Auth Server Helper

Authentication middleware for express

Usage

const auth = require('@scode/auth-server-helper');
const password_helper = require('@scode/password_helper');

const users = {
  foo: {
    id: 0
    password: await password_helper.hash('bar'),
    salt: '123'
  }
}

// add cookieParser to allow session management via cookies
app.use(cookieParser());

// the middleware needs a function to determine user data
// this function can also return a promise
app.use(auth((user_name) => {
  if (!users[user_name])
    return null;
  return users[user_name];
}));

when a client logs in, it will set a header called 'session' that the client can use to authorize the following requests. it also sets a cookie to make requesting from the client more simple. (cookie parser is needed to make authentication with cookies possible)

Excluding routes

exceptions to the auth module can be added by adding an array of regular expressions a specific method can also be filtered for by giving an object instead of a plain regular expression.

auth(..., [/no-auth/, {regex: '/no-auth-post/', method: 'POST'}]);