Installations
npm install koa-jwt-redis-sessionDeveloper Guide
Typescript
No
Module System
N/A
Node Version
7.4.0
NPM Version
4.0.5
Releases
Unable to fetch releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (100%)
Developer
lyalls
Download Statistics
Total Downloads
16,581
Last Day
3
Last Week
20
Last Month
54
Last Year
443
GitHub Statistics
16 Stars
49 Commits
5 Forks
3 Watching
4 Branches
2 Contributors
Bundle Size
216.51 kB
Minified
64.33 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
0.0.30
Package Id
koa-jwt-redis-session@0.0.30
Size
11.69 kB
NPM Version
4.0.5
Node Version
7.4.0
Total Downloads
Cumulative downloads
Total Downloads
16,581
Last day
0%
3
Compared to previous day
Last week
-33.3%
20
Compared to previous week
Last month
86.2%
54
Compared to previous month
Last year
-39.6%
443
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
#JWT Redis Session for Koa 2
Pure JWT implementation using Redis as session storage for Koa 2, without any cookies
Quick Start
As middleware:
1const koa = require('koa'), 2 bodyParser = require('koa-bodyparser'), 3 session = require('koa-jwt-redis-session') 4// import session from 'koa-jwt-redis-session' 5 6const app = new koa() 7app.use(bodyParser()) 8 9app.use(session.default()) 10 11// If using import 12// app.use(session()) 13 14app.use(async function(ctx, next){ 15 let views = ctx.session.views || 0 16 ctx.session.views = ++views 17 try{ 18 ctx.body = {views: ctx.session.views} 19 await next() 20 }catch(ex){ 21 console.error('something wrong:', ex) 22 ctx.status = 500 23 ctx.body = 'something wrong' 24 } 25}) 26 27app.listen(3333)
As a function:
1// After used as middleware 2// Somewhere when using as backdore 3import {createSession, authoriseRequest} from 'koa-jwt-redis-session' 4 5let openDoorHandler = async (ctx, next)=>{ 6 let userObj = {account: 'sneaky', password: 'open_the_back_door'}; 7 let token = await createSession(ctx, userObj); 8 ctx.body = token; 9 // Token is in JSON format: {token: ..... , expiresIn: 3600} 10 // expiresIn is the expire time in seconds, default is 3600 11} 12 13let guardHandler = async (ctx, next)=>{ 14 let user = await authoriseRequest(ctx); 15 if( user != undefined){ 16 ctx.body = user; 17 }else{ 18 ctx.throw(new Error('Unauthorized')); 19 } 20} 21
Options
When creating session instance, you can pass in an option object
1const sessionOptions = { 2 // ...... 3} 4app.use(session.default(sessionOptions)) 5 6// If using import 7app.use(session(sessionOptions))
Here is the default option values
1{ 2 jwt: { 3 contentType: 'application/json', 4 charset: 'utf-8', 5 secret: 'koa-jwt-redis-session' + new Date().getTime(), 6 authPath: '/authorize', 7 registerPath: '/register', 8 refreshTokenPath: '/refreshToken', 9 expiresIn: 3600, 10 accountKey: 'account', 11 passwordKey: 'password', 12 authHandler: function (account, password) { 13 if (account && password) { 14 let user = {}; 15 user[accountKey] = account; 16 return user; 17 } 18 else return false; 19 }, 20 registerHandler: function (account, password) { 21 if (account && password) { 22 let user = {}; 23 user[accountKey] = account; 24 return user; 25 } 26 else return false; 27 } 28 }, 29 session: { 30 sessionKey: 'session', 31 sidKey: 'koa:sess', 32 }, 33 redis: { 34 port: 6379, 35 host: '127.0.0.1', 36 db: 0, 37 ttl: 3600, 38 options: {} 39 } 40}
Action flow
- Anonymous client post JSON user credential information
{ account: "...", password: "..." }to/registerto register an account, - or post to
/authorizeto get authorization - Client get token in JSON like
{ token: "...", expiresIn: 3600 }, or an401error if not authorized - From then on, client send every request by the http header:
Authorization: Bearer <token>, - or client would get
401error if not authorized or token expired - On the server side, afterward middlewares can operate
ctx.sessionas will
Enjoy!
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
3
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More