Skip to content
/ authstarter Public

Add mongodb based authentication to an express web app with three lines of code

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tqc/authstarter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
static
static
 
 
views
views
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
authstarter.js
authstarter.js
 
 
package.json
package.json
 
 

Repository files navigation

#Auth Starter

This is the authentication code I find myself implementing on every project that needs a basic password protected demo or admin site. The flexibility of passport is nice, but for a simple app with few users all you need is something that works with minimal effort.

  • Express 3
  • Based on passport-local
  • Username/password stored in mongodb
  • Limit unsuccessful login attempts (3 per minute by default)
  • Password hashing
  • Users cached in memory to avoid excessive db requests
  • Redirection to original url
  • Hash preserved in redirection urls
  • Default login form provided if not overridden by creating views/login.jshtml

The following routes are added to the app:

  • GET /login
  • POST /login
  • GET /logout
  • GET /loginredirect

Installation

npm install authstarter

To create necessary auth related view files, run

node
require("authstarter").setup();

Usage

var partials = require('express-partials');
var AuthStarter = require("authstarter");

var app = express();

app.use(partials());

app.configure(function() {
    app.use(express.cookieParser());
    app.use(express.session({
        secret: 'secret'
    }));
    app.use(express.bodyParser());

    AuthStarter.configure(app);
    app.use(app.router);
    app.use(express.static(__dirname + '/static'));
    app.engine('jshtml', require('jshtml-express'));
    app.set('view engine', 'jshtml');
});


app.get('/', AuthStarter.ensureAuthenticated, function(req, res) {
    req.send('Secured content');
});

User setup

The user store is a mongodb collection containing documents like:

{
  _id: ObjectId("537159a186915c696a000521"),
  username: "username",
  password: "password",
  roles: {
    admin: false
  }
}

Passwords may be either plain text or hashed in the format used by https://github.com/davidwood/node-password-hash

Users may be created manually or using one of the provided functions that include password hashing.

AuthStarter.addUser("username", "password", {"user": true, "admin":false});

AuthStarter.setPassword(username, password);

Options

var settings = {
    mongoUrl: process.env.MONGOHQ_URL,
    baseUrl: process.env.SECURE_DOMAIN,
    userCollection: process.env.USER_COLLECTION || 'AdminUsers',
    hashOptions: {
        algorithm: "sha512"
    },
    maxAttempts: 3,
    layout: "blanklayout",
    title: "Log In",
    customCss: ""
};

AuthStarter.configure(app, settings);
  • mongoUrl - a mongodb url as used by mongo-native
  • baseUrl - used to make redirects absolute. eg "https://example.com"
  • userCollection - name of the mongodb collection
  • hashOptions - as used by password-hash
  • maxAttempts - number of incorrect login attempts allowed within one minute

About

Add mongodb based authentication to an express web app with three lines of code

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages