Package Exports
- express-access-token
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-access-token) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
express-access-token
Want to create Your own authentication logic? This package is one of the bricks that You need.
It detects access token in request:
- headers (
Authorization: Bearer {accessToken}) - cookies (
req.cookies.accessToken) - query string (
req.query.accessToken) - body (
req.body.accessToken)
and makes available as req.accessToken
Usage:
const
express = require('express'),
app = express(),
cookieParser = require('cookie-parser'),
bodyParser = require('body-parser'),
expressAccessToken = require('express-access-token');
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
const accessTokens = [
"6d7f3f6e-269c-4e1b-abf8-9a0add479511",
"110546ae-627f-48d4-9cf8-fd8850e0ac7f",
"04b90260-3cb3-4553-a1c1-ecca1f83a381"
];
const firewall = (req, res, next) => {
const authorized = accessTokens.includes(req.accessToken);
if(!authorized) return res.status(403).send('Forbidden');
next();
};
// attaching to route group
app.use('/api',
expressAccessToken, // attaching accessToken to request
firewall, // firewall middleware that handles uses req.accessToken
require('./routes/api'));
// attaching to dedicated method, route
app.get('/restricted-route',
expressAccessToken, // attaching accessToken to request
firewall, // firewall middleware that handles uses req.accessToken
(req, res) => res.send('Welcome to restricted page'));
app.listen(8080, () => console.log('app listening'));