{"id":28394911,"url":"https://github.com/glepur/monetta","last_synced_at":"2026-05-04T09:33:50.560Z","repository":{"id":57301461,"uuid":"148363709","full_name":"glepur/Monetta","owner":"glepur","description":"Token authorization for MongoDB and Express","archived":false,"fork":false,"pushed_at":"2018-12-11T17:08:49.000Z","size":83,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-25T17:10:22.778Z","etag":null,"topics":["auth","authorization","express","mongodb","nodejs","rest-api","token"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/glepur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-11T18:44:30.000Z","updated_at":"2018-12-11T17:08:12.000Z","dependencies_parsed_at":"2022-08-24T17:10:35.058Z","dependency_job_id":null,"html_url":"https://github.com/glepur/Monetta","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/glepur/Monetta","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glepur%2FMonetta","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glepur%2FMonetta/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glepur%2FMonetta/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glepur%2FMonetta/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/glepur","download_url":"https://codeload.github.com/glepur/Monetta/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glepur%2FMonetta/sbom","scorecard":{"id":429697,"data":{"date":"2025-08-11","repo":{"name":"github.com/glepur/Monetta","commit":"500b5167e7671501c974880e9b903a1f56e1c566"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"53 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-4jwp-vfvf-657p","Warn: Project is vulnerable to: GHSA-v8w9-2789-6hhr","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-3gx7-xhv7-5mx3","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-675m-85rw-j3w4","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-mh5c-679w-hh4r","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T03:02:54.164Z","repository_id":57301461,"created_at":"2025-08-19T03:02:54.164Z","updated_at":"2025-08-19T03:02:54.164Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32601585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T22:12:39.696Z","status":"online","status_checked_at":"2026-05-04T02:00:06.625Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authorization","express","mongodb","nodejs","rest-api","token"],"created_at":"2025-05-31T19:09:04.222Z","updated_at":"2026-05-04T09:33:50.543Z","avatar_url":"https://github.com/glepur.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Monetta\n\n[![Build Status](https://travis-ci.org/glepur/Monetta.svg?branch=master)](https://travis-ci.org/glepur/Monetta)\n[![Coverage Status](https://coveralls.io/repos/github/glepur/Monetta/badge.svg?branch=master)](https://coveralls.io/github/glepur/Monetta?branch=master)\n\n### Token authorization for MongoDB and Express framework\n\nMonetta is opinionated token authorization for MongoDB and Express (or any other Javascript framework using similar middleware functions). Principle is simple, Monetta receives configuration and returns middleware for login, authorization and logout.  \nConfiguration options include MongoDB connection parameters and names of collections where users and access tokens reside. After Monetta is initialized with proper config it creates MongoDB connection and uses it to read from users table and manage access tokens. Almost everything happens under the hood, everything user of the module has to do is call middleware to pass user credentials, receive token, check token etc.\n\n## Installation\n\n`npm i -S monetta`\n\n## Example\n\n```javascript\n'use strict';\n\nconst express = require('express');\nconst bodyParser = require('body-parser');\nconst app = express();\nconst crypto = require('crypto');\nconst Monetta = require('monetta');\n\nconst config = {\n  mongoConnection: {\n    username: null,\n    password: null,\n    hosts: [\n      {\n        host: 'localhost',\n        port: 27017\n      }\n    ],\n    database: 'monetta'\n  },\n  // mongoConnectionUri: 'mongodb://localhost/monetta',\n  users: {\n    collection: 'users',\n    mainField: 'username',\n    passwordField: 'password'\n  },\n  accessTokens: {\n    collection: 'tokens',\n    httpHeader: 'x-auth-token',\n    length: 24,\n    maxAllowed: 5\n  },\n  generatePasswordHash: password =\u003e {\n    const hash = crypto.createHmac('sha256', 'Secret squirrel');\n    hash.update(password);\n    return hash.digest('hex');\n  }\n};\n\nconst auth = new Monetta(config);\n\napp.use(bodyParser.json());\n\napp.get('/', (req, res) =\u003e\n  res.json({ message: 'This route does not require authorization.' })\n);\napp.post('/login', auth.login(), (req, res) =\u003e\n  res.json({ token: req.authToken })\n);\napp.get('/profile', auth.authorize(), (req, res) =\u003e\n  res.json({ user: req.user })\n);\napp.post('/logout', auth.logout(), (req, res) =\u003e\n  res.json({\n    message: 'Logout succesful'\n  })\n);\napp.post('/logout-all', auth.logoutAll(), (req, res) =\u003e\n  res.json({\n    message: 'All devices are logged out'\n  })\n);\n\napp.use((err, req, res, next) =\u003e {\n  console.log(err);\n  res.status(err.status).json({ error: err.message });\n});\n\napp.listen(3000, () =\u003e console.log('Example app listening on port 3000!'));\n```\n\n## Configuration options\n\n- `mongoConnection`: parameters used to specify connection to MongoDB, these options are transformed into MongoDB URI using [mongodb-uri-node](https://github.com/mongolab/mongodb-uri-node), `mongoConnectionUri` can be used instead of this option.\n- `mongoConnectionUri`: raw string format used to initialize MongoDB connection, defaults to `mongodb://localhost/monetta`, `mongoConnection` option can be used instead.\n- `users`: used to specify collection where users are being stored\n  - `collection`: name of collection, defaults to `users`\n  - `mainField`: field used to search through user collection, same field you submit with password when logging in (in most cases `username` or `email`), defaults to `username`\n  - `passwordField`: field used to store passwords, defaults to `password`\n- `accessTokens`: used to specify collection where access tokens are being stored, and options related to access tokens\n  - `collection`: name of collection, defaults to `tokens`\n  - `httpHeader`: header used to send access token when accessing routes that require authorization, defaults to `x-auth-token`\n  - `length`: length of the access token, defaults to `48`\n  - `maxAllowed`: same user can have multiple active access tokens, i.e. when logging in with multiple devices, this option specifies maximum number of access tokens active at once, defaults to `10`\n- `generatePasswordHash`: function used to encrypt password, only input parameter is password as string, returns encrypted password as string, by default it only emmits warning and returns password in plain text, **WARNING!** storing passwords in plain text to database is dangerous, please, pretty please, supply your own hash function when using Monetta\n\n## Middleware\n\n### login\n\nReturns middleware that checks request body for fields specified in `users` config, searches the database for matching user, and creates access token.  \nFor example, if user config looks like this:\n\n```javascript\nusers: {\n    collection: 'super_cool_users',\n    mainField: 'super_cool_name',\n    passwordField: 'super_cool_pass'\n  }\n```\n\nRequest body could look like this:\n\n```json\n{\n  \"super_cool_name\": \"test\",\n  \"super_cool_pass\": \"test\"\n}\n```\n\nLogin middleware will check `super_cool_users` collection for user with property `super_cool_name` that equals `test`. Then it will compare password hash from `super_cool_pass` property from request body to one in database. If user is not found or password hashes do not match it will throw error. If user is found it will create access token, store it in database, and create `req.authToken` property containing said token.\n\n```javascript\napp.post('/login', auth.login(), (req, res) =\u003e\n  res.json({ token: req.authToken })\n);\n```\n\n### authorize\n\nReturns middleware that checks header specified in `accessTokens.httpHeader` for access token. Then it searches database for user related to that access token. If user is found it will bind user object to `req.user`, otherwise it will throw error.\n\n```javascript\napp.get('/profile', auth.authorize(), (req, res) =\u003e\n  res.json({ user: req.user })\n);\n```\n\n### logout\n\nReturns middleware that checks header specified in `accessTokens.httpHeader` for access token. Then it searches database for that token. If token is found it will delete the token from database, otherwise it will throw error.\n\n```javascript\napp.post('/logout', auth.logout(), (req, res) =\u003e\n  res.json({\n    message: 'Logout succesful'\n  })\n);\n```\n\n### logoutAll\n\nReturns middleware that checks header specified in `accessTokens.httpHeader` for access token. Then it searches database for that token. If token is found it will find user who owns the token and delete all tokens owned by that user, otherwise it will throw error.\n\n```javascript\napp.post('/logout-all', auth.logoutAll(), (req, res) =\u003e\n  res.json({\n    message: 'All devices are logged out'\n  })\n);\n```\n\n## TODO\n\n- [ ] Add access token expiration\n- [ ] Add option to use refresh token\n- [ ] Add http error codes on thrown errors\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglepur%2Fmonetta","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglepur%2Fmonetta","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglepur%2Fmonetta/lists"}