Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
JSON Web Token authorization API
Based on Sails.js (v0.12)
An example implementation of JWT-based API for user registration and authorization.
It supports:
- User register;
- User login;
- Getting account info;
- Token generation and validation;
- Password reset (with a reset token);
- Password change (with JWT credentials);
- Account locking.
Things to do:
- Optional email notifications (based on environment);
- Keep reset token encrypted and with a validity date;
- Unlock after some freeze period;
- Registration confirmation (with a confirm token).
Russian description / Русское описание
Start
npm run start
or, if you have Sails globally:
sails lift
For security reasons, please change JWT_SECRET in api/config/env/development.js.
Pass JWT
Token-free endpoints:
/user/create
/user/login
/user/forgot
/user/reset_password
Token-required endpoints:
/user
/user/change_password
To pass a JWT use Authorization header:
Authorization: Bearer <JWT>
API methods description
For some reasons I do not use REST. Shortcuts also disabled by default
(see api/config/blueprints.js).
POST /user/create
Creates a new user. Requirements for the password: length is 6-24, use letters and digits.
request
{
"email": "[email protected]",
"password": "abc123",
"password_confirm": "abc123"
}response
{
"token": "<JWT>"
}POST /user/login
request
{
"email": "[email protected]",
"password": "abc123"
}response
{
"token": "<JWT>"
}N.B. Account will be blocked after 5 fails in 2 mins (configurable in api/services/UserManager.js).
GET /user
Returns basic info about current account. Requires authorization.
request
Params not required.
response
{
"id": 1,
"email": "[email protected]"
}POST /user/change_password
Changes user password. User should be authorized.
request
{
"email": "[email protected]",
"password": "abc123",
"new_password": "xyz321",
"new_password_confirm": "xyz321"
}response
{
"token": "<JWT>"
}N.B. All old tokens will be invalid after changing password.
POST /user/forgot
Initiates procedure of password recovery.
request
{
"email": "[email protected]"
}response
{
"message": "Check your email"
}POST /user/reset_password
Reset password to a new one with a reset token. Reset token sends to a user after
/user/forgot.
request
{
"email": "[email protected]",
"reset_token": "<Password Reset Token>",
"new_password": "xyz321",
"new_password_confirm": "xyz321"
}response
{
"message": "Done"
}HTTP codes
All endpoints uses HTTP status codes to notify about execution results
200ok, reqeust executed successfully;201created, new user created successfully;400bad request, usually means wrong params;403forbidden, for locked accounts;500server error, something went wrong.
Tests
The project uses Travis-CI and Coveralls integration and has some tests. Run it via:
npm run test
Inspired by
This project is based on this repo:
https://github.com/swelham/sails-jwt-example (unlicensed).
I refactored and improved it for myself.
License
It is MIT.