Skip to content

Battochon/passwordless-postgrestore

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Passwordless-PostgreStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website for more details.

Tokens are stored in a PostgreSQL database and are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-postgrestore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var PostgreStore = require('passwordless-postgrestore');

passwordless.init(new PostgreStore('postgres://user:password@localhost/database'));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new PostgreStore(connectionString, [options]);
  • connectionString: (String) Mandatory. PostgreSQL connection string
  • [options]: (Object) Optional. Some configuration option. See below exemple

Example:

passwordless.init(new PostgreStore('postgres://user:password@localhost/database', {
    pgstore: {
        table: 'not_default_table_name',    // *(String)* Optional. Use another table to store token, default is 'passwordless'
        pgPoolSize: '100'                   // *(Number)* Optional. Postgre client pool size
    }
}));

PostgreSQL table creation

You could use this SQL statement to create the token table, or you can customize it according to your needs :

CREATE TABLE passwordless
(
  id serial NOT NULL,
  uid character varying(160),
  token character varying(60) NOT NULL,
  origin text,
  ttl bigint,
  CONSTRAINT passwordless_pkey PRIMARY KEY (id),
  CONSTRAINT passwordless_token_key UNIQUE (token),
  CONSTRAINT passwordless_uid_key UNIQUE (uid)
)

Hash and salt

As the tokens are equivalent to passwords (even though only for a limited time) they have to be protected in the same way. passwordless-postgrestore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

Tests

$ npm test

License

MIT License

Author

Bruno MARQUES (http://marques.io) (I just adapted code from Florian Heinemann @thesumofall)

About

PostgreSQL TokenStore for Passwordless

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

3 watching

Forks

31 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages