express-auth2
User authentication middleware for ExpressJS.
This is a lightweight middleware which adds authentication main building blocks to your Express application.
Setup
Install the package.
npm instal --save express-auth2
For a real-world authentication (e.g. login using username and password) you will also need body-parser, express-session and cookie-parser, unless your application will handle only simple token-based authentications (e.g. basic authentication).
Continue by attaching the module to your Express application.
var auth = ;var app = ;...app;app;app;app;app;
This will add helper methods to the request
and response
objects.
Examples
Login Using Email & Password
Create a login form view.
form(action='/login', method='post') input(type='text', name='email', placeholder='Enter your email') input(type='password', name='password', placeholder='Enter your password') button(type='submit') Submit
Define routes for handling login
.
app; app;
Define route for handling logout
.
app;
Create a handler at ./auth/session.js
which authenticates a user from a req.session.userId
on every request.
module { return { if req ; else if reqsession && reqsessionuserId var user = id: reqsessionuserId email: reqsessionuserId ; // Pretend we query real database. req; else ; };};
Now configure the module, attach the handler to a route and require authentication.
var authSession = ;...app;app;...app;
The /secure-place
will now redirect unauthenticated user to the /login
path. A user will be redirected back to the /secure-place
on successful login.
Auth.init(options)
Initialization middleware which adds methods for building authentications to request and response objects.
options.loginUrl :: String | Function(req)
Path to the login page. Not that you can pass a function in case of a dynamic path (e.g. when using route translations).
Auth.authorize()
Middleware that stops unauthenticated access. When an unauthenticated user tries to access a route defined after this middleware, a user is redirected to a login page or 401 is returned if login path is not set.
Request Object
req.authenticate(user, next) :: null
user: Object, next: Function
Authenticates a user from the
user
object. Note that theuser
object must have anid
key.
req.unauthenticate(next) :: null
next: Function
Unauthenticates a user.
req.isAuthenticated() :: Boolean
Returns
true
if a user is authenticated.
req.isUnauthenticated() :: Boolean
Returns
true
if a user is not authenticated (the reverse of theisAuthenticated
).
req.getLoginUrl() :: String | Function
Returns URL path for the login page. Note that this parameter is configured through the initializer.
req.getBackUrl() :: String
Returns URL path to the page where a user will be redirected back after login.
req.rememberAsBackUrl(url) :: null
url: String
Memorizes the current URL. This method is used by the middleware when a user tries to access a page that needs authentication.
req.forgetBackUrl() :: null
Forgets the redirect-back URL.
Respond Object
res.redirectBackOr(url) :: null
url: String
Redirects a user the
getBackUrl()
or to the providedurl
if the no memorized URL is found.