K-passport NPM

Derby.js Passport Authentication

For Derby/Racer 0.6

Provides authentication middleware (using Passport) for use in your Derby projects.

##Demo

https://k-passport.herokuapp.com

##Installation

npm install k-passport --save

// the main object in server side starter script
passport = require("k-passport");

###Step 1 configure

/*
Setup a hash of strategies you'll use - strategy objects and their configurations
Note, API keys should be stored as environment variables (eg, process.env.FACEBOOK_KEY) or you can use nconf to store
them in config.json, which we're doing here
*/
var passportStrategies = {
  facebook: {
    strategy: require("passport-facebook").Strategy,
    conf: {
      clientID: '1234',
      clientSecret: '5678'
    }
  },
  twitter: {
    strategy: require("passport-twitter").Strategy,
    conf: {
      consumerKey: 'qwerty',
      consumerSecret: 'uiop'
    }
  }
};

Create a json object that holds the configuration. Most of these will get sane defaults (see lib/options.js for an example), so it's not entirely necessary to create this whole object.

var options = {
    "messages": {
        "failureFlash": true,
        "successFlash": "Logged in"
    },
    "redirects": {
        "failureRedirect": "/",
        "successRedirect": "/"
    },
    "urls": {
        "login": "/login",
        "logout": "/logout",
        "register": "/register",
        "passwordReset": "/password-reset",
        "passwordChange": "/password-change"
    },
    "form": {
        "email": {
            "required": true,
            "unique": true,
            "human": "Email address"
        },
        "username": {
            "required": true,
            "unique": true,
            "validation": "^[a-zA-Z0-9_äöåÄÖÅ]{3,32}$",
            "human": "Username"
        },
        "password": {
            "required": true,
            "unique": true,
            "validation": "^.{8,32}$",
            "human": "Password"
        }
    },
    "fields": {
        "emailField": "email",
        "usernameField": "username",
        "passwordField": "password",
        "passwordField2": "password2"
    },
    "site": {
        "domain": "http://localhost:3000",
        "name": "My Site",
        "email": "admin@mysite.com"
    },
    "smtp": {
        "host": "smtp.mailgun.org",
        "port": "587",
        "user": "postmaster@app123.mailgun.org",
        "pass": "123456"
    }
}

###Step 2 configure, initialize the store, setup strategies

passport.configure(options)
passport.store(store)

###Step 3 add middleware Make sure your express app is using sessions & body-parsing

expressApp
    ...
    .use(express.cookieParser())
    .use(express.session({
        secret: conf.get('SESSION_SECRET')
        store: new MongoStore({url: mongoUrl, safe: true})
    }))
    .use(express.bodyParser())
    .use(express.methodOverride())

Use k-passport's mounted middleware

    ...
    # passport.middleware is inserted after modelMiddleware and before the app router to pass server accessible data to a model
    .use(passport.middleware(expressApp, strategies))
    ...

###Step 4 login & register components (optional) If you want drop-in Login and Register forms, you can use the provided components. To enable these, you'll need this in your /src/app/index.coffee (or similar) file:

app.component(require('k-passport/component'))

To actually add the login/register component into yout template, do these:

<view name="k-passport:login"></view>

<view name="k-passport:register"></view>

<view name="k-passport:password-reset"></view>

Use http://purecss.io/ to see somewhat nicer looking forms. Just download the minified css file and import it in your index.styl.

###Step 5 flash messages (optional, recommended)

Use derby-flash with this to see all the messages this module outputs.

Why not EveryAuth?

This project was originally implemented with Everyauth (see branch in original project), but had some issues: 1. Every provider had to be implemented individually in code. Passport has an abstraction layer, which is what allows us to pass in Strategy + conf objects in server/index.js for every provider we want enabled. 2. Password authentication posed technical difficulties. See the Google Group discussion

The derby-examples/auth folder, written by the creators of Derby, uses Everyauth - so if you can't get derby-auth/derby-passport working, you may want to give that a shot. Note, it doesn't yet implement username / password authentication.