{"id":16052164,"url":"https://github.com/devoctane/octane-auth","last_synced_at":"2026-01-23T09:17:13.092Z","repository":{"id":257806854,"uuid":"866359335","full_name":"devoctane/octane-auth","owner":"devoctane","description":"OctaneAuth is a simple and customizable authentication module for JavaScript applications.","archived":false,"fork":false,"pushed_at":"2024-10-14T13:14:31.000Z","size":203,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-28T07:02:50.088Z","etag":null,"topics":["authentication-middleware","npm-package","octane-auth"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/octane-auth","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devoctane.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-02T05:38:47.000Z","updated_at":"2024-10-14T13:14:34.000Z","dependencies_parsed_at":"2024-12-23T18:46:43.239Z","dependency_job_id":null,"html_url":"https://github.com/devoctane/octane-auth","commit_stats":{"total_commits":39,"total_committers":4,"mean_commits":9.75,"dds":0.3076923076923077,"last_synced_commit":"f5edc851a952ed432070b0de9381fb77acfc72db"},"previous_names":["devoctane/octane-auth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devoctane%2Foctane-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devoctane%2Foctane-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devoctane%2Foctane-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devoctane%2Foctane-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devoctane","download_url":"https://codeload.github.com/devoctane/octane-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243902277,"owners_count":20366259,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication-middleware","npm-package","octane-auth"],"created_at":"2024-10-09T01:07:38.413Z","updated_at":"2026-01-23T09:17:08.063Z","avatar_url":"https://github.com/devoctane.png","language":"JavaScript","readme":"# Octane Auth Documentation\n\n![Octane Auth Logo](https://octane-spaces.blr1.cdn.digitaloceanspaces.com/octane-auth.png)\n\nSimple and customizable authentication module for JavaScript applications.\n\n## Table of Contents\n\n-   [Installation](#installation)\n-   [Quick Start](#quick-start)\n-   [Features](#features)\n-   [API Reference](#api-reference)\n-   [Examples](#examples)\n-   [Security Considerations](#security-considerations)\n\n## Installation\n\n```bash\nnpm install octane-auth\n# or\nyarn add octane-auth\n```\n\n## Quick Start\n\n```javascript\nimport OctaneAuth from \"octane-auth\";\nimport express from \"express\";\n\nconst app = express();\nconst auth = new OctaneAuth({\n    jwtSecret: \"your-secret-key\",\n    refreshSecret: \"your-refresh-secret-key\",\n});\n\n// Protected route example\napp.get(\"/protected\", auth.authenticate(), (req, res) =\u003e {\n    res.json({ message: \"Access granted\", user: req.user });\n});\n```\n\n## Features\n\n-   🔐 JWT-based authentication with access and refresh tokens\n-   🔑 Secure password hashing with Argon2\n-   🚀 Express middleware support\n-   ⚡ Simple and intuitive API\n-   🛡️ Built-in security best practices\n\n## API Reference\n\n### `new OctaneAuth(options)`\n\nCreates a new instance of OctaneAuth.\n\n#### Options\n\n| Option                 | Type   | Default                   | Description                          |\n| ---------------------- | ------ | ------------------------- | ------------------------------------ |\n| jwtSecret              | string | 'your-secret-key'         | Secret key for JWT signing           |\n| refreshSecret          | string | 'your-refresh-secret-key' | Secret key for refresh token signing |\n| tokenExpiration        | string | '1h'                      | Access token expiration time         |\n| refreshTokenExpiration | string | '7d'                      | Refresh token expiration time        |\n\n### Methods\n\n#### `async hashPassword(password: string): Promise\u003cstring\u003e`\n\nHashes a password using Argon2.\n\n```javascript\nconst hashedPassword = await auth.hashPassword(\"userPassword123\");\n```\n\n#### `async verifyPassword(hash: string, password: string): Promise\u003cboolean\u003e`\n\nVerifies a password against a hash.\n\n```javascript\nconst isValid = await auth.verifyPassword(hashedPassword, \"userPassword123\");\n```\n\n#### `generateTokens(payload: object): { accessToken: string, refreshToken: string }`\n\nGenerates both access and refresh tokens.