JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
    • 0
  • Score
    100M100P100Q48921F
  • License ISC

A React/Koa proxy for safe token distribution and API calls

Package Exports

  • @jumpitt/retake

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@jumpitt/retake) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Retake : REacT sAfe toKEn

Retake is a highly opinionated and experimental API auth package for Koa

This package saves your access_token ,refresh_token in a database of your election and returns a UUID through a cookie you can use in a JS app

####Installation

npm i @jumpitt/retake

Add this to your index.js or similar file of your koa app

const Koa = require('koa');
const app = new Koa();
const Auth = require('@jumpitt/retake')
app.context.auth_id = 'any_string_you_want';

const auth = new Auth(app // -> Instance of your koa app, {
  baseURL: '' , // -> base url of your auth service,
  cookieName: 'uuid_session' // ->  The cookie name for your JS app ,
  authSuffix: 'oauth/token' // -> suffix for your service login,
  
  
  // Your service secrets
  secrets: {
    client_id: 123,
    client_secret: 1234,
  },
  // Your database credentials
  db: { 
    client: 'pg',
    connection: {
      host: 127.0.0.1,
      user: 'user',
      password: 'password',
      database: 'database',
      tableName: 'tokens' // -> any name you want to set your token table,
    },
  },
});

Required

This package needs a unique identifier to work
app.context.auth_id = '' should be set before instantiation

This package needs a table in your database that is complaint with
this db schema. Maybe you could leave some of the fields nullable but
access_token , refresh_token , valid,ip, shouldn't

   table.uuid('id').unsigned().primary()'));
   table.string('access_token', 999).notNullable();
   table.string('refresh_token', 255).notNullable();
   table.string('scope', 255).notNullable();
   table.string('token_type', 255).notNullable();
   table.string('ip', 255).notNullable();
   table.boolean('valid').defaultTo(1 // -> true);
   table.integer('expires_in', 11).notNullable();
   table.timestamps(true, true);

Your Auth service

this package expects your service to respond with this schema/json
when authenticating

{
 "access_token": "",// -> required
 "token_type": "Bearer",// -> optional
 "expires_in": 3600 // -> optional,
 "refresh_token": "" // -> required,
 "scope": "users:r" // -> optional
}

####Usage

In this code example im using koa-router and koa-body

After instantiation this package exposes 3 routes

  • login
  • logout
  • refresh

this routes control the auth flow of your app and they accept a callback
The callback is neccesary because all the routes are awaiting a next()
method. In the case you miss the callback the route will render a http 404

const Router = require('koa-router')
const kb = require('koa-body')

const router = new Router() //- > Koa router

router.post('/login', kb(), auth.login, ctx => {
  ctx.status = 201;
  ctx.body = 'Success';
});
router.post('/logout', auth.logout, ctx => {
  ctx.status = 200;
  ctx.body = 'Success';
});
router.post('/refresh', auth.refresh, ctx => {
  ctx.status = 200;
  ctx.body = 'Success';
})

####Retrieving the token

This package also has a method to get the token.
When ctx is available you will have a way to retrieve
the token with this method

router.get('/user', kb(), async (ctx) => {
   const uuid = ctx.cookies.get('uuid_session');
   if (!uuid) {
    ctx.throw(401, 'Unauthorized');
   }
   //This is where we use the unique identifier that was set before
   const { access_token, valid } = await ctx[ctx.auth_id].token(uuid); 
})

Now we are using our auth_id context to get our token

A note on the database client

This package uses knex to connect to your database.
That means if you want to use a client you have to install the dependency. You can pick one of these to use with this package

# add a --save flag
$ npm install pg
$ npm install sqlite3
$ npm install mysql
$ npm install mysql2
$ npm install oracle
$ npm install mssql

A note on UUID

In the case of Postgres before using uuid an extension should be installed
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";. This returns a uuid instead of a regular id which is more safe

In the case of other clients/engines it should be kinda like the same method.

####Todos

  • Tests
  • Tests with other DB clients

####License

MIT