jwt-token-blacklist/lib/memory.js

A module based on jsonwebtoken package with blacklisting in redis or memory.

const jwt = require("jsonwebtoken")
const _ = require("lodash")

/**
 * Simple in-memory cache
 * NOTE: Not recommended for production
 */

const createMemoryFilter = conf => {
    const filter = {}
    const store = {}

    function expire(key) {
        console.log("in expire")
        delete store[key]
    }

    filter.add = token => {
        if (!_.size(token)) {
            return Promise.reject("No token")
        }

        const decoded = jwt.decode(token)

        if (_.isNil(decoded.exp) || decoded.exp <= Math.floor(Date.now() / 1000)) {
            return Promise.reject("Expire time is missing or expired")
        }

        const lifetime = Math.floor(decoded.exp - Date.now() / 1000)

        if (store[token] != token) {
            store[token] = token

            setTimeout(expire.bind(null, token), lifetime * 1000)
        }

        return Promise.resolve("Token stored in memory")
    }

    filter.check = token => {
        return new Promise((resolve, reject) => {
            if (store[token] == token) {
                reject("Token blacklisted!")
            }

            resolve("Token ok")
        })
    }

    return filter
}

module.exports = createMemoryFilter