\n\n```javascript\nconst { accessToken, refreshToken } = auth.generateTokens({ userId: 123 });\n```\n\n#### `verifyToken(token: string): object`\n\nVerifies an access token and returns the decoded payload.\n\n```javascript\ntry {\n    const decoded = auth.verifyToken(accessToken);\n    console.log(decoded.userId);\n} catch (error) {\n    console.error(\"Invalid token\");\n}\n```\n\n#### `verifyRefreshToken(token: string): object`\n\nVerifies a refresh token and returns the decoded payload.\n\n```javascript\ntry {\n    const decoded = auth.verifyRefreshToken(refreshToken);\n    console.log(decoded.userId);\n} catch (error) {\n    console.error(\"Invalid refresh token\");\n}\n```\n\n#### `refreshAccessToken(refreshToken: string): { tokens: { accessToken: string, refreshToken: string } }`\n\nRefreshes the access token using a valid refresh token.\n\n```javascript\ntry {\n    const { tokens } = auth.refreshAccessToken(oldRefreshToken);\n    // Use the new accessToken and refreshToken\n} catch (error) {\n    console.error(\"Failed to refresh token\");\n}\n```\n\n#### `invalidateRefreshToken(refreshToken: string): void`\n\nInvalidates a refresh token.\n\n```javascript\nauth.invalidateRefreshToken(refreshToken);\n```\n\n#### `authenticate()`\n\nExpress middleware for protecting routes using the access token.\n\n```javascript\napp.get(\"/protected\", auth.authenticate(), (req, res) =\u003e {\n    res.json({ user: req.user });\n});\n```\n\n## Examples\n\n### User Registration\n\n```javascript\napp.post(\"/register\", async (req, res) =\u003e {\n    const { username, password } = req.body;\n\n    try {\n        const hashedPassword = await auth.hashPassword(password);\n        // Save user to database with hashedPassword\n        const { accessToken, refreshToken } = auth.generateTokens({ username });\n        res.json({ accessToken, refreshToken });\n    } catch (error) {\n        res.status(500).json({ error: \"Registration failed\" });\n    }\n});\n```\n\n### User Login\n\n```javascript\napp.post(\"/login\", async (req, res) =\u003e {\n    const { username, password } = req.body;\n\n    try {\n        // Fetch user from database\n        const user = await User.findOne({ username });\n        const isValid = await auth.verifyPassword(user.hashedPassword, password);\n\n        if (!isValid) {\n            return res.status(401).json({ error: \"Invalid credentials\" });\n        }\n\n        const { accessToken, refreshToken } = auth.generateTokens({ userId: user.id });\n        res.json({ accessToken, refreshToken });\n    } catch (error) {\n        res.status(401).json({ error: \"Login failed\" });\n    }\n});\n```\n\n### Refreshing Access Token\n\n```javascript\napp.post(\"/refresh-token\", (req, res) =\u003e {\n    const { refreshToken } = req.body;\n\n    try {\n        const { tokens } = auth.refreshAccessToken(refreshToken);\n        res.json(tokens);\n    } catch (error) {\n        res.status(401).json({ error: \"Invalid refresh token\" });\n    }\n});\n```\n\n### Logout (Invalidating Refresh Token)\n\n```javascript\napp.post(\"/logout\", (req, res) =\u003e {\n    const { refreshToken } = req.body;\n\n    auth.invalidateRefreshToken(refreshToken);\n    res.json({ message: \"Logged out successfully\" });\n});\n```\n\n## Security Considerations\n\n1. **Environment Variables**: Always use environment variables for sensitive data:\n\n```javascript\nconst auth = new OctaneAuth({\n    jwtSecret: process.env.JWT_SECRET,\n    refreshSecret: process.env.REFRESH_SECRET,\n});\n```\n\n2. **HTTPS**: Always use HTTPS in production environments.\n\n3. **Token Storage**: Store tokens securely:\n\n    - Browser: Use HttpOnly cookies for refresh tokens, localStorage for access tokens\n    - Mobile: Use secure storage solutions\n\n4. **Password Requirements**: Implement strong password requirements.\n\n5. **Refresh Token Storage**: In production, use a database instead of the in-memory Map for storing refresh tokens.\n\n6. **Token Expiration**: Adjust token expiration times based on your security requirements.\n\n---\n\nFor more information or to contribute, please visit the [OctaneAuth GitHub repository](https://github.com/devoctane/octane-auth).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevoctane%2Foctane-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevoctane%2Foctane-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevoctane%2Foctane-auth/lists"}