frivillig-auth v3.0.0

Login module for frivillig.no

Add this ExpressJS middleware to allow users to sign in using JWTs.

Summary

This middleware looks for a JWT in the request cookies. It looks for cookies in req.cookies, so a middleware for parsing cookies are recommended, such as cookie-parser.

If the cookie has a valid JWT then the middleware passes the request through to the next handlers. The claims in the JWT are set as req.session, so any handlers after the middleware, can access the claims.

If, for any reason, the middleware is unable to find, parse, or validate the cookie's JWT, then the request is redirected.

Options

The following options can be sent in to configure the middleware.

• cookieName tells the middleware which cookie to look for.
• cookieSecret is what secret the JWT was signed with.
• allowedUsers an array of email for users who are allowed to sign in with a valid JWT.
• loginServerUrl where to the login server is located. All invalid request will be redirected here.

Tests

Use npm test to run the tests. Remember to install the dependencies first using npm install.

Example usage

Below is a short example of how you can setup your Express app to use this module as authentication middleware.

const express = require('express');
const server = express();
server.use(require('cookie-parser')());

...

const options = {
    cookieName: 'my-jwt',
    cookieSecret: '123',
    loginServerUrl: 'http://login.example.org'
}
server.use(require('frivillig-auth'), options);

...

server.get((req, res) => {
    res.end(`Logged in as ${req.session.email}`);
});