Integration
Express
One-line Express middleware for server-side Janus token verification.
Install
npm install @janus/expressBasic usage
import express from 'express';
import { janusVerify } from '@janus/express';
const app = express();
app.use(express.json());
app.post('/login',
janusVerify({
secretKey: process.env.JANUS_SECRET_KEY!,
apiUrl: 'https://your-janus.com',
}),
(req, res) => {
// Verification passed — req.janus contains the result
console.log(req.janus?.risk_score); // e.g., 15
console.log(req.janus?.action); // e.g., "allow"
res.json({ message: 'Logged in' });
}
);The middleware:
- Extracts the token from
req.body['janus-token'] - Calls your Janus API's
/api/v1/siteverifyendpoint - Attaches the result to
req.janus - Rejects blocked requests with 403
- Calls
next()on success
Options
janusVerify({
// Required
secretKey: process.env.JANUS_SECRET_KEY!,
apiUrl: 'https://your-janus.com',
// Optional: custom token extraction
tokenExtractor: (req) => req.headers['x-janus-token'] as string,
// Optional: also reject challenged requests
rejectActions: ['block', 'challenge'],
// Optional: custom rejection handler
onReject: (req, res, result) => {
res.status(403).render('blocked', { reason: result.error });
},
// Optional: callback on success
onVerify: (req, result) => {
console.log(`Verified: score=${result.risk_score} action=${result.action}`);
},
});Standalone verification
For non-Express contexts (Fastify, Koa, etc.):
import { verifyToken } from '@janus/express';
const result = await verifyToken({
secretKey: process.env.JANUS_SECRET_KEY!,
apiUrl: 'https://your-janus.com',
token: requestBody['janus-token'],
remoteIp: clientIp,
});
if (!result.success || result.action === 'block') {
// Reject request
}