user_id in connection info

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+## 1.1.0
+
+add user_id to res.connection, so request handlers can access the current user
+
+## 1.0.0
+
+initial release

README.md

@@ -1,6 +1,6 @@
 # @sapphirecode/auth-server-helper
 
-version: 1.0.x
+version: 1.1.x
 
 authentication middleware for express
 
@@ -46,6 +46,9 @@ use to authorize the following requests. it also sets a cookie to make
 requesting from the client more simple. (cookie parser is needed to make
 authentication with cookies possible)
 
+the id of the logged in user will be available in `res.connection.user_id` in
+all of the following request handlers.
+
 ### Excluding routes
 
 exceptions to the auth module can be added by adding an array of regular

index.js

@@ -41,7 +41,7 @@ function init (get_user, ignore_paths = []) {
  * @param {string} password hashed password
  * @returns {Promise<string>} session key if successful
  */
-async function authenticate (user, password) {
+async function authenticate (user, password, response) {
   const user_entry
     = await new Promise ((res) => res (me.get_user (user)));
 
@@ -51,6 +51,8 @@ async function authenticate (user, password) {
   if (!await password_helper.verify (user_entry.password, password))
     return null;
 
+  response.connection.user_id = user_entry.id;
+
   const session_key = crypto.sign_object (
     { id: user_entry.id },
     me.jwt_secret

mock_server.js

@@ -22,12 +22,13 @@ const password_helper = require ('@sapphirecode/password-helper');
 async function start_server () {
   const app = express ();
 
+  const id = 69;
   const name = 'testuser';
   const salt = crypto.create_salt ();
   const password = await password_helper.hash (
     crypto.hash_sha512 ('foo', salt)
   );
-  const user = { name, salt, password };
+  const user = { id, name, salt, password };
 
   app.use (auth ((user_name) => {
     if (user.name === user_name)
@@ -41,7 +42,7 @@ async function start_server () {
 
   app.use ((req, res) => {
     res.status (consts.http.status_ok)
-      .end ('foo');
+      .end (`foo:${res.connection.user_id}`);
   });
 
   app.listen (3000);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sapphirecode/auth-server-helper",
-  "version": "1.0.56",
+  "version": "1.1.0",
   "main": "index.js",
   "author": "Timo Hocker <timo@scode.ovh>",
   "license": "MIT",

test/index.js

@@ -30,14 +30,14 @@ test ('login', async (t) => {
   const resp = await fetch ('http://localhost:3000', { headers: { session } });
 
   t.is (resp.status, consts.http.status_ok);
-  t.is (await resp.text (), 'foo');
+  t.is (await resp.text (), 'foo:69');
 });
 
 test ('allow access to excluded paths', async (t) => {
   const resp = await fetch ('http://localhost:3000/noauthreg');
 
   t.is (resp.status, consts.http.status_ok);
-  t.is (await resp.text (), 'foo');
+  t.is (await resp.text (), 'foo:undefined');
 });
 
 test ('allow access to excluded paths with correct method', async (t) => {
@@ -47,7 +47,7 @@ test ('allow access to excluded paths with correct method', async (t) => {
   );
 
   t.is (resp.status, consts.http.status_ok);
-  t.is (await resp.text (), 'foo');
+  t.is (await resp.text (), 'foo:undefined');
 });
 
 test ('reject access to excluded paths with wrong method', async (t) => {