authentication-server
A node module providing a basic authentication web server.
This server is based upon express and uses redis-sessions to communicate with a redis server that stores the sessions.
How can I install it ?
Just open a terminal and run
npm install authentication-server
You also need a running redis server.
How does it work ?
- The client sends a http request containing a user id and a password.
- If the credentials are correct, the server answers with a token.
- The client can now use this token to communicate with the server about this user.
Easy isn't it ?
How can I create a server ?
Take a look at this basic example
const {authServer} = require("authentication-server");
// authServer returns an instance of an Express http server
const server = authServer(basePath, getHash, checkPassword, redisParams, debug);
// Launch it like this
const port = 80;
server.listen(port, () => console.log(`Running on port ${port}`));
// The path under wich the applcation will serve, in this case you will
// have to use http://localhost/auth/login in order to log a user in.
const basePath = "/auth"
// This is the first of the two function you have to implement yourself,
// can be async if needed as the await keyword is used when calling it.
// Arguments: id (string) - the id provided when using the login route.
// Return: - If you can't find a hash for that id, return undefined
// - If you found a hash, return it as a string
function getHash(id) {
// query database for hash, or wathever suits you
if (hash) {
return hash;
}
return undefined;
}
// This is the second function, can also be async if needed as the await
// keyword is used when calling it.
// Arguments: password (string) - the password provided when using the login route.
// hash (string) - the hash returned by getHash (the function implemented above)
// Return: - If the hash-of-password equals hash (the one provided as argument), return true
// - Otherwise return false
function checkPassword(password, hash) {
if (hashPassword(password) == hash) {
return true;
}
return false;
}
// Optional, defaults to {}, Object provided to the redis-sessions
// module, check it out for more details
const redisParams = {
"host": localhost,
"port": 6379
}
// Optional, defaults to false
const debug = true;Or read this
To create a server, you need to call authServer(basePath, getHash, checkPassword, redisParams, debug).
| Argument | Type | Info |
|---|---|---|
basePath |
string | Path under wich the application will serve. If it equals /auth, you will have to use http://localhost/auth/login in order to log a user in |
getHash |
function | See in the code example above to know how to implement it |
checkPassword |
function | See in the code example above to know how to implement it |
redisParams |
Object |
Optional Defaults to {}. Parameters used to connect to redis. This Object is directly passed on to the redis-sessions module. Check it out to know how to use it. |
debug |
bool | Optional, defaults to false. If true, prints client connections. |
How can I use the server I have just created ?
The Five Paths
There are five paths you can use: login, check, id, logout and logouteverywhere. You access each using http(s)://<host>/<basePath>/<path>.
Every request you make will return a json containing at least a msg field that, in case of an error, explains what happened. Example:
{
"msg": "Invalid credentials"
}In case of succes, some additional information is usually provided.
| Path | Usage | Method | Datatype | Data | Response (in addition to msg) |
|---|---|---|---|---|---|
| login | Log a user in. | PUT | form (json) | id: the id of the user to log in. password: password of the user to log in. | token: token identifying the created session. |
| check | Check if a token is valid / if the user is logged in. | GET | query | token: token to check | isLoggedIn: bool. |
| id | Get the id of the user given a token | GET | query | token: token of the user. | id: id corresponding to the token. |
| logout | Log a user out on a single session. | DELETE | query | token: token of the user to log out. | None |
| logouteverywhere | Log a user out on every session. | DELETE | query | token: a token of the user to log out everywhere. | nbKilled: number of sessions deleted. |
How can I extend this server ?
As said earlier, the authServer() function returns an Express web application. This means that you can add any middleware or route that you want. You can also make use of the class User by doing:
const {User} = require("authentication-server");This is a utility class used for handling every user and session related operation. However, it is not documented so you will have take a look at the code.
How are errors handled ?
Using this middleware:
app.use(function(err, req, res, next) {
res.status(500).send({"msg": "Internal Server Error"});
next(err);
});Wich means that every error thrown by the application or one of the function you had to implement will end up as a 500 http error sent to the client.
Once again, you can add your own middleware that will be executed right after this one.