user-management-system

User Management System(UMS) for vigour projects

• Launches an express server to manage authentication
• uses passport and the following strategies:
• passport-facebook A file system-based session store.

• if you wish to use another passport strategy, please let me know or implement it yourself and make a pull request
• Session managed with: express-session using one of the following session stores:

• session-file-store A file system-based session store.

• connect-redis A Redis-based session store.

• if you wish to use another session store, please let me know or implement it yourself and make a pull request

Usage:

$ npm install user-management-system

var ums = require('user-management-system')
var config = require('./config.json')
 
ums.start(config)
  .then((server) ==> console.log('UMS running on port', server.port))
  .catch((err) => log.error('USM', err))

Config:

this is what a typical config should look like:

{
  "port": 9000,
  "session": {
    "options": {},
    "store": {
      "type": "file",
      "options": {}
    }
  },
  "auth": {
    "facebook": {
      "clientID": "FACEBOOK_APP_ID",
      "clientSecret": "FACEBOOK_APP_SECRET",
      "profileFields": ["id", "emails", "gender", "link", "locale", "name", "timezone", "updated_time", "verified"],
      "scope": ["email"]
    }
  }
}

• port - the port on which the UMS express server will be running (defaults to 9000)
• session - information about the session management (optional)
• options - see session options
  • defaults to: { secret: 'my-little-pony', resave: true, saveUninitialized: true }
  • note: you can override the "store" option at your own risk
• store - choice of predefined session stores
  • type - type of store to use (defaults to "file"), can be:
    • file - use session-file-store
      • default options: { path: "/<tmpdir>/.ums-sessions", logFn: function(){} }
    • redis - use connect-redis
      • default options: { uri: "localhost", port: 6379 }
• auth - settings for each of the Strategies being used
• note: no need to specify callback urls
• note: you should specify the "scope" property here

Advanced usage

checkout the example folder to see a real world implementation using mongodb to store users and sessions
you can run the example simply with $ npm start
note: you need a mongodb server running on the default port(27017)

User management:

out of the box, UMS uses the following function for serializing and deserializing users:

function(user, done){ 
  done(null, user)
 }

and the following verify callback:

//example for the facebook strategy 
function (token, rToken, profile, done){
  var user = {
    strategy: 'facebook',
    profile: profile._json
  }
  user.facebook.token = token
  if(server.config.auth.verifyCallback){
    server.config.auth.verifyCallback(user, done)
  } else {
    done(null, user)
  }
}

and req.user will be an object, looking like:

{ 
  facebook: { 
    id: '10153112773881034',
    email: 'andre.padez@gmail.com',
    gender: 'male',
    link: 'https://www.facebook.com/app_scoped_user_id/10153112773881034/',
    locale: 'en_US',
    last_name: 'Padez',
    first_name: 'André',
    middle_name: 'Alçada',
    timezone: 1,
    updated_time: '2015-10-28T10:29:39+0000',
    verified: true,
    token: '<oauth_token>' 
  } 
}

you can, however, override those by setting them to the config object, so:

var ums = require('user-management-system')
var config = require('./config.json')
 
config.auth.verifyCallback = function(user, done){
db.findUser({'profile.id': user.profile.id}, function(err, userFromDB){
  if(err){
    return done(err)
  }
  if(userFromDb){
    return done(null, userFromDb)
  }
  //if no user in db
  var newUser = new User(user)
  newUser.save(function(err){
    return done(err, newUser)
  })
})
}
 
config.auth.serializeUser = function(user, done) {
 done(null, user.id)
}
 
config.auth.deserializeUser = function(id, done){
 db.findUser({id: id}, function(err, user) {
   done(err, user);
 })
}
 
ums.start(config)
 .then((server) ==> console.log('UMS running on port', server.port))
 .catch((err) => log.error('USM', err))

note: all db operations are fictitious here, just to illustrate