@compyai/securetoken
Version:
A modular, encrypted, DB-agnostic token system with optional refresh support, honeypot protection, and revocation. A secure alternative to JWT.
53 lines (45 loc) • 1.24 kB
JavaScript
const Redis = require("ioredis");
const redis = new Redis({
host: process.env.REDIS_HOST || "127.0.0.1",
port: process.env.REDIS_PORT || 6379,
password: process.env.REDIS_PASSWORD || undefined,
db: process.env.REDIS_DB || 0,
});
const REFRESH_PREFIX = "stk:refresh:";
const SESSION_PREFIX = "stk:session:";
module.exports = {
async saveRefresh(refreshId, data) {
const key = REFRESH_PREFIX + refreshId;
await redis.set(
key,
JSON.stringify(data),
"EX",
data.exp - Math.floor(Date.now() / 1000)
);
},
async isRefreshRevoked(refreshId) {
const key = REFRESH_PREFIX + refreshId;
return !(await redis.exists(key));
},
async revokeRefresh(refreshId) {
const key = REFRESH_PREFIX + refreshId;
await redis.del(key);
},
async saveSession(sessionId, data) {
const key = SESSION_PREFIX + sessionId;
await redis.set(
key,
JSON.stringify(data),
"EX",
data.exp - Math.floor(Date.now() / 1000)
);
},
async isSessionRevoked(sessionId) {
const key = SESSION_PREFIX + sessionId;
return !(await redis.exists(key));
},
async revokeSession(sessionId) {
const key = SESSION_PREFIX + sessionId;
await redis.del(key);
},
};