Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[Unreleased]
[4.0.0] - 2020-02-22
- Added id refresh token to header. It is checked by the frontend to see if the user is logged in.
[3.3.0] - 2019-08-20
Added
- For with express implementation: Session.getSessionInfo, Session.updateSessionInfo
- For without express implementation: getSessionInfo, updateSessionInfo
Deprecated
- For with express implementation: Session.getSessionData, Session.updateSessionData where Session is the session object returned after create new session or get session
- For without express implementation: getSessionData, updateSessionData
[3.2.0] - 2019-07-23
Changed
- remove cookie-parser dependecy
- added support for mongoose driver
- refactors code
Fixed
- userId bug when a number is passed as string in userId
[3.1.0] - 2019-07-18
Changed
- mongo config: user should pass option "url" for the library to connect to mongodb.
- mongo config options: "host, port, user, password, connectTimeout, socketTimeout, database" are deprecated and will be removed soon.
Fixed
- Throws Auth error if userId is not of correct type
- Adds feature for options API.
- CSRF protection can be disabled (by default it will be enabled)
- userId can be either string or number
- mongo collection config
[3.0.3] - 2019-07-17
Changes
- Uses accessTokenPath for idRefreshToken as well.
[3.0.2] - 2019-07-14
Changes
- Adds support for when API is a different subdomain to website URL by using Access-Control-Allow-Credentials, Access-Control-Allow-Headers and Access-Control-Expose-Headers.
[3.0.1] - 2019-07-12
Changes
- CSRF protection can be disabled (by default it will be enabled)
- userId can be either string or number
[3.0.0] - 2019-07-09
Breaking Changes
- Implements CSRF protection
- Makes handing token theft via an error as opposed to a callback
[2.0.0] - 2019-06-15
Breaking Changes
- Reorganises lib so that express related functions are access via /express. By default, you get the raw functions so that you can use them with any non express frameworks as well.
- Stores sessionHandle without hashing in db - results in changing of field name in collection
[1.0.3] - 2019-06-14
Added
- Does not store hashed version of session handle in database anymore.
[1.0.2] - 2019-06-14
Added
- Allows client to pass their own mongo connection in the init function.
[1.0.1] - 2019-06-14
Added
- Access Token blacklisting
Changed
- If JWT verification fails, then reloads key from DB.
[1.0.0] - 2019-06-13
Changed
- First release to npm. All tests passing