UNPKG

passwordless-mongostore

Version:

MongoDB TokenStore for Passwordless

github.com/florianheinemann/passwordless-mongostore

florianheinemann/passwordless-mongostore

68 lines (47 loc) 2.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Passwordless-MongoStore This module provides token storage for [Passwordless](https://github.com/florianheinemann/passwordless), a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details. Tokens are stored in a MongoDB database and are hashed and salted using [bcrypt](https://github.com/ncb000gt/node.bcrypt.js/). *If you have trouble installing bcrypt (esp. on Windows) you could also consider using the [slower but pure-JS version](https://www.npmjs.org/package/passwordless-mongostore-bcrypt-node) of MongoStore.* ## Usage First, install the module: `$ npm install passwordless-mongostore --save` Afterwards, follow the guide for [Passwordless](https://github.com/florianheinemann/passwordless). A typical implementation may look like this: ```javascript var passwordless = require('passwordless'); var MongoStore = require('passwordless-mongostore'); var mongoURI = 'mongodb://localhost/passwordless-simple-mail'; passwordless.init(new MongoStore(mongoURI)); passwordless.addDelivery( function(tokenToSend, uidToSend, recipient, callback) { // Send out a token }); app.use(passwordless.sessionSupport()); app.use(passwordless.acceptToken()); ``` ## Initialization ```javascript new MongoStore(uri, [options]); ``` * **uri:** *(string)* MongoDB URI as further described in the [MongoDB docs]( http://docs.mongodb.org/manual/reference/connection-string/) * **[options]:** *(object)* Optional. This can include MongoClient options as described in the [docs]( http://mongodb.github.io/node-mongodb-native/api-generated/mongoclient.html#mongoclient-connect) and the ones described below combined in one object as shown in the example Example: ```javascript var mongoURI = 'mongodb://localhost/passwordless-simple-mail'; passwordless.init(new MongoStore(mongoURI, { server: { auto_reconnect: true }, mongostore: { collection: 'token' } })); ``` ### Options * **[mongostore.collection]:** *(string)* Optional. Name of the collection to be used. Default: 'passwordless-token' ## Hash and salt As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses [bcrypt](https://github.com/ncb000gt/node.bcrypt.js/) with automatically created random salts. To generate the salt 10 rounds are used. ## Tests `$ npm test` ## License [MIT License](http://opensource.org/licenses/MIT) ## Author Florian Heinemann [@thesumofall](http://twitter.com/thesumofall/)