sails-hook-kimyjwt v0.2.0
Kimy JWT
Sails.js hook for JWT-based authentication, for humans.
If you're looking for using JSON Web Tokens on your Sails apps, you're on the right place.
Use
Install with
$ npm install sails-hook-kimyjwt
And then create the config on config/kimyjwt.js
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id", // This is an attribute in the model
passportLike: false // defaults to true
}
Next, you should only add the kimyjwt
policy to the routes you require the
authentication and you're done:
'get /user/protected/route': [{
policy: 'kimyjwt'
}, {
controller: 'UserController',
action: 'mySecureRoute'
}]
Options
Passport.js-like API
If you enable the Passport.js-like API then you can use the req.user
object
as you usually do in a Passport.js-based application:
// UserController
module.exports = {
secureRoute: function(req, res) {
res.json({
success: true,
message: "Welcome, " + req.user.name // Name is a property in the model
});
}
};
Magic Object in req.user
With the passportLike
option enabled, the hook can attach the full model
object to the req.user
object. This adds the possibility to the following
code to be used:
// someController.js
module.exports = {
myRoute: function(req, res) {
req.user.someMethodInTheModel();
// ...
res.json({
"success": true,
"message": "Well done, " + req.user.name + "!"
});
}
};
For doing so just add the magicObject
setting to true in the options
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id", // This is an attribute in the model
passportLike: true, // defaults to true
magicObject: true // defaults to false
}
Payload to the req
object
If you'd like to get the data contained in the JWT Payload in your controllers,
then you should only enable the option passPayloadInReq
(which defaults to
false
) in the config file for the module.
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id",
passportLike: true,
passPayloadInReq: true
}
So the following code can be used:
// someController.js
module.exports = {
myRoute: function(req, res) {
var issuedAt = req.payload.iat;
console.log("This token was issued at: " + new Date(issuedAt));
res.json({
message: "I think we're all good right now"
});
}
};
Use the Sails.js defined responses instead
If you create a unauthorized
response in the api/responses
folder you can
use it instead of the traditional more Express.js-styled response included
by default in the module. So, if your response is defined this way:
// unauthorized.js
module.exports = function unauthorized (data, options) {
var req = this.req;
return res.status(401).json({
authorized: false,
message: "You shall not pass"
});
};
You can enable this response for being the default one to be sent in the configs
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id",
passportLike: true,
useSailsResponses: true
}
Contribute
All PR and Issues are welcome. You can get in touch with @SoyOrlSan too.
About
(C) 2016, Orlando Sánchez & Jorge Santiago Álvarez, Grupo Jaque.