{"id":15732296,"url":"https://github.com/stopsopa/secure-express","last_synced_at":"2025-03-31T03:25:47.098Z","repository":{"id":65493704,"uuid":"165462054","full_name":"stopsopa/secure-express","owner":"stopsopa","description":"Can't reliably logout from basic auth, so I wrote my own simple to use library (cookie \u0026 jwt)","archived":false,"fork":false,"pushed_at":"2020-01-20T16:49:57.000Z","size":51,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-06T17:53:54.754Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stopsopa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"securityabstract.js","support":null}},"created_at":"2019-01-13T03:35:29.000Z","updated_at":"2020-01-20T16:49:51.000Z","dependencies_parsed_at":"2023-01-25T21:15:20.009Z","dependency_job_id":null,"html_url":"https://github.com/stopsopa/secure-express","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stopsopa%2Fsecure-express","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stopsopa%2Fsecure-express/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stopsopa%2Fsecure-express/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stopsopa%2Fsecure-express/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stopsopa","download_url":"https://codeload.github.com/stopsopa/secure-express/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246409777,"owners_count":20772547,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-04T00:08:53.359Z","updated_at":"2025-03-31T03:25:47.079Z","avatar_url":"https://github.com/stopsopa.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![npm version](https://badge.fury.io/js/secure-express.svg)](https://badge.fury.io/js/secure-express)\n[![NpmLicense](https://img.shields.io/npm/l/secure-express.svg)](https://github.com/stopsopa/secure-express/blob/master/LICENSE)\n\n# Simplest use\n\n```javascript\n\nconst path = require('path');\n\nconst fs = require('fs');\n\nconst bodyParser = require('body-parser');\n\nconst express = require('express');\n\nconst app = express();\n\napp.use(express.static(path.resolve(__dirname, 'public')));\n\napp.use(require('nlab/express/console-logger'));\n\napp.use(bodyParser.urlencoded({\n extended: true, // WARNING: required for secure-express\n // without this scripts on server wont be able to see values submitted from form\n}));\n\nconst security = require('secure-express/securityjwt');\n\nconst middlewares = security({\n // debug: true,\n secret: \"super_secret_salt_to_encrypt_jwt\",\n expire : 60 * 60 * 9, // 9 hours\n userprovider: async (username, opt) =\u003e {\n\n const users = [\n {\n username: 'admin',\n password: 'pass',\n // jwtpayload: {\n // username: 'admin',\n // role: 'admin'\n // }\n },\n {\n username: 'abc',\n password: 'def',\n // jwtpayload: {\n // username: 'admin',\n // role: 'user'\n // }\n },\n ];\n\n return users.find(u =\u003e u.username === username);\n },\n authenticate: async (user = {}, password, opt) =\u003e {\n return user.password === password;\n },\n extractpayloadfromuser: async (user, opt) =\u003e {\n return user.jwtpayload || {};\n },\n});\n\n/**\n * Always place .signout endpoint before .secure if you want to avoid weird redirections\n */\napp.all('/signout' , middlewares.signout);\n\napp.use(middlewares.secure);\n\napp.all('/refresh' , middlewares.refresh);\n\napp.all('/diff' , middlewares.diff);\n\nconst content = fs.readFileSync(path.resolve(__dirname, 'public', 'secured.html')).toString();\n\napp.use((req, res) =\u003e {\n\n res.set('Content-type', 'text/html; charset=UTF-8');\n\n res.end(content);\n});\n\nconst port = process.env.NODE_BIND_PORT;\n\nconst host = process.env.NODE_BIND_HOST;\n\nconst server = app.listen(port, host, () =\u003e {\n\n console.log(`\\n 🌎 Server is running ` + ` ${host}:${port} ` + \"\\n\")\n});\n\n```\n\n# About architecture\n\nThe core script is [securityabstract.js](lib/securityabstract.js), (I'm encoriging to see how things are implemented - it's quite simple, EDIT: was simple before I've added \"remember me\" functionality ;) ) this script is responsible for creating authentication cookie after correct login, it doesn't impose any encryption method for cookie content.\n\nAnother script is [securityjwt.js](lib/securityjwt.js) which is extension of default configuration of securityabstract.js and it is focused on encrypting cookie using JWT.\n\nIf would like to create different method of encrypting session token just extend [securityabstract.js](lib/securityabstract.js) and use [securityjwt.js](lib/securityjwt.js) as an example how to do it.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstopsopa%2Fsecure-express","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstopsopa%2Fsecure-express","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstopsopa%2Fsecure-express/lists"}