Provides support for labs-login server private for uphs health system
There is a sessions middleware (called sessionsMiddleware) and passport.
There are three steps to getting it working.
- Set up passport with your oauth credentials and pass in your apps url and database
- Set up a collection in mongodb to store your sessions. (This is optional. You can use an alternative session system if you prefer, but this one works with mongodb and express-session)
- Use the above in your app
- Add the /login, /logout and callback paths to your app
in lib/passport.js
import { mhealthPassport } from 'passport-mhealthlabs';
import { myDatabase } from './databases';
import { mhealthId, mhealthSecret, rootURL } from 'configs';
export default mhealthPassport({
mhealthId,
mhealthSecret,
rootURL,
usersCollection: myDatabase.users //the collection you have for users
})
in lib/sessions.js
import { sessionsMiddleware } from 'passport-mhealthlabs';
export default sessionsMiddleware({
dbURI: 'mongodb://localhost:27017/' + myDatabase,
collection: 'userSessions', // collection to store sessions in
secret: 'asecret' //a random string, should be unique per app. see express-session documentation
});
in server.js
import express from 'express';
import passport from './lib/passport';
import sessions from './lib/sessions'; //middleware
const app = express();
app.use(passport.initialize());
app.use(passport.session());
//define the login, logout and callback routes. code below can be used
app.get('/login', passport.authenticate('oauth2'));
app.get('/users/auth/mhealth/callback', passport.authenticate('oauth2', {
successRedirect: '/loggedIn', //logged in path
failureRedirect: '/' //path for signing in or root path
}));
app.get('/logout', (req, res, next) => {
if (req.session && req.session.destroy) {
req.session.destroy();
console.log('destroyed session');
}
res.redirect('/');
});
// to require authentication on any path, just include sessions as middleware
app.use('/loggedIn', sessions, loggedInController);
app.use('/public', publicController); // paths without sessions will not require authentication
Use in your own middleware/routes
- user can be obtained in middleware with req.user or req.session. See documentation of express-session