A simple api access token support count and ttl,which base on nodejs. It can protect your api,prevent CSRF attacks, api called count with ttl.
npm install access-token-api
Single Process
`nodejs`
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(html,token,callback){
//if you want to custom you webtoken inject in hmlt , you can do in this function. example:
var htmlEndIndex = html.indexOf('</html>');
var tokenScript = '<script>window.' + this.config.webTokenVarName + '=' + token + '</script>';
var prevHtml = html.substring(0, htmlEndIndex);
var nextHtml = html.substr(htmlEndIndex);
prevHtml += tokenScript;
prevHtml += nextHtml;
callback(null, prevHtml);
}
});
`web javascript`
//get the token
window[webTokenVarName]
Multi Process
`nodejs`
var redis = require("redis"),
client = redis.createClient(6379,'localhost');
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
//store token in database(provide get , set, remove function)
storeConfig:{
get:function(key,callback){
client.GET(key,function(err,reply){
callback(err,reply);
});
},
set:function(key,data,ttl,callback){
client.PSETEX(key,ttl,data,function(err,reply){
callback(err,reply);
});
},
remove:function(key,callback){
client.DEL(key,function(err,data){
callback(err);
});
}
},
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(){
//if you want to custom you webtoken inject in hmlt , you can do in this function.
}
});
TokenApi.issue(10,10,function(err,token){
//todo
});
TokenApi.verify('token',function(err,count){
//todo
});
storeConfig more params's config please to see
store-ttl
web page can get token by window[webTokenVarName] , default to window.encrypt_api_tokenStr
issue
issue random token.
/**
* [issuse token]
* @param {[number]} [token ttl, default unit is second]
* @param {[number]} [token avalid count]
* @return {[string]} [return token]
*/
TokenApi.issue(10,5,function(err,data){
console.log(err,data);
})
//issue given token
TokenApi.issue(10,5,'givenToken',function(err,data){
console.log(err,data);//data is equal 'givenToken'
})
limit
limit function call times with ttl.
/**
* [limit function call some time]
* @param {[number]} [functionkey ttl, default unit is second]
* @param {[number]} [function avalid count]
* @return {[string]} [return err]
*/
// apiname can call 5 times in 10 senconds
TokenApi.limit('apiname', 10, 5,function(err){
if(!err){
//todo
}
})
pass
verify and decline token times, when the token is valid.
TokenApi.pass('token',function(err,data){
console.log(err,data);//err ,data: {code:0, passed: true, count: 2}, when code is zero and passed is true, token is valid.
})
passPromise
verify and decline token times, when the token is valid.
TokenApi.passPromise('token').then(function(data) {
}).catch(function (err) {
})
verify
verify the token
TokenApi.verify('token',function(err,data){
console.log(err,data);
})
remove
remove the token
TokenApi.remove('token',function(err,data){
console.log(err,data);
})
decline
decline the token times
TokenApi.decline('token',function(err,data){
console.log(err);
})
webInject
custom web frontend way to inject token into page
TokenApi.webInject('html','token',function(err,html){
console.log(err);
})
//test
1. redis-server
2. npm test
//coverage
npm run cov
-
0.2.1 add api passPromise , other api support promise.
-
0.2.0 add api limit , which one key can call some times with ttl.
-
0.1.0 issuse api support issue given token.