JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 837
  • Score
    100M100P100Q95272F
  • License ISC

ExpressJS middleware that detects access token and attaches to request context (as: req.accessToken)

Package Exports

  • express-access-token
  • express-access-token/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-access-token) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

express-access-token npm version

Want to create Your own authorization logic? This package is one of the bricks that You need.

It extracts string values that can be used as access token from:

  1. headers (Authorization: Bearer {accessToken}, Authorization: {accessToken})
  2. cookies (req.cookies.accessToken) - cookie-parser must be attached
  3. query string (req.query.accessToken)

and makes available as req.accessToken

!!! don't use this middleware for Authorization: Basic username:password scheme, since it's not access token based authorization logic, read: RFC7617

Example:

const express = require('express');
const cookieParser = require('cookie-parser');
const expressAccessToken = require('express-access-token');

const app = express();
app.use(cookieParser());


const accessTokens = [
  "6d7f3f6e-269c-4e1b-abf8-9a0add479511",
  "110546ae-627f-48d4-9cf8-fd8850e0ac7f",
  "04b90260-3cb3-4553-a1c1-ecca1f83a381"
];
const firewall = (req, res, next) => {
  const authorized = accessTokens.includes(req.accessToken);
  if(!authorized) return res.status(403).send('Forbidden');
  next();
};


// attaching to route group
app.use('/api',
  expressAccessToken, // attaching accessToken to request
  firewall, // firewall middleware that handles uses req.accessToken
  (req, res) => res.status(200).send({message: 'api route'}));


// attaching to dedicated method, route
app.get('/restricted-route',
  expressAccessToken, // attaching accessToken to request
  firewall, // firewall middleware that handles uses req.accessToken
  (req, res) => res.send('Welcome to restricted page'));


const PORT = process.env.PORT || 8080
app.listen(PORT, () => console.log(`app listening at: ${PORT}`));