node package manager


login and logout module for lockit

Lockit login

Log in users to your Express app. The module is part of Lockit.

npm install lockit-login

var Login = require('lockit-login');
var utils = require('lockit-utils');
var config = require('./config.js');
var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);
var app = express();
// express settings 
// ... 
// sessions are required - either cookie or some sort of db 
  secret: 'this is my super secret string'
// create new Login instance 
var login = new Login(config, adapter);
// use login.router with your app 
// listen to events [optional] 
login.on('login', function(user, res, target) {
  res.send('Welcome ' +;

More about configuration at Lockit.

  • two-factor authentication
  • track failed log in attempts
  • lock account after too many failed login attempts
  • track time and ip of log ins
  • redirect unauthorized users to /login and save requested url to session
  • input validation
  • allow login with username and/or email
  • GET /login
  • POST /login
  • POST /login/two-factor
  • GET /logout

If you've set in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/login is next()ed and you can catch /login on the client
  • POST /rest/login stays the same but sends JSON
  • POST /rest/login/two-factor stays the same but sends JSON
  • GET /rest/logout sends JSON and you can catch /logout on the client

make test