Authchio NPM | npm.io

Authchio

Authentication and authorization middleware for Node.js application

Installation

First install Node.js and MongoDB. Then:

$ npm install authchio

Authentication usage

Connect to MongoDB

const authchio = require("authchio");
authchio.connect("mongodb://localhost/test", err =>
{
  // Add strategies
});

Add strategy

authchio.addCredentialsCookiesStrategy("credentials", { expiresIn: 3600 * 24 });
authchio.addFacebookCookiesStrategy("facebook", { appId: xxx, appSecret: xxx, expiresIn: 3600 * 24, secure: true });

Register user

authchio.register("credentials", request, response, { username: "foo", password: "bar" }, (err, isSuccessful) =>
{
  // Create app specific profile
});
authchio.register("facebook", request, response, { userToken: xxx }, (err, isSuccessful) =>
{
  // Create app specific profile
});

Log user in

authchio.token("credentials", request, response, { username: "foo", password: "bar" }, (err, isSuccessful) =>
{
    if(err) // database/server error
    if(!isSuccessful) // no user / wrong password
});
authchio.token("facebook", request, response, { userToken: xxx }, (err, isSuccessful) =>
{
  // Update latest login timestamp
});

Authenticate subsequent request

authchio.authenticate(request, response, {}, (err, user) =>
{
  if(!user) return; // login failed
});

Log user out

authchio.revoke("credentials", request, response, null, (err, isSuccessful) =>
{
});

Authorization usage

Register role

You have to register roles everytime authchio starts

authchio.registerRole("admin");
authchio.registerRole("user");

Grant role

Grant role to user when they sign up

authchio.grantRole("admin", "username", (err) =>
{
});

Add rule

You have to add rules everytime authchio starts

authchio.addRule("API", "getUsers");
authchio.addRule("WEB", "users");

Authorize

Authorize resource access, throw if callback is not passed to the function

authchio.authorize(request, response, "API", "getUsers", err =>
{
    console.log(err.message); // Unauthorized access for "getUsers" in "API", required roles: [admin], granted roles: [user] 
});

try
{
    authchio.authorize(request, response, "API", "getUsers");
}
catch(err)
{
    console.log(err.message); // Unauthorized access for "getUsers" in "API", required roles: [admin], granted roles: [user] 
}