node.js oauth login wizard with leveldb session storage
$ npm install gandalf
var http =var Router =var mount =var level =var Gandalf =var ecstatic =var db =var gandalf =var router =// mount the OAuth login handlersrouter// get the current session datarouter// only logged in people can see this routerouter// these are served without hitting the sessionroutervar server = httpserver
providers config to activate external OAUTH providers:
var gandalf =
The supported types are:
Password mode (/register and /login) are activated automatically.
One user can
connect multiple external providers and link them to the same user id.
Return a function that will create a
session property of the request:
var session = gandalfrouter
You can also pass a function to gandalf.session and it will be wrapped:
Mount the authentication handler onto an endpoint of your application (for example on
You can then link to
/auth/github to perform a github login or POST to
/auth/register to register new accounts.
The following are the routes that are mounted:
post username and password and other fields to register a new user
post username and password fields to login using the password method
post a username to use for a connected user - use this when a user connects using an external service but you still need a
username (as opposed to just an id)
clear the session and redirect to '/'
check if the given username exists
return a JSON representation of the current session - this includes OAuth tokens
Return a 403 error if the user is not logged in:
If you do not pass a function then there just needs to be a user for access to be granted.
Delete a user and all their details
Remove the connection details for 'provider' in the given user
When a value has been put to the database
When a batch has been sent to the database
A HTTP request has hit the handler
A HTTP request has hit a provider handler
A resource has been denied in a protect handler
A login request
A register request
A connect request
A user profile has been created by
A claim request
A logout request