Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eklemen/gate-guard
A configurable lightweight ExpressJs middleware for jsonwebtoken to validate tokens sent as cookies.
https://github.com/eklemen/gate-guard
authentication expressjs jwt middlewares
Last synced: about 2 months ago
JSON representation
A configurable lightweight ExpressJs middleware for jsonwebtoken to validate tokens sent as cookies.
- Host: GitHub
- URL: https://github.com/eklemen/gate-guard
- Owner: eklemen
- Created: 2020-10-23T02:21:49.000Z (about 4 years ago)
- Default Branch: develop
- Last Pushed: 2020-10-25T03:36:43.000Z (about 4 years ago)
- Last Synced: 2024-08-08T15:18:38.609Z (5 months ago)
- Topics: authentication, expressjs, jwt, middlewares
- Language: TypeScript
- Homepage:
- Size: 291 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# gate-guard
Lightweight and configurable ExpressJS middleware to decode and verify [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) JWTs that are sent via cookies.
Let the gate-guard protect your resources by deciding what calls make it through or not.
## Installation
_Requires Node 8 or later_
```shell script
npm i --save gate-guard
# or
yarn add gate-guard
```
## Minimum Setup
This example will protect all routes listed after the middleware behind the jwt verification.
```javascript
import gateGuard from 'gate-guard';
// jwtSecret must match the secret used to sign the jwt
app.use(gateGuard({ jwtSecret: 'shh' }))
// Routes here
```
## Configurations
| Option | Default Value | Required | Description |
|---|---|---|---|
| `jwtSecret` | `undefined` | Yes | The secret/cert that was used to sign/encode the JWT |
| `whitelist` | `[]` | Optional | Allow certain endpoints or endpoint groups to bypass jwt checking. Example registration, login, forgot password. Simply calls `next()` if `req.path` is whitelisted. Supports globbing patterns via picomatch. |
| `missingTokenErrorStatus` | `401` | Optional | HTTP status returned when the key for the jwt is missing from `cookies`. |
| `missingTokenErrorMessage` | 'Missing token.' | Optional | Message to show when there is no cookie containing the JWT present at all. |
| `verifyTokenErrorStatus` | `403` | Optional | HTTP status returned when the provided JWT failed to verify. |
| `verifyTokenErrorMessage` | 'Invalid jwt.' | Optional | HTTP Message returned when the provided JWT failed to verify. |
| `cookieName` | `'token'` | Optional | The key where the JWT can be found within the `req.cookies` object. |
| `jwtVerifyOptions` | `{}` | Optional | Pass-through for native configs of the [jwt.verify method](https://www.npmjs.com/package/jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) |
## Examples
#### Basic whitelist usage
```javascript
app.use(gateGuard({
jwtSecret,
whitelist: [
'/api/registration/verify',
'/api/registration/create/account',
'/api/registration/create/profile',
]
}));
```
#### Whitelist multiple routes with globs
Supports globbing via the [picomatch](https://github.com/micromatch/picomatch) library
```javascript
// The same example above can be written as
app.use(gateGuard({
jwtSecret,
whitelist: ['/api/registration/**']
}));
// All common glob patterns supported
app.use(gateGuard({
jwtSecret,
whitelist: [
'/api/*/create/account',
'/api/**/profile/*',
]
}));
// Note on matching
app.use(gateGuard({
jwtSecret,
// This will whitelist any sub-routes of /api/registration/
// But the base route /api/registration itself will not be whitelisted
whitelist: ['/api/registration/**']
}));
```