This module provides SSO (Single Sign-On) support for vBulletin accounts and your Node.js powered website.
npm install --save vbauth
const VBAuth = ;const vbauth = database options;// express/connect middleware// this will inject info about the currently authenticated user in req.vbuserapp;
This module makes use of ES6 features. For Node 4, you should either use Babel, or require the module compiled for ES5:
const VBAuth = ;
More examples can be seem in the API section.
VBAuth(database, options) -> Constructor
database can be either a
mysql connection or pool. Or you can pass the parameters to construct a mysql-pool
options can have the following properties
cookieSalt: Used to salt the remember me password before setting the cookie. This must match the value located at the file
includes/functions.phpof your vBulletin install (Default:
cookiePrefix: Cookie prefix used by vBulletin. (Default:
cookieTimeout: How long it takes for a session to timeout in seconds. (Default:
cookieDomain: The domain to install the cookie to. (Default:
defaultPath: Default path, for activity refresh. Set a
urlas string, or
useStrikeSystem: The strike system will block the user from trying to log in after 5 wrong tries. (Default:
refreshActivity: Should it refresh activity or not? If not, it will simply attach the userinfo to the request object, and will not make any writes or updates in to the Forum database. (Default:
secureCookies: Use Secure cookies for remember-me cookie. Secure cookies only gets stored if transmitted via TSL/SSL (https sites) (Default:
subscriptions: Query user subscriptions? By default, it will query the subscription with id = 1. (Default:
subscriptionId: Subscription id to query. (Default:
isUser: function called to check whether a user is authenticated or not. (Default:
userinfo => (userinfo.usergroupid > 1 && userinfo.usergroupid !== 8 /* banned */ && userinfo.usergroupid !== 3 /* awaiting email confirmation */ && userinfo.usergroupid !== 4 /* awaiting moderation */))
isAdmin: function called to check whether a user is an admin or not. (Default:
userinfo => userinfo.usergroupid === 6)
isModerator: function called to check whether a user is a moderator or not. (Default:
userinfo => userinfo => userinfo.usergroupid >= 5 && userinfo.usergroupid <= 7)
const VBAuth = ;const vbauth =host: 'localhost'user: 'root'password: 'test'database: 'my_vbulletin_database'connectionLimit: 10cookieSalt: 'My_vBulletin_cookieSalt' // this is mandatory, you must change this one;
session() -> Express-like Middleware
An Express/Connect middleware that injects information (
vbuser) about the currently logged in user in to the
const express = ;const VBAuth = ;const vbauth = database options;const app = ;app; // from here on, you can access the user's information by accessing req.vbuser
mustBeUser() -> Express-like Middleware
An Express/Connect middleware that will only allow users to access a route. This uses
options.isUser function to determine whether the user is authenticated or not.
const express = ;const VBAuth = ;const vbauth = database options;const app = ;// anyone can access this routeapp;// only authenticated users can access the routes belowapp;app
mustBeAdmin() -> Express-like Middleware
An Express/Connect middleware that will only allow admins to access a route. This uses
options.isAdmin function to determine whether the user is an admin or not.
mustBeModerator() -> Express-like Middleware
An Express/Connect middleware that will only allow moderators to access a route. This uses
options.isModerator function to determine whether the user is a moderator or not.
login(login, password, remember, loginType, req, res) -> Promise
Tries to perform a login using
password. You can also pass
false if you want a persistent session.
loginType can be used for admin/mods login, but it's not implemented yet.
res come from the Express Route.
The promise can return 4 values:
'success': authentication went ok.
failed, login and password are required: user name and password was not specified.
failed, too many tries: user typed the wrong password for 5 times in less than 15 minutes.
failed, wrong login or password: incorrect user name or password.
logout() -> Express-like Middleware
Will erase the session from the database and erase user cookies.
req.vbuser -> Object
This object gets injected if you attach the
session() middleware or any of the
userid: the userid of the currently authenticated user.
username: the username of the currently authenticated user.
usergroupid: the usergroupid of the currently authenticated user.
membergroupids: the membergroupids of the currently authenticated user.
posts: the amount of posts made by currently authenticated user.
subscriptionstatus: user's subscription status (only if
subscriptionexpirydate: user's subscription expiry date in unix timestamp (only if
debug is used to print out all the MySQL queries performed by vbauth. To enable debug you must launch your app with
DEBUG=vbauth node app.js
set DEBUG=vbauth & node app.js