LokiJS TokenStore for Passwordless
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
test
.gitignore
.npmignore
CHANGELOG.md
Gruntfile.js
LICENSE.md
README.md
index.js
package.json

README.md

Passwordless-LokiJSStore

This module provides token storage for Passwordless -- a node.js module for express that allows website authentication without passwords. Visit the project's website https://passwordless.net for more details.

This module allows token to be stored in a LokiJS database. Tokens are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-lokijsstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var LokiJSStore = require('passwordless-lokijsstore');

passwordless.init(new LokiJSStore('tokens.json'));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });
    
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new LokiJSStore(file, [options]);
  • file: (string) Name of the file to be saved to. Further documentation can be found on the LokiJS website
  • [options]: (object) Optional. This can include LokiJS options as described in the docs as well as LokiJSStore-specific ones as described below. All options are combined in one object as shown in the example below:

Example:

passwordless.init(new LokiJSStore('tokens.json', {
    autosave: true,
    autosaveInterval: 5000,
    lokijsstore: {
        disablesaveatwrite: true
    }
}));

Options

  • [lokijsstore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
  • [lokijsstore.disablesaveatwrite]: (boolean) Optional. Disables automatic write to disk whenever changes to the database occur. Recommended for more intense workloads. Should only be set to true when LokiJS's autosave is set to true. Default: false

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected the same way. passwordless-lokijsstore uses bcryptjs with automatically created random salts (10 rounds).

Tests

$ npm test

License

MIT License

Author

Florian Heinemann @thesumofall