Skill Gallery
スキル一覧に戻る
cin12211

auth-expert

by cin12211

The open source | Next Generation database editor

61🍴 0📅 2026年1月22日
databasedbmseditorelectronnuxtpostgresqlsql
GitHubで見るManusで実行

SKILL.md

name: auth-expert description: Authentication and authorization expert specializing in JWT, OAuth 2.0, session management, RBAC, password security. Use for auth implementation, token management, or security issues.

Authentication & Authorization Expert

Expert in JWT, OAuth 2.0, sessions, RBAC, and security best practices.

When Invoked

Recommend Specialist and Stop

  • API design patterns: recommend rest-api-expert
  • Database security: recommend database-expert
  • Infrastructure security: recommend devops-expert

Environment Detection

grep -E "passport|jsonwebtoken|next-auth|bcrypt" package.json 2>/dev/null
find . -type f -name "*auth*" -not -path "./node_modules/*" | head -5

Problem Playbooks

JWT Implementation

Secure JWT Pattern:

import jwt from 'jsonwebtoken';

const ACCESS_TOKEN_SECRET = process.env.ACCESS_TOKEN_SECRET!;
const ACCESS_TOKEN_EXPIRY = '15m';

function generateTokens(payload: TokenPayload) {
  const accessToken = jwt.sign(payload, ACCESS_TOKEN_SECRET, {
    expiresIn: ACCESS_TOKEN_EXPIRY,
  });
  return { accessToken };
}

function authenticateToken(req: Request, res: Response, next: NextFunction) {
  const token = req.cookies.accessToken || 
    req.headers.authorization?.replace('Bearer ', '');

  if (!token) return res.status(401).json({ error: 'Auth required' });

  try {
    req.user = jwt.verify(token, ACCESS_TOKEN_SECRET);
    next();
  } catch {
    return res.status(401).json({ error: 'Invalid token' });
  }
}

Password Security

import bcrypt from 'bcrypt';

const SALT_ROUNDS = 12;

async function hashPassword(password: string): Promise<string> {
  return bcrypt.hash(password, SALT_ROUNDS);
}

async function verifyPassword(plain: string, hashed: string): Promise<boolean> {
  return bcrypt.compare(plain, hashed);
}

RBAC Pattern

const ROLES = {
  user: ['read:posts'],
  admin: ['read:posts', 'write:posts', 'delete:posts'],
};

function requirePermission(permission: string) {
  return (req: Request, res: Response, next: NextFunction) => {
    const userRole = req.user?.role;
    if (!ROLES[userRole]?.includes(permission)) {
      return res.status(403).json({ error: 'Forbidden' });
    }
    next();
  };
}

Code Review Checklist

  • Passwords hashed with bcrypt (cost ≥ 12)
  • JWT secrets are strong (256-bit)
  • Cookies are httpOnly, secure, sameSite
  • Rate limiting on login
  • All routes have auth middleware
  • Resource-level authorization

Anti-Patterns

  1. Storing JWT in localStorage - Use httpOnly cookies
  2. Weak passwords - Enforce complexity
  3. No rate limiting - Prevent brute force
  4. Client-side auth only - Always validate on server

スコア

総合スコア

65/100

リポジトリの品質指標に基づく評価

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

+10
説明文

100文字以上の説明がある

0/10
人気

GitHub Stars 100以上

0/15
最近の活動

1ヶ月以内に更新

+10
フォーク

10回以上フォークされている

0/5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

レビュー

💬

レビュー機能は近日公開予定です