to use:
npminstallsecure-jws-session--save
constSession=require('secure-jws-session')constconfig={secret: '@2e£$1#1&$23_-!',// secret key (String)serverHost: 'www.mdslab.org',// server hostname (String)time: 1// Set time expiration in minutes (Int)}constauth=newSession(config)
Generate a new token passing the user ID and the user type
Decode an existing token and check if is valid and generated by our machine:
constdecoded=awaitauth.decodeToken(token)
Using the session handler as middleware in Koa
Attach the session handler over the Koa context
app.context.auth=auth
Create a Middleware
module.exports=function(){returnasyncfunction(ctx,next){if(!ctx.request.body.token)returnctx.body={isLogged : false,token: false,message: 'You must provide a token for this route'}letstatus=awaitctx.auth.check(ctx.request.body.token)if(!status.isLogged)returnctx.body={isLogged : false,token: false,message: 'You are not logged in please do the log-in again'}awaitnext()}}