This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website for more details.
Tokens are stored in a RethinkDB database and are hashed and salted using bcrypt by default. It is also possible to provide a different hashing library (see Initialization for an example).
First, install the module:
$ npm install passwordless-rethinkdbstore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = require('passwordless');
var RethinkDBStore = require('passwordless-rethinkdbstore');
passwordless.init(new RethinkDBStore({host: '127.0.0.1', port: 28015, db: 'main'}));
passwordless.addDelivery(
function(tokenToSend, uidToSend, recipient, callback) {
// Send out a token
});
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());
new RethinkDBStore([options], [hashLib]);
- [options]: (Object) Optional. This can include options of the node.js RethinkDB client as described in the docs.
- [hashLib] (Object) Optional. This can be specified in order to provide a custom hashing library. This object takes two functions:
hash(token, cb)
andverify(token, hashedToken, cb)
. The following example uses the hashing library Argon2.
var argon2 = require('argon2');
var store = new RethinkDBStore([options], {
hash: function(token, cb) {
argon2.generateSalt()
.then(function(salt) {
argon2.hash(token, salt)
.then(cb.bind(null, null))
.catch(cb);
});
},
verify: function(token, hashedToken, cb) {
argon2.verify(hashedToken, token)
.then(function(match) {
if (match) {
return cb(null, match);
}
else {
return cb();
}
})
.catch(cb);
}
});
As the tokens are equivalent to passwords (even though only for a limited time) they have to be protected in the same way. By default passwordless-rethinkdbstore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used. Alternatively, a custom hash
and verify
function can be specified (see Initialization), which should call the respective functions of some secure hashing library (e.g. Argon2, winner of the Password Hashing Competition 2015).
$ npm test
River Grimm river.grimm@gmail.com