0.5.1 • Published 5 years ago
komapi-passport v0.5.1
komapi-passport
Disclaimer: There will be breaking changes and outdated documentation during the pre-v1.0.0 cycles.
Recommended middleware for authentication in komapi. This is a Koa compatible implementation of Passport and an alternative to koa-passport.
Please refer to Passport for more information on how to use passport.
Documentation
Installation
Install through npm and require it in your index.js
file.
$ npm install --save komapi-passport passport-http bcrypt
Hello World
Try GET /
using the simple example application below. This example uses http basic authentication, but all passport strategies are supported.
Username is "jeffj" and password is "mylittlesecret".
// Dependencies
import Koa from 'koa';
import passport, { mutateApp } from 'komapi-passport';
import { BasicStrategy } from 'passport-http';
import bcrypt from 'bcrypt';
// Init
const app = new Koa();
mutateApp(app); // This is optional. See the tips (1) for description
const user = {
id: 1,
username: 'jeffj',
name: 'Jeff Jagger',
passwordHash: '$2a$06$5f2353rB/Jgb0s8vRKteluCJR2WY1E97.0htzB6RW.O1LJa.BQamu', // mylittlesecret
};
// Setup
passport.use(
new BasicStrategy((username, password, done) => {
console.log(username, password);
if (username !== user.username) return done(null, false);
bcrypt.compare(password, user.passwordHash, (err, res) => {
if (err) return done(err);
if (!res) return done(null, false);
return done(null, user);
});
}),
);
// Middlewares
app.use(passport.initialize());
app.use(passport.authenticate(['basic']));
app.use('/', passport.ensureAuthenticated(), ctx => {
ctx.body = {
isAuthenticated: ctx.isAuthenticated(),
user: ctx.state.user, // or 'ctx.auth' or 'ctx.request.auth' for consistency, regardless of passport user property
};
});
// Listen
app.listen(process.env.PORT || 3000);
Tips
- For better performance, use
mutateApp(app);
in your application bootstrap. This adds an application wide compatibility layer between Passport and Koa. If you do not use this, the compatibility layer will be added on a per-request basis - thus reducing performance slightly. - If you allow unauthenticated requests (e.g. using
passport-anonymous
strategy) you can enforce authentication on some of your routes with the includedPassport.ensureAuthenticated()
middleware.
Contributing
This project follows angular commit conventions.
Release
Run npm run release
to publish a new release and npm run release --tag=next
to publish a pre-release.