UNPKG

jwt-redis-sessions

Version:

A secure, production-ready JWT authentication and session management library for Node.js with Redis backend

github.com/Ahmdrza/jwt-redis-sessions

Ahmdrza/jwt-redis-sessions

184 lines (156 loc) 4.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
declare module 'jwt-redis-sessions' { // Token data interface - completely flexible, any shape allowed interface TokenData { [key: string]: any } // Token response interface interface TokenResponse { accessToken: string refreshToken: string expiresIn: string tokenType: 'Bearer' } // Session data interface interface SessionData extends TokenData { sessionId: string createdAt: string lastActivity: string } // Token payload interface interface TokenPayload extends TokenData { sessionId: string iat: number exp?: number iss: string aud: string type: 'access' | 'refresh' } // Verify token result interface interface VerifyTokenResult { valid: boolean decoded: TokenData // Clean user data only (internal fields filtered out) session: SessionData } // Configuration interfaces interface JWTConfig { secret: string accessTokenExpiry: string refreshTokenExpiry: string issuer: string audience: string } interface RedisConfig { url: string host: string port: number password?: string db: number keyPrefix: string sessionTTL: number refreshTokenTTL: number } interface SecurityConfig { tokenLength: number enableFingerprinting: boolean fingerprintStrict: boolean } interface Config { jwt: JWTConfig redis: RedisConfig security: SecurityConfig } // Error classes class AuthError extends Error { statusCode: number code: string constructor(message: string, statusCode?: number, code?: string) } class ValidationError extends Error { statusCode: number code: string constructor(message: string, statusCode?: number, code?: string) } class TokenError extends Error { statusCode: number code: string constructor(message: string, statusCode?: number, code?: string) } class RedisError extends Error { statusCode: number code: string constructor(message: string, statusCode?: number, code?: string) } // Main functions /** * Generate JWT access and refresh tokens * @param data User data for token (include userId, id, or email for revokeAllUserTokens) * @param req Optional request for fingerprinting */ function generateToken(data?: TokenData | null, req?: any): Promise<TokenResponse> /** * Verify and validate JWT token * @param token JWT token to verify * @param req Optional request for fingerprint verification */ function verifyToken(token: string, req?: any): Promise<VerifyTokenResult> /** * Refresh access token using refresh token * @param refreshToken The refresh token * @param req Optional request for fingerprint verification */ function refreshToken(refreshToken: string, req?: any): Promise<TokenResponse> /** * Revoke token by blacklisting * @param token Token to revoke */ function revokeToken(token: string): Promise<{ success: boolean; message: string }> /** * Revoke all user sessions/tokens * @param userIdentifier User identifier (userId, id, or email) */ function revokeAllUserTokens( userIdentifier: string ): Promise<{ success: boolean; message: string }> /** * Get all active sessions for user * @param userIdentifier User identifier (userId, id, or email) */ function getUserSessions(userIdentifier: string): Promise<SessionData[]> /** * Check if token is blacklisted * @param token Token to check */ function isTokenBlacklisted(token: string): Promise<boolean> // Middleware functions (Express-compatible) /** * Express middleware for JWT authentication * @param req Express request object * @param res Express response object * @param next Express next function */ function auth(req: any, res: any, next: any): Promise<void> /** * Rate limiting middleware to prevent brute force attacks * @param maxAttempts Max attempts allowed (default: 5) * @param windowMs Time window in ms (default: 15 min) * @param maxMapSize Max map size (default: 10000) */ function rateLimit( maxAttempts?: number, windowMs?: number, maxMapSize?: number ): (req: any, res: any, next: any) => void // Utility functions /** Configuration object */ const config: Config /** * Manually initialize Redis connection * Note: Auto-initialized on first use */ function initialize(): Promise<void> /** * Close Redis connection gracefully * Use when shutting down application */ function closeRedisConnection(): Promise<void> }