express-passport-security
Configures an Express app for authentication using Passport's local strategy.
Install
yarn add express-passport-security
API
configurePassport(findUser, findUserById)
Configures Passport with the required user retrieval functions.
-
findUser(username)
returns a user from a given username for authentication -
findUserById(id)
returns a user from a given ID for session deserialisation
Note: the user returned must have an id property to uniquely identify the user
and a password property containing a bcrypt hash of the user's password.
Use something like node-password-util
to correctly hash passwords when creating users.
configureApp(app, [options])
Integrates the given Express instance with Passport and adds a login and logout route handler.
-
app
the Express instance -
options
optional object to allow configuration of post authentication flow. Available options are:-
userDetailsExtractor(user)
an optional function which returns only the required properties from the user object. By default, just the password will be removed. -
loadInitialData(user, req)
an optional function to return any initial data required by the app after successful authentication. Any implementation given must return a Promise which resolves to an object containing the initial data.
-
middleware()
Express middleware to redirect unauthenticated users in secure routes to the login page.
returnTo is set on the session to allow redirection back to the route after login.
configureRoutes(login, logout)
By default, login and logout routes are set to /login and /logout respectively. Use this method to configure the routes.
Note: this will need to be called before configureApp and middleware.
Example
;;;;; const app = ;app;app;app; // configure passport (findByEmail and findById implementations not shown); // configure express; // no authentication required so no middleware includedapp; // secure /foo with middlewareapp;