connect-ensure-authenticated v1.0.10
connect-ensure-authenticated
This simple middleware ensures that a user is logged in with Passport. If a request is received that is unauthenticated, the request returns a JSON error.
Install
Yarn
$ yarn add connect-ensure-authenticated
NPM
$ npm install connect-ensure-authenticated
Usage
Ensure Authentication
In this example, an application has a whoami API endpoint. A user must be logged in before accessing this endpoint.
const { ensureAuthenticated } = require('connect-ensure-authenticated');
const app = express()
app.get('/api/whoami', ensureAuthenticated(), (req, res) => {
res.json({ user: req.user });
});
If a user is not logged in when attempting to access this page, the request will return the default 401 status code with the default message "Authentication required".
Unless
This middleware supports express-unless. This is useful because in some cases it might be better to ensure authentication on all API endpoints with the exception for a few specific API's (for example the login API and the password reset API).
const { ensureAuthenticated } = require('connect-ensure-authenticated');
const app = express()
app.use(ensureAuthenticated().unless({
path: ['/api/login']
}));
// The '/api/login' endpoint is noted in the unless configuration therefore no authentication is required
app.get('/api/login', (req, res) => {
res.status(200);
res.json({ authenticationRequired: false });
});
// The '/api/whoami' endpoint is not noted in the unless configuration, therefore authentication is required
app.get('/api/whoami', (req, res) => {
res.status(200);
res.json({ authenticationRequired: true });
});
The /api/whoami
endpoint returns an authentication error while the /api/login
endpoint does not, because it is exluded with unless.
Custom status code and/or message
The ensureAuthenticated middleware can be configured to return another status code and/or message.
const { ensureAuthenticated } = require('connect-ensure-authenticated');
const app = express()
app.use(ensureAuthenticated({
statusCode: 418, // default = 401
message: 'I\'m a teapot!', // default = "Authentication required"
}));
How do I use this with Passport?
Take a look at the integration test for some inspiration.
I have also created a single file example repository using this module: https://github.com/allardvanderouw/express-api-passport-local-mongo-session-example/blob/master/server.js
Prior art
This module was heavily inspired by Jared Hanson's connect-ensure-login module.