├── .gitignore
├── LICENSE
├── README.md
├── demo.js
├── index.js
└── package.json


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | npm-debug.log
3 | 
4 | config.json
5 | _replicator
6 | _users
7 | pouch__*
8 | log.txt
9 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2016 Francis Chong, Ignition Soft. All rights reserved.
2 | 
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 | 
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 | 
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # express-pouchdb-jwt
 2 | 
 3 | Use JSON Web Token to authenticate [express-pouchdb](https://github.com/pouchdb/express-pouchdb)
 4 | instance.
 5 | 
 6 | ## Usage
 7 | 
 8 | Here's a sample Express app, which we'll name app.js.
 9 | 
10 | ```javascript
11 | var express = require('express'),
12 |     app     = express(),
13 |     ExpressPouchDB = require('express-pouchdb'),
14 |     PouchDB = require('pouchdb');
15 | 
16 | var expressPouchDB = ExpressPouchDB(PouchDB, {
17 |   overrideMode: {
18 |     plugins: ['express-pouchdb-jwt']
19 |   }
20 | });
21 | app.use('/db', expressPouchDB);
22 | app.listen(3000);
23 | 
24 | // configure JWT
25 | expressPouchDB.couchConfig.set('httpd', 'authentication_handlers', 'jwt', () => {})
26 | expressPouchDB.couchConfig.set('jwt', 'algorithm', 'HS256', () => {})
27 | expressPouchDB.couchConfig.set('jwt', 'secret_or_public_key', 'secret', () => {})
28 | ```
29 | 
30 | ## Example
31 | 
32 | After clone the project, run follow commands to start the project
33 | 
34 | ```
35 | npm install
36 | npm run start
37 | ```
38 | 
39 | The if you try to connect to the pouchdb instance, you will fail:
40 | 
41 | ```
42 | $ http get http://localhost:3000/db
43 | HTTP/1.1 500 Internal Server Error
44 | Connection: keep-alive
45 | Content-Length: 62
46 | Content-Type: text/plain; charset=utf-8
47 | Date: Thu, 21 Jan 2016 14:22:31 GMT
48 | ETag: W/"3e-GOFW1PiuP6zqkabMyr1Apw"
49 | Vary: Accept-Encoding
50 | X-Powered-By: Express
51 | 
52 | {"error":"JsonWebTokenError","reason":"jwt must be provided"}
53 | ```
54 | 
55 | If you provide a valud JSON Web Token in the authorization header:
56 | 
57 | ```
58 | $ http get http://localhost:3000/db  Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyQ29udGV4dCI6eyJkYiI6ImRlZmF1bHQiLCJuYW1lIjoic2l1eWluZyIsInJvbGVzIjpbIl9hZG1pbiJdfX0.x-p49ZOp-aHonukJsuyNiOgsQc2c_vmpfsOMTFtwmgw
59 | HTTP/1.1 200 OK
60 | Connection: keep-alive
61 | Content-Length: 149
62 | Content-Type: text/plain; charset=utf-8
63 | Date: Thu, 21 Jan 2016 14:25:13 GMT
64 | ETag: W/"95-0HNTOSG4ywo2R3OqRDSgtw"
65 | Vary: Accept-Encoding
66 | X-Powered-By: Express
67 | 
68 | {"express-pouchdb":"Welcome!","version":"1.0.1","vendor":{"name":"PouchDB authors","version":"1.0.1"},"uuid":"f651fcb1-3eaa-4da8-ae0a-54ca241adadc"}
69 | ```
70 | 


--------------------------------------------------------------------------------
/demo.js:
--------------------------------------------------------------------------------
 1 | var express = require('express'),
 2 |     app     = express(),
 3 |     ExpressPouchDB = require('express-pouchdb'),
 4 |     PouchDB = require('pouchdb');
 5 | 
 6 | var options = {
 7 |   overrideMode: {
 8 |     plugins: ['./'] // 'express-pouchdb-jwt' for real use
 9 |   }
10 | };
11 | var expressPouchDB = ExpressPouchDB(PouchDB, options);
12 | app.use('/db', expressPouchDB);
13 | app.listen(3000);
14 | 
15 | // configure JWT
16 | expressPouchDB.couchConfig.set('httpd', 'authentication_handlers', 'jwt', () => {})
17 | expressPouchDB.couchConfig.set('jwt', 'algorithm', 'HS256', () => {})
18 | expressPouchDB.couchConfig.set('jwt', 'secret_or_public_key', 'secret', () => {})
19 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | "use strict";
 2 | 
 3 | var utils = require('express-pouchdb/lib/utils');
 4 | var jwt = require('jsonwebtoken');
 5 | 
 6 | module.exports = function(app) {
 7 |   app.use(function(req, res, next){
 8 |     var value = app.couchConfig.get('httpd', 'authentication_handlers') || "";
 9 |     if (value.indexOf('jwt') === -1) {
10 |       return next();
11 |     }
12 | 
13 |     var jwtAlgorithm = app.couchConfig.get('jwt', 'algorithm');
14 |     var jwtSecretOrPublicKey = app.couchConfig.get('jwt', 'secret_or_public_key');
15 |     if (!jwtAlgorithm || !jwtSecretOrPublicKey) {
16 |       throw new Error("Missing jwt.algorithm or jwt.secret_or_public_key");
17 |       return;
18 |     }
19 | 
20 |     var token = req.headers.authorization;
21 |     var options = {algorithms: [jwtAlgorithm]};
22 |     jwt.verify(token, jwtSecretOrPublicKey, options, function(error, decoded){
23 |       if (error) {
24 |         utils.sendError(res, error);
25 |         return;
26 |       }
27 | 
28 |       if (!decoded.userContext) {
29 |         var error = new Error("Missing userContext in payload")
30 |         utils.sendError(res, error);
31 |         return;
32 |       }
33 | 
34 |       req.couchSession = {
35 |         ok: true,
36 |         userCtx: decoded.userContext,
37 |         authorizated: "jwt"
38 |       };
39 |       next();
40 |     });
41 |   });
42 | };
43 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "express-pouchdb-jwt",
 3 |   "version": "1.0.1",
 4 |   "description": "Authenticate PouchDB using JSON Web Token",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "start": "node demo.js",
 8 |     "test": "echo \"Error: no test specified\" && exit 1"
 9 |   },
10 |   "keywords": [
11 |     "pouchdb",
12 |     "jwt",
13 |     "json",
14 |     "web",
15 |     "token"
16 |   ],
17 |   "repository": {
18 |     "type": "git",
19 |     "url": "git+https://github.com/siuying/express-pouchdb-jwt.git"
20 |   },
21 |   "author": "Francis Chong <francis@ignition.hk> (http://reality.hk/)",
22 |   "license": "MIT",
23 |   "dependencies": {
24 |     "jsonwebtoken": "^5.5.4"
25 |   },
26 |   "devDependencies": {
27 |     "express": "^4.13.3",
28 |     "express-pouchdb": "github:siuying/express-pouchdb#a777885",
29 |     "pouchdb": "^5.2.0"
30 |   }
31 | }
32 | 


--------------------------------------------------------------------------------