@compyai/securetoken
Version:
A modular, encrypted, DB-agnostic token system with optional refresh support, honeypot protection, and revocation. A secure alternative to JWT.
45 lines (36 loc) • 1.29 kB
JavaScript
require("dotenv").config();
const {
createToken,
verifyToken,
refreshToken,
registerStore,
} = require("../src/index");
const memoryStore = require("../stores/memoryStore");
registerStore(memoryStore); // Use in-memory store for testing
(async () => {
console.log("✅ Starting test...");
// 1. Create a token
const user = { userId: "user-123" };
const { accessToken, refreshToken: refresh } = await createToken(user, {
refresh: true,
expiresIn: 60, // 1 min
refreshExpiresIn: 3600, // 1 hour
});
console.log("🔐 Access Token:", accessToken);
console.log("♻️ Refresh Token:", refresh);
// 2. Verify the access token
const data = await verifyToken(accessToken);
console.log("✅ Verified payload:", data);
// 3. Use refresh token to get new tokens
const refreshed = await refreshToken(refresh);
console.log("🔄 New Access Token:", refreshed.accessToken);
console.log("🔁 New Refresh Token:", refreshed.refreshToken);
// 4. Try using old refresh token (should be revoked)
try {
await refreshToken(refresh);
console.error("❌ Old refresh token should be revoked!");
} catch (err) {
console.log("✅ Old refresh token rejected as expected:", err.message);
}
console.log("🎉 All tests passed!");
})();