0.0.7 • Published 11 years ago

authstarter v0.0.7

Weekly downloads
5
License
-
Repository
github
Last release
11 years ago

#Auth Starter

This is the authentication code I find myself implementing on every project that needs a basic password protected demo or admin site. The flexibility of passport is nice, but for a simple app with few users all you need is something that works with minimal effort.

  • Based on passport-local
  • Username/password stored in mongodb
  • Limit unsuccessful login attempts (3 per minute by default)
  • Password hashing
  • Users cached in memory to avoid excessive db requests
  • Redirection to original url

The following routes are added to the app:

  • GET /login
  • POST /login
  • GET /logout
  • GET /loginredirect

Installation

npm install authstarter

To create necessary auth related view files, run

node
require("authstarter").setup();

Usage

var AuthStarter = require("./auth");

app.configure(function() {
    app.use(express.cookieParser());
    app.use(express.session({
        secret: 'secret'
    }));
    app.use(express.bodyParser());

    AuthStarter.configure(app);
    app.use(app.router);
    app.use(express.static(__dirname + '/static'));
    app.set('view engine', 'jshtml');
});


app.get('/', AuthStarter.ensureAuthenticated, function(req, res) {
    req.send('Secured content');
});

User setup

The user store is a mongodb collection containing documents like:

{
  _id: ObjectId("537159a186915c696a000521"),
  username: "username",
  password: "password",
  roles: {
    admin: false
  }
}

Passwords may be either plain text or hashed in the format used by https://github.com/davidwood/node-password-hash

Users may be created manually or using one of the provided functions that include password hashing.

AuthStarter.addUser("username", "password", {"user": true, "admin":false});

AuthStarter.setPassword(username, password);

Options

var settings = {
    mongoUrl: process.env.MONGOHQ_URL,
    baseUrl: process.env.SECURE_DOMAIN,
    userCollection: 'AdminUsers',
    hashOptions: {
        algorithm: "sha512"
    },
    maxAttempts: 3
};

AuthStarter.configure(app, settings);
  • mongoUrl - a mongodb url as used by mongo-native
  • baseUrl - used to make redirects absolute. eg "https://example.com"
  • userCollection - name of the mongodb collection
  • hashOptions - as used by password-hash
  • maxAttempts - number of incorrect login attempts allowed within one minute
expressmongodbpassportpassport-localpassword-hashnode-cacheextendconnect-flashjshtmljshtml-expressexpress-partials
@everything-registry/sub-chunk-1184chondric-tools
0.0.7

11 years ago

0.0.6

11 years ago

0.0.5

11 years ago

0.0.4

11 years ago

0.0.3

11 years ago

0.0.2

11 years ago

0.0.1

11 years ago