{"id":22065286,"url":"https://github.com/aghae/ejwt","last_synced_at":"2026-01-11T03:02:44.858Z","repository":{"id":57157044,"uuid":"192357588","full_name":"aghae/ejwt","owner":"aghae","description":"Express JSON Web Token","archived":false,"fork":false,"pushed_at":"2022-05-29T10:01:46.000Z","size":23,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-04T14:47:12.207Z","etag":null,"topics":["express","json","json-web-token-express","jwt","security","token"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aghae.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-17T13:59:05.000Z","updated_at":"2022-09-07T15:35:09.000Z","dependencies_parsed_at":"2022-09-03T16:51:15.573Z","dependency_job_id":null,"html_url":"https://github.com/aghae/ejwt","commit_stats":null,"previous_names":["aghae/express-jwt-enhanced"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aghae/ejwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aghae%2Fejwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aghae%2Fejwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aghae%2Fejwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aghae%2Fejwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aghae","download_url":"https://codeload.github.com/aghae/ejwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aghae%2Fejwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28274233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T02:08:32.518Z","status":"ssl_error","status_checked_at":"2026-01-11T02:08:32.093Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["express","json","json-web-token-express","jwt","security","token"],"created_at":"2024-11-30T19:16:06.788Z","updated_at":"2026-01-11T03:02:44.839Z","avatar_url":"https://github.com/aghae.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## __Express JWT Enhanced__ \n\n### Features\n- It can be used as a authenticator \u0026 session data\n- It can be used as stateless or statefull(with redis for horizontal scaling) \n- with csrf \u0026 captcha protection ability\n\n### Install\n\n```\n npm install --force express-jwt-enhanced\n```\n\n### Usage\n```javascript\n const express = require('express')\n const cookieparser= require('cookie-parser') //necessary for web apps (by default it stored in cookie on client side) . for mobile apps you can get token via json result\n const app = express()\n\n const options={\n expire: 3600, // alive for seconds\n secret :`$eCr3T`, // importat!!!! : change it\n sec_cookie: false, // if true only pass on https. on develop dont set it to true\n\n use_redis : false, // use redis or not\n redis_host:'localhost',\n redis_port:6379,\n redis_pass:'',\n \n }\n const ejwt = require('express-jwt-enhanced')(options); \n\n app.use(cookieparser()) //necessry for parsing token cookie\n .use(express.json()) //necessary for parsing application/json\n .use(express.urlencoded({})) //necessary for parsing application/x-www-form-urlencoded\n .use(function(req,res,next){ejwt.req=req,ejwt.res=res,next()}) //necessary \n \n```\n\n### Examples \n\n \n*Login:*\n```javascript\n\napp.get('/login', async(req, res)=\u003e {\n \n await ejwt.set({ \n loggedin:true,\n user:{\n user:'aghae',\n rol:'admin' \n })\n\n res.json({ succ: 'logined successfully',\n //bellow `token,csrf_token` required for mobile app clients but it no need in web apps\n token:ejwt.token,\n csrf_token: ejwt.data.csrf_token\n })\n\n /* \n for `web app` everything is ok. \n But for `mobile app` you must post these token \u0026 csrf_token for each requests\n */\n})\n```\n\n\n*Logout:* \n```javascript\napp.get('/logout', async(req, res)=\u003e {\n await ejwt.unset()\n res.send('logouted.')\n});\n```\n\n\n*Auth Middleware:*\n\n```javascript\n//auth middleware\nasync function auth(req,res,next){\n var ret = await ejwt.get()\n ret \u0026\u0026 ret.loggedin ? next() : res.json({err:'auth failed'})\n}\n\n//using auth middleware\napp.get('/is_authed',auth, async (req, res)=\u003e {\n res.send('Authed. ;)')\n});\n```\n\n*CSRF Generate:* \n```javascript\napp.get('/csrfgen', async (req, res)=\u003e {\n\n res.json(await ejwt.csrfgen())\n\n /* in real world:\n\n await ejwt.csrfgen()\n res.render('your-form.hrml')\n\n */\n});\n```\n\n*CSRF Check:* \n```javascript\napp.get('/csrfchk', async (req, res)=\u003e {\n\n res.json(await ejwt.csrfchk())\n \n /* in real world\n\n var csrf_chk = await ejwt.csrfchk()\n if(csrf_chk.err) \n res.send('csruf token error')\n else\n do somthing....\n\n */\n});\n```\n\n*Captcha:* \n```javascript\napp.get('/captcha', async function(req, res) {\n res.type('svg').send(await ejwt.captcha_gen())\n});\n\napp.get('/captcha-form', async function(req, res) {\n res.send(`\n \u003cform method='POST' action='/captcha_chk' \u003e\n \u003cimg src=\"/captcha\" \u003e\u003cbr\u003e\n \u003cinput name='captcha' placeholder='Enter above text :'\u003e\n \u003c/form\u003e\n `,\n 200,{'Content-Type':'text/html'})\n});\n\n\napp.post('/captcha_chk', async function(req, res) { //this must be post method\n res.send(await ejwt.captcha_chk())\n});\n\n```\n\n### API's\n\n+ ` await set (payload,expire=3600) `\n set payload json data\n \u0026nbsp;\n\n+ `await get ()` \n get payload json data \n \u0026nbsp;\n \n+ `await unset()` \n unset payload json data \n \u0026nbsp;\n\n+ `await getkey (key)`\n get specified payload key\n \u0026nbsp;\n\n+ `await setkey (key,val,expire = null)`\n set payload key . nested key like user.profile accepted too\n ```\n example:\n\n await set({user:{}})\n await setkey('user.profile',{name:'a.',fam:'aghae',favs:['fav1','fav2']})\n\n result: \n {\n user:{\n profile:{\n name:'a.',\n fam:'aghae',\n favs:['fav1','fav2']\n }\n }\n }\n\n \n+ `await unsetkey (key)`\n unset specified payload key\n\u0026nbsp;\n \n+ `await csrfgen ()`\n Use it on route that render your form . check it out on above Eample \n \u0026nbsp; \n\n+ `await csrfchk () `\n For mobile app you must post __csrf_token__ to the route that use this \n method \n \u0026nbsp;\n \n+ `await captcha_gen (expire=0,captcha_name='captcha')`\n For mobile app you must send __captcha_name__ input as a posted data( by default captcha ) to the route that will call captcha_chk\n \u0026nbsp;\n\n+ `await captcha_chk (captcha_name='captcha')`\n check input posted captcha_name ( by default is captcha )\n \u0026nbsp;\n\n+ `data` \n decoded full data property\n \u0026nbsp;\n\n+ `token`\n generared token property\n\n---\n\nThat's it.\ngood luck ;)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faghae%2Fejwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faghae%2Fejwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faghae%2Fejwt/lists"}