jwt-token-blacklist/dist/memory.js

A module based on jsonwebtoken package with blacklisting in redis or memory.

"use strict";

var jwt = require("jsonwebtoken");
var _ = require("lodash");

/**
 * Simple in-memory cache
 * NOTE: Not recommended for production
 */

var createMemoryFilter = function createMemoryFilter(conf) {
    var filter = {};
    var store = {};

    function expire(key) {
        console.log("in expire");
        delete store[key];
    }

    filter.add = function (token) {
        if (!_.size(token)) {
            return Promise.reject("No token");
        }

        var decoded = jwt.decode(token);

        if (_.isNil(decoded.exp) || decoded.exp <= Math.floor(Date.now() / 1000)) {
            return Promise.reject("Expire time is missing or expired");
        }

        var lifetime = Math.floor(decoded.exp - Date.now() / 1000);

        if (store[token] != token) {
            store[token] = token;

            setTimeout(expire.bind(null, token), lifetime * 1000);
        }

        return Promise.resolve("Token stored in memory");
    };

    filter.check = function (token) {
        return new Promise(function (resolve, reject) {
            if (store[token] == token) {
                reject("Token blacklisted!");
            }

            resolve("Token ok");
        });
    };

    return filter;
};

module.exports = createMemoryFilter;