A token store for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means.
This store implementation uses node-cache-manager, which supports multiple storage engines.
Tokens are stored in memory and are hashed and salted using bcryptjs.
Most of the project scaffolding is lifted from passwordless-memorystore, with modifications specific to using node-cache-manager.
First, install the module:
$ npm install cache-manager passwordless-cache-manager --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = require('passwordless');
var cacheManager = require('cache-manager');
var CacheManagerStore = require('passwordless-cache-manager');
// Using the built-in memory store as an example. Swap this out with the specific cache-manager storage engine you need
var memoryStore = require('cache-manager/lib/stores/memory');
passwordless.init(new CacheManagerStore(cacheManager.caching({
store: memoryStore
})));
passwordless.addDelivery(
function(tokenToSend, uidToSend, recipient, callback) {
// Send out a token
});
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());var cacheManager = require('cache-manager');
var CacheManagerStore = require('passwordless-cache-manager');
new CacheManagerStore(cacheManager.caching({
store: <cache-manager store>,
// store-related options
}));As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-cache-manager uses bcryptjs with automatically created random salts. To generate the salt 10 rounds are used.
$ npm test
The debug module is used to log debug statements. It can be enabled via the environment variable:
DEBUG=passwordless-cache-manager