token-generator

Release 1.0.0

offline token generator and validator

Homepage npm JavaScript Download

Keywords
token, generator, offline, off-line, generation, hash, crypto, timestamp, confirmation, validate, validation, validator, generater, findhit
License
GPL-3.0
Install
npm install token-generator@1.0.0

Documentation

token-generator

Test Status Dependency Status

an offline token generator and validator

What is it and what does it do?

It works on top of one dynamic variable, an expired timestamp. We simply create two strings from it: an hash part and an obfuscated timestamp, then they are concatenated into a single string and voilá, we have a token!

Each time you call .generate it will generate a different token because expiring timestamp is always changing. Until your server reaches token's expiring timestamp they will always be valid, even on different processes, or different nodes, as since you share between them the exact same configuration.

Seems complex? ( If not, you really should dig on this and help us to make it even better )

Why should i use it?

  • It's Open-Source and free to use;
  • You could contribute to it;
  • It's extendable, because it's built on top of findhit-class;
  • You don't have to maintain a data source such as a database table to store tokens, each token carries its own check;
  • It's secure, and you could increase security by providing your own hash method;
  • We are also using it, if we trust on it, you should do it also!

Installation

    npm i --save token-generator

Usage

Token Generator is designed to have a simple impementation. You just need to create an instace of TokenGenerator with your own options just like the example above:

var TokenGenerator = require( 'token-generator' )({
        salt: 'your secret ingredient for this magic recipe',
        timestampMap: 'abcdefghij', // 10 chars array for obfuscation proposes
    });

Then you could generate and validate tokens simply as:

var token = TokenGenerator.generate();

And check with:

if ( TokenGenerator.isValid( token ) ) {
    // ...
} else {
    // ...
}

// You could also use
// .isInvalid
// .isntValid
// .isntInvalid

If you catch an invalid token, you could check why it is invalid by checking manually with .validate

try{
    TokenGenerator.validate( token )
} catch ( error ) {

    // For security proposes, error will always be 'Invalid or expired token'
    console.error( error )

    // But you can dig it up by checking `.parent` Error
    console.error( error.parent );

}

Have you liked this?

Please, star this repo and if you find any issue don't hesitate to fill it or to provide a Pull Request. 👍

Stats

Dependencies
3
Dependent packages
10
Dependent repositories
11
Total releases
1
Latest release
First release
Stars
33
Forks
8
Watchers
5
Contributors
1
Repository size
126 KB
SourceRank
12

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.0

Contributors

José Moreira


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-06-27 18:02:27 UTC

Login to resync this project