access-token-api
encrypt you api
Last updated 3 years ago by navyxie .
ISC · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install access-token-api 
SYNC missed versions from official npm registry.

access-token-api

Build Status via Travis CI Coverage Status NPM version

A simple api access token support count and ttl,which base on nodejs. It can protect your api,prevent CSRF attacks, api called count with ttl.

examples

install

npm install access-token-api

usage

Single Process


`nodejs`

var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
    webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
    webInject:function(html,token,callback){
        //if you want to custom you webtoken inject in hmlt , you can do in this function. example:
        var htmlEndIndex = html.indexOf('</html>');
        var tokenScript = '<script>window.' + this.config.webTokenVarName + '=' + token + '</script>';
        var prevHtml = html.substring(0, htmlEndIndex);
        var nextHtml = html.substr(htmlEndIndex);
        prevHtml += tokenScript;
        prevHtml += nextHtml;
        callback(null, prevHtml);
    }
});

`web javascript`

//get the token

window[webTokenVarName]

Multi Process


`nodejs`

var redis = require("redis"),
  client = redis.createClient(6379,'localhost');
var accessTokenApi = require('access-token-api');

var TokenApi = new accessTokenApi({
    //store token in database(provide get , set, remove function)
    storeConfig:{
        get:function(key,callback){
            client.GET(key,function(err,reply){
                callback(err,reply);
            });
        },
        set:function(key,data,ttl,callback){
            client.PSETEX(key,ttl,data,function(err,reply){
                callback(err,reply);
            });
        },
        remove:function(key,callback){
            client.DEL(key,function(err,data){
              callback(err);
            });
        }
    },
    webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
    webInject:function(){
        //if you want to custom you webtoken inject in hmlt , you can do in this function.
    }
});

TokenApi.issue(10,10,function(err,token){
    //todo
});
TokenApi.verify('token',function(err,count){
    //todo
});

storeConfig more params's config please to see store-ttl

web page can get token by window[webTokenVarName] , default to window.encrypt_api_tokenStr

API

issue

issue random token.

/**
 * [issuse token]
 * @param  {[number]}   [token ttl, default unit is second]
 * @param  {[number]}   [token avalid count]
 * @return {[string]}         [return token]
 */
TokenApi.issue(10,5,function(err,data){
  console.log(err,data);
})

//issue given token
TokenApi.issue(10,5,'givenToken',function(err,data){
  console.log(err,data);//data is equal 'givenToken'
})

limit

limit function call times with ttl.

/**
 * [limit function call some time]
 * @param  {[number]}   [functionkey ttl, default unit is second]
 * @param  {[number]}   [function avalid count]
 * @return {[string]}         [return err]
 */

// apiname can call 5 times in 10 senconds
TokenApi.limit('apiname', 10, 5,function(err){
  if(!err){
    //todo
  }
})

pass

verify and decline token times, when the token is valid.

TokenApi.pass('token',function(err,data){
  console.log(err,data);//err ,data: {code:0, passed: true, count: 2}, when code is zero and passed is true, token is valid.
})

passPromise

verify and decline token times, when the token is valid.

TokenApi.passPromise('token').then(function(data) {
  
}).catch(function (err) {
  
})

verify

verify the token

TokenApi.verify('token',function(err,data){
  console.log(err,data);
})

remove

remove the token

TokenApi.remove('token',function(err,data){
  console.log(err,data);
})

decline

decline the token times

TokenApi.decline('token',function(err,data){
  console.log(err);
})

webInject

custom web frontend way to inject token into page

TokenApi.webInject('html','token',function(err,html){
      console.log(err);
})

test

//test
1. redis-server
2. npm test
//coverage
npm run cov

publish log

  • 0.2.1 add api passPromise , other api support promise.

  • 0.2.0 add api limit , which one key can call some times with ttl.

  • 0.1.0 issuse api support issue given token.

Current Tags

  • 0.3.0                                ...           latest (3 years ago)

16 Versions

  • 0.3.0                                ...           3 years ago
  • 0.2.0                                ...           4 years ago
  • 0.1.0                                ...           4 years ago
  • 0.0.14                                ...           4 years ago
  • 0.0.13                                ...           4 years ago
  • 0.0.12                                ...           4 years ago
  • 0.0.11                                ...           4 years ago
  • 0.0.10                                ...           4 years ago
  • 0.0.9                                ...           4 years ago
  • 0.0.8                                ...           4 years ago
  • 0.0.7                                ...           4 years ago
  • 0.0.6                                ...           4 years ago
  • 0.0.5                                ...           4 years ago
  • 0.0.3                                ...           4 years ago
  • 0.0.2                                ...           4 years ago
  • 0.0.1                                ...           4 years ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 1
Last Month 5
Dependencies (4)
Dev Dependencies (5)
Dependents (0)
None

Copyright 2014 - 2016 © taobao.org |