Hadrian

Fast and versatile authentication middleware for Express.js.

Hadrian is a flexible and dynamic authentication middleware for express.js. It has been designed to be easy to use, modular, unopinionated and take the complexities out of building authentication into server apps.

Hadrian simplifies authentication in express apps, removing unnecessary complexities while maintaining full flexibility to create and support any type of authentication strategy.

Installation

Ensure you have installed Express.js

$ npm install express

Install hadrian

$ npm install hadrian

Usage

Create a new Model instance by calling new Model(options)

You can provide a function for each of the authentication steps:

• extract - async (req) => query

• getUser - async (query, req) => user

• verify - async (query, user, req) => result

import { Model, Fail } from 'hadrian';

import { findUserByUserName } from './db';

const auth = new Model({
  name: 'password',
  authenticate: {
    extract: (req) => req.body,
    getUser: async (query) => findUserByUserName(query.username),
    verify: (query, user) => query.password && query.password === user.password
  },
  sessions: {
    useSessions: true,
    serialize: (deserializedUser) => deserializedUser.username,
    deserialize: (serializedUser) => findUserByUsername(serializedUser)
  }
});

The init() middleware must be called before any other authentication middleware and after parsing and sessions middleware(If sessions are required).

app.use(json({ extended: false }));
app.use(
  session({
    secret: 'a very secret secret',
    resave: false,
    saveUninitialized: false
  }),
);

app.use(auth.init());

Use the authenticate() middleware to authenticate a client.

app.use('/login', auth.checkUnauthenticated(), auth.authenticate(), (req, res) => {
  res.redirect('/home');
});

You can limit access to routes by using the checkAuthenticated() or checkUnauthenticated() middleware.

app.use('/api/private/', auth.checkAuthenticated({ onFail: { redirect: '/login' } }), privateApiRoutes);

You can also set default handlers when creating the Authentication model.

const auth = new Model({
  //............
  checkAuthenticated: {
    onFail: { redirect: '/login' }
  },
  checkUnauthenticated: {
    onFail: (req, res) => res.redirect('/home')
  }
})

You can use multiple authentication models in your app.

app.post(
  '/loginAuthOne',
  authOne.checkUnauthenticated({ by: 'self' }),
  authOne.authenticate()
);

app.post(
  '/loginAuthTwo',
  authTwo.checkUnauthenticated({ by: 'any' }),
  authTwo.authenticate()
);

app.post(
  'logoutAll',
  authOne.logout({ of: 'all' })
);

app.post(
  'logoutAuthOne',
  authOne.logout({ of: 'self' })
);

//......

For working examples and usage, please refer to the examples section on project Github

Meta

Jazz Brown – jazzbrown200@gmail.com

Distributed under the MIT license. See LICENSE for more information.

https://github.com/jazzbrown1/hadrian

Contributing

1. Fork it (https://github.com/jazzbrown1/hadrian/fork)
2. Create your feature branch (git checkout -b feature/fooBar)
3. Commit your changes (git commit -am 'Add some fooBar')
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request