sf-token
Service for creating and checking temporary tokens.
Usage
;; // Create a token service instancelet tokenService = uniqueId: createObjectId secret: 'mysecret'; // create a token: the content may be any JSON serializable datalet endOfLife = Date + 36000;let hash ...envelope = Service; // `hash` is for the client, you'll need it and `_id` to check the token// validity // `envelope` contains the token id (`_id` key), its validity (`endOfLife` key)// and the given contents (`contents` key), you can store it as is in your// database // when the user connect to a urimyApp; Note that this only verify the hash and its validity regarding to the current time. You'll have to manage persistence yourself.
Modules
## Classes ## sf-token **Api**: public ## TokenService **Kind**: global class **Api**: public- TokenService
- new TokenService()
- .createToken ⇒
Object - .checkToken ⇒
void - .createHash ⇒
String
### new TokenService() Create a new TokenService instance
Returns: Object - A TokenService instance
Throws:
YError(E_BAD_SECRET)If there is no secret givenYError(E_NO_ID_GENERATOR)If there is no id generator availableYError(E_BAD_TIME)If the given time function is not rightYError(E_BAD_ALGORITHM)If the given algorithm is not supported
| Param | Type | Description |
|---|---|---|
| options.secret | String |
Some salt for hash |
| options.uniqueId | function |
A unique id generator |
| options.time | function |
A time function (defaults to Date.now()) |
| options.algorithm | String |
Algorithm to use (default to 'sha256') |
Example
let tk = secret: 'mysecret' uniqueId: createObjectId time: Datenow algorithm: 'md5' ;
### tokenService.createToken ⇒ Object
Create a new token and return it envelope
Kind: instance property of TokenService
Returns: Object - The token envelope.
Throws:
YError(E_NO_CONTENT)If there is no contentYError(E_NO_END_OF_LIFE)If there is no end of lifeYError(E_PAST_END_OF_LIFE)If the end of life is past
Api: public
| Param | Type | Description |
|---|---|---|
| contents | Object |
Some JSON serializable content. |
| endOfLife | Number |
The time when the token is outdated. |
Example
tk;// {// _id: 'abbacacaabbacacaabbacaca',// endOfLife: 1441981754461,// hash: '13371ee713371ee713371ee7',// contents: { uri: '/plop' },// }
### tokenService.checkToken ⇒ void
Check a token envelope against a given hash
Kind: instance property of TokenService
Throws:
YError(E_NO_HASH)If there is no hashYError(E_NO_ID)If there is no idYError(E_NO_CONTENT)If there is no contentYError(E_NO_END_OF_LIFE)If there is no end of lifeYError(E_BAD_HASH)If the hash do not matchYError(E_PAST_END_OF_LIFE)If the end of life is past
Api: public
| Param | Type | Description |
|---|---|---|
| envelope._id | String |
The token id |
| envelope.endOfLife | Number |
The token validity |
| envelope.contents | Object |
The token contents |
| hash | String |
The given hash to check against |
Example
tk;
### tokenService.createHash ⇒ String
Create a hash from the given envelope
Kind: instance property of TokenService
Returns: String - The resulting hash
Api: private
| Param | Type | Description |
|---|---|---|
| envelope._id | String |
The token id |
| envelope.endOfLife | Number |
The token validity |
| envelope.contents | Object |
The token contents |