PostgreSQL TokenStore for Passwordless
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
test
.gitignore
CHANGELOG.md
Gruntfile.js
LICENSE
README.md
index.js
package.json
yarn.lock

README.md

Passwordless-PostgreStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website for more details.

Tokens are stored in a PostgreSQL database and are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-postgrestore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var PostgreStore = require('passwordless-postgrestore');

passwordless.init(new PostgreStore('postgres://user:password@localhost/database'));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new PostgreStore(connectionString, [options]);
  • connectionString: (String) Mandatory. PostgreSQL connection string
  • [options]: (Object) Optional. Some configuration option. See below exemple

Example:

passwordless.init(new PostgreStore('postgres://user:password@localhost/database', {
    pgstore: {
        table: 'not_default_table_name',    // *(String)* Optional. Use another table to store token, default is 'passwordless'
        pgPoolSize: '100'                   // *(Number)* Optional. Postgre client pool size
    }
}));

PostgreSQL table creation

You could use this SQL statement to create the token table, or you can customize it according to your needs :

CREATE TABLE passwordless
(
  id serial NOT NULL,
  uid character varying(160),
  token character varying(60) NOT NULL,
  origin text,
  ttl bigint,
  CONSTRAINT passwordless_pkey PRIMARY KEY (id),
  CONSTRAINT passwordless_token_key UNIQUE (token),
  CONSTRAINT passwordless_uid_key UNIQUE (uid)
)

Hash and salt

As the tokens are equivalent to passwords (even though only for a limited time) they have to be protected in the same way. passwordless-postgrestore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

Tests

$ npm test

License

MIT License

Author

Bruno MARQUES (http://marques.io) (I just adapted code from Florian Heinemann @thesumofall)