Fl-auth-server NPM

Server side of fl-auth-*, an auth package for FounderLab apps

Usage (server) - values shown are defaults:

import { configure as configureAuth, loggedIn } from 'fl-auth-server'

app = express()                       // Provide your express app
configureAuth({
  app,

  User: require('./models/user'),     // Give fl-auth-server another User model to use if you have a custom one

  middleware: {
    initialize: true,                 // enable passport middleware 
    session: true,                    // (don't change these)
  },

  paths: {
    login: '/login',                  // Route to log someone in
    register: '/register',            // Route to register a new user
    logout: '/logout',                // Route to log someone out
    resetRequest: '/reset-request',  // Route to request a password reset email be sent
                                      // must provide `email` as a param in the body, e.g. {email: 'a@example.com'} 
    reset: '/reset',                  // Route that a user will visit to perform their password reset. 
                                      // Requires `resetToken` as a param. This token is generated by the reset-request 
                                      // and should be passed through via the email you sent them from their reset-request.
    success: '/',                     // Go here when a user logs in or registers 
                                      // (if there's no other location specified) <- This isn't implemented yet
  },
  
  /*
   *  A facebook oath route will be created at the `paths.redirect` url
   *  When signing in users with facebook open this url, they will be redirected to facebook for authentication and back
   *  Your User model should have `facebookId` and `facebookAccessToken` fields where their facebook info will be saved
   *  
   */
  facebook: {                         
    clientId: ,                       // Your facebook app id (required)
    clientSecret: ,                   // Your facebook app secret (required)

    url: process.env.URL,
    paths: {
      redirect: '/auth/facebook',
      callback: '/auth/facebook/callback',
    },
    scope: ['email'],
    profileFields: ['id', 'displayName', 'email'],
  },
  
  /*
   *  Same deal for linkedin
   */
  facebook: {                         
    clientId: ,                       // Your facebook app id (required)
    clientSecret: ,                   // Your facebook app secret (required)

    url: process.env.URL,
    paths: {
      redirect: '/auth/linkedin',
      callback: '/auth/linkedin/callback',
    },
    scope: ['r_emailaddress', 'r_basicprofile'],
    profileFields: ['first-name', 'last-name', 'email-address', 'formatted-name', 'location', 'industry', 'summary', 'specialties', 'positions', 'picture-url', 'public-profile-url'],
  },
  
  login: {                          
    usernameField: 'email',                                // The login/register strategies look for these properties on the request body
    passwordField: 'password',                             //
    badRequestMessage: 'Missing credentials',             // If username or password is missing this is sent
    resetTokenExpiresMs: 1000 * 60 * 60 * 24 * 7,        // Reset tokens expire in 7 days by default
    extraRegisterParams: ['type'],                        // Extra fields to be plucked from the body of a POST to /register that will be saved on the user model. Fields not in this whitelist (other than usernameField/passwordField) are ignored
  },

  // You need to override this with a function that sends this user an email with a link to the reset page, 
  // with a query param containing this resetToken 
  // e.g. <a href="https://example.com/reset?resetToken=${user.get('resetToken')}>Reset your password here</a>
  sendResetEmail: ({user, req}, callback) => {
    console.log('[fl-auth] sendResetEmail not configured. No password reset email will be sent. Reset token:', user.get('email'), user.get('resetToken'))
    callback()
  },

  sendConfirmationEmail: (user, callback) => {
    // same deal with this. Send an email with a link to confirm the email
    // e.g.
    const email = user.get('email')
    const query = querystring.stringify({email, token: user.get('emailConfirmationToken')})
    const message = `${appConfig.url}/confirm-email?${query}`
    console.log('Sending emailConfirmationToken email', email, user.get('emailConfirmationToken'), message)
    sendMail({to: email, subject: `Confirm your email for ${appConfig.url}`, text: message}, callback)
  }

})