3.1.1 • Published 1 year ago
sa-express v3.1.1
Scratch Auth integration for Express
- Plug and play, minimal setup required
- Easy to use
Installation
npm install sa-express
Usage
const express = require('express');
const scratchauth = require('sa-express');
const app = express();
const needsAuth = scratchauth(app, {
secret: 'SuperSecret1234',
appName: 'My Cool Express App',
succeeded(req, res) {
res.redirect('/welcome');
},
failed(req, res) {
res.redirect('/authfailed');
},
});
Options
Name | Description | Default |
---|---|---|
secret | Secret that cookie-session will use. It should be stored securely in an environment variable. | No default; this option is required |
appName | Name for Scratch Auth to use on the login page. | '' |
loginRoute | Route for redirecting the user to Scratch Auth. | '/auth/login' |
verifyRoute | Route for verifying Scratch Auth's repsonse. | '/auth/verify' |
logoutRoute | Route for logging the user out. | '/auth/logout' |
logoutRedirect | Route to redirect to after logging out. | '/' |
domain | The domain of your app. This is only needed if your app unexpectedly redirects to localhost instead of your app's domain. It should not include http[s]:// or a trailing slash. | '' |
succeeded | Called when the user has been logged in successfully. | (req, res) => res.redirect('/') |
failed | Called when auth has failed. | (req, res) => res.send('Auth failed') |
cookie | More options here. | By default lasts 7 days with sameSite: lax . |
Using Auth/Protected Routes
Calling scratchauth
returns a middleware for protected routes. It will redirect the user to the route given if they are not logged in. By default, the route is whatever you passed for loginRoute
.
app.get('/dashboard', needsAuth(), (req, res) => {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
});
You can manually implement protected routes by using res.locals.loggedIn
:
app.get('/dashboard', (req, res) => {
if (res.locals.loggedIn) {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
} else {
res.redirect('/auth/login');
}
});
In fact, needsAuth
uses res.locals.loggedIn
under the hood, so both of the methods are exactly equivalent.
Demo Application
A demo can be found in demo/.