Super Simple User Mgmt
API user management for mobile apps
mongoose model to deal with super simple user management for APIs. By plugging this model into your API, you can allow users to register and authenticate for an API.
Use case: If you want to create a simple API to be used e.g. by an iPhone app, you can plug this model in your backend API to authenticate calls.
Features and how it works
At the core,
super-simple-user-mgmt is a Mongoose model called
var User =email: Stringpassword: Stringtoken: Stringprototoken: Stringname: String;
name can be set on registration. Before full registration with info input by the user, a
User can be created with a
password is securely encrypted with bcrypt.
super-simple-user-mgmt requires an active and working MongoDB connected through Mongoose. If you don't have that yet, you can install MongoDB using their tutorial, and connect to it using this recommended connection handling code.
Install and require
Recommended way to install is via npm:
npm install --save super-simple-user-mgmt
Then simply require the module in your API, e.g. using Express:
var User = ;
All done. You now can manage your users as explained below.
You can register as an unknown and unidentified user (so called
protouser) or as a full fledged
user with identification details. Why? A protouser can be registered by your (mobile) app when the user first opens it, so you can store all data with your normal structure in the backend, without asking the user for registration directly. This hopefully improves user experience and hence your conversion.
Registration of protouser
If you want to store user-related data in your backend via an API, but don't want the user directly to register, you need a
For this, you only need one unique token or identifier generated by the app. For iPhone apps e.g. this could be:
NSString *udid;if (SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(@"6.0"))udid = [UIDevice currentDevice].identifierForVendor.UUIDString;elseudid = [UIDevice currentDevice].uniqueIdentifier;
You can create a route to register a protouser with Express.js like so:
The user is registered, and can only identify itself using the same
prototoken again. So the app needs to store it.
Registration of full user
If you already have some details about the users identity (email and password), you can directly register a full user. This is done with
You pass the register an object with the user's information:
password are required, you can also state a
name of the user. By providing a
prototoken, you can extend an existing
protouser (see above).
This simple example with Express.js show the general workflow. The user is registered and logged in, you it is recommended to at least return the users
token. But you can return anything, as the callback's
user is the full object as described above.
By the way, the
prototoken, if you had one, was invalidated.
An example for an Express.js route to authenticate a user is:
On a non-error callback, you have the full user object as described above.
The JSON object in
req.body.credentials can hold credentials in three flavors:
prototoken. Note that this only works for protousers.
2. Username & password
Normal auth via
password. It is preferable to use rather the token as described below, so only use it if the token was invalidated.
3. Username & token
token, but not the
prototoken. This is the preferred way to auth every request to the API, so that the password is not submitted every time.
All the rest
If required, a user can be logged out. This means, his
token will be invalidated. This does not work for protousers.
For a non-error callback, the var
user now holds the whole user object, with its
token set to
Fork, change, request a pull. Talk to me via issues or email.