panva / Paseto
Licence: mit
PASETO (Platform-Agnostic SEcurity TOkens) for Node.js with no dependencies
Stars: ✭ 134
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Paseto
Jose
Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies
Stars: ✭ 1,029 (+667.91%)
Mutual labels: verify, encrypt
Wopihost
ASP.NET Core MVC implementation of the WOPI protocol. Enables integration with WOPI clients such as Office Online Server.
Stars: ✭ 132 (-1.49%)
Mutual labels: hacktoberfest
Daybydaycrm
DaybydayCRM an open-source CRM, to help you keep track of your daily workflow.
Stars: ✭ 1,856 (+1285.07%)
Mutual labels: hacktoberfest
Conftest
Write tests against structured configuration data using the Open Policy Agent Rego query language
Stars: ✭ 2,047 (+1427.61%)
Mutual labels: hacktoberfest
Dumpling
Dumpling is a fast, easy-to-use tool written by Go for dumping data from the database(MySQL, TiDB...) to local/cloud(S3, GCP...) in multifarious formats(SQL, CSV...).
Stars: ✭ 134 (+0%)
Mutual labels: hacktoberfest
Py Readability Metrics
📗 Score text readability using a number of formulas: Flesch-Kincaid Grade Level, Gunning Fog, ARI, Dale Chall, SMOG, and more
Stars: ✭ 132 (-1.49%)
Mutual labels: hacktoberfest
Code Is Science
Scientific code needs to be open source and peer reviewed
Stars: ✭ 133 (-0.75%)
Mutual labels: hacktoberfest
Ephemeral
A private-by-default, always-incognito browser for elementary OS
Stars: ✭ 133 (-0.75%)
Mutual labels: hacktoberfest
Silverstripe Userforms
UserForms module provides a visual form builder for the SilverStripe CMS. No coding required to build forms such as contact pages.
Stars: ✭ 132 (-1.49%)
Mutual labels: hacktoberfest
Flutter hooks
React hooks for Flutter. Hooks are a new kind of object that manages a Widget life-cycles. They are used to increase code sharing between widgets and as a complete replacement for StatefulWidget.
Stars: ✭ 1,973 (+1372.39%)
Mutual labels: hacktoberfest
Terasologylauncher
Terasology Launcher is the official launcher for the open source game Terasology.
Stars: ✭ 132 (-1.49%)
Mutual labels: hacktoberfest
Cypress Schematic
Add cypress to an Angular CLI project
Stars: ✭ 132 (-1.49%)
Mutual labels: hacktoberfest
Inertia
✈️ Effortless, self-hosted continuous deployment for small teams and projects
Stars: ✭ 133 (-0.75%)
Mutual labels: hacktoberfest
Awesome Vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-0.75%)
Mutual labels: hacktoberfest
paseto
PASETO: Platform-Agnostic SEcurity TOkens for Node.js with minimal dependencies
Implemented specs & features
All crypto operations are using their async node's crypto API, where such API is not available the operation is pushed to a Worker Thread so that your main thread's I/O is not blocked.
| v1.local | v1.public | v2.local | v2.public | |
|---|---|---|---|---|
| supported? | ✓ | ✓ | ✕ | ✓ |
Support
If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.
Documentation
Usage
Installing paseto
npm install paseto
Usage
const paseto = require('paseto')
// Generic (all versions) APIs
const { decode } = paseto
// PASETO Protocol Version v1 specific API
const { V1 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
// PASETO Protocol Version v2 specific API
const { V2 } = paseto // { sign, verify, generateKey }
// errors utilized by paseto
const { errors } = paseto
Producing tokens
const { V2: { sign } } = paseto
(async () => {
{
const token = await sign({ sub: 'johndoe' }, privateKey)
// v2.public.eyJzdWIiOiJqb2huZG9lIiwiaWF0IjoiMjAxOS0wNy0wMVQxNToyMTozMS40OTJaIn0tpEwuwb-loL652KAZhmCYdDUNW8YbF6UYCFCYLk-fexhzs2ofL4AyHTqIk0HzIxawufEibT1ZyJ7MPBJUVpsF
}
})()
Consuming tokens
const { V2: { verify } } = paseto
(async () => {
{
const payload = await verify(token, publicKey)
// { sub: 'johndoe', iat: '2019-07-01T15:22:47.982Z' }
}
})()
Keys
Node's KeyObject is ultimately what the
library works with, depending on the operation, if the key parameter is not already a KeyObject
instance the corresponding create function will be called with the input
-
crypto.createSecretKey()for local encrypt/decrypt operations -
crypto.createPublicKey()for public verify operations -
crypto.createPrivateKey()for public sign operations
You can also generate keys valid for the given operation directly through paseto
const crypto = require('crypto')
const { V1, V2 } = paseto
(async () => {
{
const key = await V1.generateKey('local')
console.log(key instanceof crypto.KeyObject)
// true
console.log(key.type === 'secret')
// true
console.log(key.symmetricKeySize === 32)
// true
}
{
const key = await V1.generateKey('public')
console.log(key instanceof crypto.KeyObject)
// true
console.log(key.type === 'private')
// true
console.log(key.asymmetricKeyType === 'rsa')
// true
}
{
const key = await V2.generateKey('public')
console.log(key instanceof crypto.KeyObject)
// true
console.log(key.type === 'private')
// true
console.log(key.asymmetricKeyType === 'ed25519')
// true
}
})()
FAQ
Semver?
Yes. Everything that's either exported in the TypeScript definitions file or documented is subject to Semantic Versioning 2.0.0. The rest is to be considered private API and is subject to change between any versions.
How do I use it outside of Node.js
It is only built for Node.js environment versions ^12.19.0 || >=14.15.0
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].