Vals using jsonwebtoken
Authentication middleware
Guards your public http vals behind a login page.
This val use a json web token stored as an http-only cookie to persist authentication.
Usage
Set an AUTH_SECRET_KEY
env variable (used to sign/verify jwt tokens). Use an API token to authenticate.
import { auth } from "https://esm.town/v/pomdtr/auth_middleware";
async function handler(req: Request): Promise<Response> {
return new Response("You are authenticated!");
}
export default auth(handler);
See @pomdtr/test_auth for an example
⚠️ Make sure to only provides your api token to vals you trust (i.e. your own), as it gives access to your whole account.
Authentication middleware
Guards your public http vals behind a login page.
This val use a json web token stored as an http-only cookie to persist authentication.
Usage
Set an AUTH_SECRET_KEY
env variable (used to sign/verify jwt tokens) to a random string.
Then use an API token to authenticate.
import { auth } from "https://esm.town/v/pomdtr/auth_middleware";
async function handler(req: Request): Promise<Response> {
return new Response("You are authenticated!");
}
export default auth(handler);
See @pomdtr/test_auth for an example
⚠️ Make sure to only provides your api token to vals you trust (i.e. your own), as it gives access to your whole account.
assertBearerToken
This val can be used to assert that a valid bearer token exists and has been signed by the secret provided.
Example
Create valconst handler = (req, res) => {
const authorization = req.get('authorization');
// throws if invalid
const token = @neverstew.assertBearerToken(@me.secrets.superSecret, authorization);
res.json(token);
}