trailpack-passport
📦 Trailpack to allow passport authentification to Trails application
WARNING :
This Trailpack work only with trailpack-express as webserver
This Trailpack work only with these ORMs:
Intallation
With yo :
npm install -g yo generator-trails
yo trails:trailpack trailpack-passport
With npm (you will have to create config file manually) :
npm install --save trailpack-passport
Configuration
First you need to add this trailpack to your main configuration :
// config/main.js moduleexports = ... packs: ... ... ...
You need to add passportInit
and optionally passportSession
:
// config/web.jsmiddlewares: order: 'addMethods' 'cookieParser' 'session' 'passportInit' 'passportSession' 'bodyParser' 'methodOverride' 'router' 'www' '404' '500'
And to configure passport:
// config/passport.js'use strict' const JwtStrategy = Strategyconst ExtractJwt = ExtractJwt const EXPIRES_IN_SECONDS = 60 * 60 * 24const SECRET = processenvtokenSecret || 'mysupersecuretoken';const ALGORITHM = 'HS256'const ISSUER = 'localhost'const AUDIENCE = 'localhost' moduleexports = redirect: login: '/'//Login successful logout: '/'//Logout successful bcrypt: // custom bcrypt version if you prefer the native one instead of full js //Called when user is logged, before returning the json response { return Promise } //Optional: can be used to merge data from all third party profiles and the default user properties. { const mergedProfile = email: useremail gender: profilegender return Promise } strategies: jwt: strategy: JwtStrategy tokenOptions: expiresInSeconds: EXPIRES_IN_SECONDS secret: SECRET algorithm: ALGORITHM issuer: ISSUER audience: AUDIENCE options: secretOrKey: SECRET issuer: ISSUER audience: AUDIENCE jwtFromRequest: ExtractJwt local: strategy: Strategy options: usernameField: 'username' // If you want to enable both username and email just remove this field /* twitter : { name : 'Twitter', protocol : 'oauth', strategy : require('passport-twitter').Strategy, options : { consumerKey : 'your-consumer-key', consumerSecret : 'your-consumer-secret' } }, facebook : { name : 'Facebook', protocol : 'oauth2', strategy : require('passport-facebook').Strategy, options : { clientID : 'your-client-id', clientSecret : 'your-client-secret', scope : ['email'] // email is necessary for login behavior } }, google : { name : 'Google', protocol : 'oauth2', strategy : require('passport-google-oauth').OAuth2Strategy, options : { clientID : 'your-client-id', clientSecret : 'your-client-secret' } } github: { strategy: require('passport-github').Strategy, name: 'Github', protocol: 'oauth2', options: { clientID : 'your-client-id', clientSecret : 'your-client-secret', callbackURL: 'your-app-url' + '/auth/google/callback', scope: [ 'https://www.googleapis.com/auth/plus.login', 'https://www.googleapis.com/auth/plus.profile.emails.read' ] } }*/
Then make sure to include the new file in config/index.js
//config/index.js
...
exports.passport = require('./passport')
WARNING : be sure you configure sessions correctly if your strategies need them
Further documentation on passport-jwt config can be found at themikenicholson/passport-jwt
Usage
Policies
Now you can apply some policies to control sessions under config/policies.js
ViewController: {
helloWorld: [ 'Passport.sessionAuth' ]
}
or
ViewController: {
helloWorld: [ 'Passport.jwt' ]
}
Routes prefix
By default auth routes doesn't have prefix, but if you use trailpack-footprints
it automatically use footprints prefix to match your API. You can change this prefix by setting config.passport.prefix
.
Log/Register users with third party providers
You can register or log users with third party strategies by redirect the user to :
http://localhost:3000/auth/{provider}
example github
http://localhost:3000/auth/github
Log/Register users with credentials
For adding a new user you can make a POST to auth/local/register
with at least this fields : username
(or email
) and password
.
For local authentification you have to POST credentials to /auth/local
in order to log the user.
Disconnect
If you want to disconnect a user from a provider you can call :
http://localhost:3000/auth/{provider}/disconnect
example if a user don't want to connect with github anymore
http://localhost:3000/auth/github/disconnect
Logout
Just make a GET to auth/logout
Disabling login and/or registration
In order to do that, you just need to add a custom policy on your project that will return a 404 for the following methods:
AuthController.login
and AuthController.register
Full example
If you have some trouble, you can view a full example with JWT and local strategies here : https://github.com/jaumard/trails-example-express Clone the repo and play a little with it to see how it works :)
License
Support on Beerpay
Hey dude! Help me out for a couple of 🍻!