Authentication middleware for Express APIs

Usage no npm install needed!

<script type="module">
  import 3mergeExpressAuthMiddleware from 'https://cdn.skypack.dev/@3merge/express-auth-middleware';


Authentication middleware

Work in progress!

The user model

Discriminating the user model, the preferred approach, assigns a kind property to all documents. I recommend using the decorator functions in this module to get/set properties in the base as well.


Property Type Description Default
active boolean System-generated to keep track of "deleted" users true
email* string Self-explanatory null
firstName* string Self-explanatory null
frozen boolean Somewhat of an alias for active, only setting it does not affect other properties false
lang string The preferred locale (en-CA or fr-CA). en-CA
lastName* string Self-explanatory null
loginAttempts number Used to block excessive login attempts (< 5) 0
password password Used to authenticate null
secret* string Used to read and write JWT tokens. Nullifying this would destroy all active sessions null
verified boolean Represents the validity of an email address. Login attempts are blocked without verification false


Name Description Return
await Model.findByEmail(string) Lookup active users by email address object
await Model.findUnverifiedByEmail(string) Lookup unverified users by email object
await Model.findVerifiedByEmail(string) Lookup verified users by email object
await Model.findVerifiedById(string) Lookup verified users by id object
await doc.setSecret() Generate secret token object
await doc.verifyPassword(string, boolean) Compare string against stored password. Throws error if second parameter is true boolean
await doc.deactivate() Deletes a user for most intents-and-purposes object
doc.isBlocked Is the user allowed to login? boolean
doc.hasExpired Has more than 24 hours elapsed since requesting verification? boolean
doc.isPermitted Does the user have all the necessary properties to login? boolean