Skip to content

docs: align jwt-auth README with public API #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
gustavomarques00 wants to merge 1 commit into from
Closed

docs: align jwt-auth README with public API #23

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 18 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

Reusable JWT authentication package for Node.js and Express applications.

This package provides access tokens, refresh tokens, password hashing, route protection and HttpOnly Cookie helpers without requiring a database dependency.
This package provides access tokens, refresh tokens, password hashing, route protection, role-based authorization and HttpOnly Cookie helpers without requiring a database dependency.

---

Expand All @@ -23,6 +23,7 @@ Best for evaluating:
- Express middleware design
- Password hashing with bcrypt
- Refresh token flows
- Role-based authorization middleware
- Cookie-based authentication helpers
- Test coverage and package readiness

Expand All @@ -34,6 +35,7 @@ Best for evaluating:
- Refresh token generation and verification
- Password hashing and comparison
- Express route protection middleware
- Role-based authorization middleware
- HttpOnly Cookie helpers
- Cookie-based protected route middleware
- Multiple JWT algorithms: HS256, HS512 and RS256
Expand Down Expand Up @@ -131,11 +133,10 @@ The package exports grouped namespaces from `src/index.js`.
| `password` | `comparePassword(password, hash)` | Compares a plain-text password against a bcrypt hash. |
| `middleware` | `protectRoute` | Express middleware for Bearer-token protected routes. |
| `middleware` | `protectRouteFromCookie` | Express middleware for cookie-based protected routes. |
| `middleware` | `protectWithRoles(roles)` | Express middleware factory for role-based authorization. |
| `cookies` | `setTokenCookie(res, token, options)` | Sets a JWT token cookie. |
| `cookies` | `getTokenFromCookie(req, name)` | Reads a JWT token from cookies. |

> Note: `protectWithRoles` exists in the source tree and has tests, but it is not part of the public namespace export shown above. Public export should be verified before documenting it as package-level API.

---

## Usage
Expand Down Expand Up @@ -184,6 +185,19 @@ app.get('/private', middleware.protectRoute, (req, res) => {
});
```

### Role-Based Route

```js
const express = require('express');
const { middleware } = require('@devflow-modules/jwt-auth');

const app = express();

app.get('/admin', middleware.protectWithRoles(['admin']), (req, res) => {
res.json({ message: 'Admin access granted.' });
});
```

### Cookie Helpers

```js
Expand Down Expand Up @@ -298,10 +312,9 @@ examples/

- [x] Support multiple JWT algorithms: HS512 and RS256
- [x] Support HttpOnly Cookies
- [x] Add role and permission middleware in source/tests
- [x] Add and export role-based authorization middleware
- [x] Add automated changelog and GitHub Release workflow
- [x] Add complete Express authentication + refresh example
- [ ] Verify/export role middleware from package public API
- [ ] Add optional middleware for public routes
- [ ] Add native ESM import/export compatibility
- [ ] Add token blacklist/session invalidation support
Expand Down
Loading