Official account system for JNS (Node.js). It provides a full-stack solution for user registration, authentication via signed tokens, and account management.
npm i @jnode/server-account
const { AccountManager, routerConstructors: acr, handlerConstructors: ach } = require('@jnode/server-account');
const { createServer, routerConstructors: r, handlerConstructors: h } = require('@jnode/server');const manager = new AccountManager();
const server = createServer(
// Use JSONErrorMessage to catch errors and return structured JSON
acr.JSONErrorMessage(
r.Path(404, {
'/api/register': ach.Register(manager),
'/api/login': ach.Login(manager),
// Protect sensitive routes using AccountTokenVerify
'/api/user': acr.AccountTokenVerify(
manager,
r.Path(null, {
'@GET /profile': async (ctx, env) => {
const data = await ctx.identity.account.data();
return h.JSON({
status: 200,
account: data.account,
displayName: data.displayName
}).handle(ctx, env);
},
'@POST /reset-password': ach.ResetPassword(manager),
'@POST /delete': ach.DeleteAccount(manager)
}),
401 // Fail handler if not logged in
)
})
)
);
server.listen(8080);@jnode/server-account defines a standardized account protocol:
- Manager: Logic core. Handles password hashing (using
scrypt) and data persistence. - Account: A wrapper class for specific user data access.
- Router: Middlewares to verify identity.
AccountTokenVerifyinjects theAccountinstance intoctx.identity.account. - Handler: Web controllers that consume JSON requests and interact with the
Manager.
The core manager for handling account lifecycle.
data<Map> Account storage. Default:new Map().options<Object>authService<AuthService> Custom auth service.publicKey/privateKey<string> RSA keys for tokens.
Registers a user. Performs strict format validation (see Validation Rules).
Verifies credentials. account can be the username or email.
Updates password and sets securityReset to now, invalidating all old tokens.
- Returns: <Promise> | <Object>
id,account,email,displayName,createdAt,permissions,securityReset.
The following handlers expect JSON input and return JSON output.
For Register and ResetPassword handlers:
- account: 4-32 characters, alphanumeric (
\w). - email: Standard email regex.
- password: 8-64 characters, must include:
- Uppercase & Lowercase letters.
- Numbers.
- Symbols (
!@#$%^&*etc.).
- displayName: 2-32 characters, sanitized (no control codes).
-
Request Method:
POST(usually) -
Request Body:
{ "account": "username", "email": "user@example.com", "password": "SecurePassword123!", "displayName": "My Name" } -
Success Response:
200 OK{ "status": 200, "id": "username", "account": "username", "displayName": "My Name", "createdAt": "2023-10-27T..." } -
Cookie: Sets
jnsat(HttpOnly).
-
Request Body:
{ "account": "username_or_email", "password": "SecurePassword123!" } -
Success Response: Same as
Register. -
Cookie: Sets
jnsat(HttpOnly).
Requires authentication via AccountTokenVerify.
-
Request Body:
{ "id": "current_user_id", "oldPassword": "CurrentPassword123!", "newPassword": "NewSecurePassword456!" } -
Success Response:
{"status": 200}. -
Cookie: Refreshes
jnsatwith a newcre(creation) timestamp.
Requires authentication via AccountTokenVerify.
-
Request Body:
{ "id": "current_user_id", "password": "CurrentPassword123!" } -
Success Response:
{"status": 200}.
Verifies the jnsat cookie.
- If Pass: Sets
ctx.identity.accountandctx.identity.token. - If Fail: Calls
failhandler (e.g.,401). - Security: Automatically rejects tokens issued before the account's last
securityReset.
Catches errors thrown during routing/handling.
-
Format:
{ "status": 401, "code": "ACC_NOT_FOUND", "message": "Account not found." }
Generic token verifier. by can be a function to extract tokens from headers or other sources.