Comprehensive Guide to Koa-JWT for Secure Node.js Applications

Posted on by vero

Introduction to Koa-JWT

Koa-JWT is a middleware for Koa, a popular Node.js framework, that enables JSON Web Token (JWT) authentication.
It helps secure your application by verifying incoming requests carrying JWT tokens.

Key Features of Koa-JWT

  • Easy to use JWT authentication middleware
  • Supports token validation and error handling
  • Flexible and configurable

APIs and Usage

Basic Example


  const Koa = require('koa');
  const jwt = require('koa-jwt');
  const app = new Koa();

  // secret key for signing the token
  const secret = 'my_secret_key';

  // middleware to protect routes
  app.use(jwt({ secret }));

  app.use(ctx => {
    if (ctx.state.user) {
      ctx.body = 'Protected content';
    } else {
      ctx.body = 'Unprotected content';
    }
  });

  app.listen(3000);
  console.log('Server running on http://localhost:3000');

Custom Token Retrieval Function


  app.use(jwt({ 
    secret: 'your_secret_key', 
    getToken: (ctx) => {
      if (ctx.header.authorization && ctx.header.authorization.split(' ')[0] === 'Bearer') {
        return ctx.header.authorization.split(' ')[1];
      }
      return null;
    }
  }));

Debugging and Error Handling


  app.use(jwt({ secret }).unless({ path: [/^\/public/] }));

  app.use(async (ctx, next) => {
    try {
      await next();
    } catch (err) {
      if (err.status === 401) {
        ctx.status = 401;
        ctx.body = 'Protected resource, use Authorization header to get access\n';
      } else {
        throw err;
      }
    }
  });

Handling Token Expiration


  const token = jwt.sign(
    { id: user.id },
    'your_secret_key',
    { expiresIn: '1h' }
  );

  app.use(jwt({
    secret: 'your_secret_key',
    isRevoked: async (ctx, decodedToken) => {
      const isTokenExpired = decodedToken.exp * 1000 < Date.now();
      return isTokenExpired;
    }
  }));

Example Application


  const Koa = require('koa');
  const jwt = require('koa-jwt');
  const bodyParser = require('koa-bodyparser');
  const app = new Koa();

  const secret = 'your_secret_key';

  // Middleware for token generation
  app.use(bodyParser());

  app.use(async (ctx, next) => {
    if (ctx.url.match(/^\/token/)) {
      const tokenData = {
        username: 'testuser'
      };
      const token = jwt.sign(tokenData, secret, { expiresIn: '1h' });
      ctx.body = { token: token };
    } else {
      await next();
    }
  });

  app.use(jwt({ secret }));

  app.use(ctx => {
    if (ctx.state.user) {
      ctx.body = 'Protected content for ' + ctx.state.user.username;
    } else {
      ctx.body = 'Unprotected content';
    }
  });

  app.listen(3000);
  console.log('Server running on http://localhost:3000');

Understanding and implementing Koa-JWT can greatly enhance the security of your Koa based applications, and with the above examples, you should be able to get started quickly.

Hash: 77a64ab2dea833701190f94ae75e32ced316521b17c48e127b03ecdff16a3b98

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts