42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
# Auth Server Helper
|
|
|
|
Authentication middleware for express
|
|
|
|
## Usage
|
|
|
|
```js
|
|
const auth = require('@scode/auth-server-helper');
|
|
const password_helper = require('@scode/password_helper');
|
|
|
|
const users = {
|
|
foo: {
|
|
id: 0
|
|
password: await password_helper.hash('bar'),
|
|
salt: '123'
|
|
}
|
|
}
|
|
|
|
// add cookieParser to allow session management via cookies
|
|
app.use(cookieParser());
|
|
|
|
// the middleware needs a function to determine user data
|
|
// this function can also return a promise
|
|
app.use(auth((user_name) => {
|
|
if (!users[user_name])
|
|
return null;
|
|
return users[user_name];
|
|
}));
|
|
|
|
```
|
|
|
|
when a client logs in, it will set a header called 'session' that the client can use to authorize the following requests.
|
|
it also sets a cookie to make requesting from the client more simple. (cookie parser is needed to make authentication with cookies possible)
|
|
|
|
## Excluding routes
|
|
|
|
exceptions to the auth module can be added by adding an array of regular expressions
|
|
a specific method can also be filtered for by giving an object instead of a plain regular expression.
|
|
|
|
```js
|
|
auth(..., [/no-auth/, {regex: '/no-auth-post/', method: 'POST'}]);
|
|
``` |