1.0.0 • Published 9 years ago

hoodie-standalone-account v1.0.0

9 years ago


Account REST and front-end API

The hoodie-standalone-account server is a hapi plugin, that exposes a REST-ful API. It also exposes dynamically bundled & pre-initialised scripts for the account client


See current work in progress here http://docs.accountrestapi.apiary.io/ Comment / send PRs for apiary.apib.

Have a glance (might be outdated, check links above)

# sign in, check session, sign out
PUT /session
GET /session
DELETE /session

# sign up, get / update / destroy account
PUT /session/account
GET /session/account
PATCH /session/account
DELETE /session/account

# get / update profile
GET /session/account/profile
PATCH /session/account/profile

# requests (e.g. password resets / username reminder, user account confirmation)
POST /requests
GET /requests # admins only
GET /requests/{id}
DELETE /requests/{id}

# admins only: manage accounts
POST /accounts
GET /accounts
GET /accounts/{username}
PATCH /accounts/{username}
DELETE /accounts/{username}

Client API

The Client API can be loaded from /account.js. A pre-initiliased account API is set on window.account

Server API

var Hapi = require('hapi')
var hapiAccount = require('hoodie-standalone-account')

var options = {
  backend: {
    // Unless name=pouchdb, pass spawn-pouchdb-server options:
    // https://github.com/gr2m/spawn-pouchdb-server#options
    name: 'couchdb',
    location: 'http://admin:secret@localhost:5984'
  confirmation: 'auto',
  notifications: {
    service: 'gmail',
    auth: {
      user: 'gmail.user@gmail.com',
      pass: 'userpass'
    templates: {
      passwordreset: 'Dear {account.username},\n\nyou can reset your password at:\n{server.info.uri}/#resetPassword/{request.token}',
      confirmation: 'Dear {account.profile.name},\n\nyour confirmation code is {token}'
  schema: {
    username: {
      minlength: 3
    password: {
      minlength: 6
    profile: {
      required: ['name'],
      properties: {
        name: {
          type: 'string',
          minlength: 3
  requests: {
    upgrade: function (request, reply) {
      var server = request.connection.server
      var user = request.auth.credentials

      var promise = server.app.users.update({
        id: user.id,
        plan: request.params.plan


server.register({register: hapiAccount}, options, function (error) {
  // server is ready

  port: 8000

server.start(function () {
  console.log('Server running at %s', server.info.uri);

hoodie-standalone-account also adds a server.app.account.admin API, which is the same as the account admin client API.


Back-end adapter, currently only one supported is CouchDB. options.adapter.couchdb must either be a string of the CouchDB url, or a an object with couchdb.url, couchdb.auth.user and couchdb.auth.pass.


Account confirmation strategy.

  • "auto": accounts get confirmed automatically
  • "email": user receives email with confirmation token / url
  • "invite-only": user receives email with invitation token, that needs to be passed on sign up
  • false: Admins confirm manually, or custom logic / 3rd-party plugins


Settings to send notifications to users like password resets and account confirmations. notifications.service and notifications.auth should be compatible with nodemailer

options.notifications.templates are templates for notifications being sent out by the server.


A JSON schema to validate account properties against.


Handlers for custom requests