-
-
Save smebberson/1581536 to your computer and use it in GitHub Desktop.
| node_modules | |
| *.swp |
| var express = require('express'); | |
| var port = 8999; | |
| var app = express.createServer(); | |
| function checkAuth (req, res, next) { | |
| console.log('checkAuth ' + req.url); | |
| // don't serve /secure to those not logged in | |
| // you should add to this list, for each and every secure url | |
| if (req.url === '/secure' && (!req.session || !req.session.authenticated)) { | |
| res.render('unauthorised', { status: 403 }); | |
| return; | |
| } | |
| next(); | |
| } | |
| app.configure(function () { | |
| app.use(express.cookieParser()); | |
| app.use(express.session({ secret: 'example' })); | |
| app.use(express.bodyParser()); | |
| app.use(checkAuth); | |
| app.use(app.router); | |
| app.set('view engine', 'jade'); | |
| app.set('view options', { layout: false }); | |
| }); | |
| require('./lib/routes.js')(app); | |
| app.listen(port); | |
| console.log('Node listening on port %s', port); |
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Express authentication example | |
| p Navigate to | |
| ul | |
| li: a(href="/secure") Secure content | |
| li: a(href="/welcome") Welcome page | |
| li: a(href="/logout") Logout |
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Sign-in to this Express authentication example | |
| p Use <i>user</i> for the username and <i>pass</i> for the password. | |
| form(method='post') | |
| p | |
| label(for='username') Username | |
| input(type='text', name='username') | |
| p | |
| label(for='password') Password | |
| input(type='password', name='password') | |
| input(type='submit') | |
| - each message in flash | |
| h4(style="color: red;") #{message} |
| { | |
| "author": "Scott Mebberson (http://www.scottmebberson.com/)", | |
| "name": "gist-expressauthentication", | |
| "description": "Simple Express authentication example", | |
| "version": "0.0.0", | |
| "homepage": "https://gist.github.com/1581536", | |
| "repository": { | |
| "type": "git", | |
| "url": "[email protected]:1581536.git" | |
| }, | |
| "scripts": { | |
| "start": "node app.js" | |
| }, | |
| "engines": { | |
| "node": "~0.4.12" | |
| }, | |
| "dependencies": { | |
| "express": "2.2.x", | |
| "jade": "0.20.x" | |
| }, | |
| "devDependencies": {} | |
| } |
| var util = require('util'); | |
| module.exports = function (app) { | |
| app.get('/', function (req, res, next) { | |
| res.render('index'); | |
| }); | |
| app.get('/welcome', function (req, res, next) { | |
| res.render('welcome'); | |
| }); | |
| app.get('/secure', function (req, res, next) { | |
| res.render('secure'); | |
| }); | |
| app.get('/login', function (req, res, next) { | |
| res.render('login', { flash: req.flash() } ); | |
| }); | |
| app.post('/login', function (req, res, next) { | |
| // you might like to do a database look-up or something more scalable here | |
| if (req.body.username && req.body.username === 'user' && req.body.password && req.body.password === 'pass') { | |
| req.session.authenticated = true; | |
| res.redirect('/secure'); | |
| } else { | |
| req.flash('error', 'Username and password are incorrect'); | |
| res.redirect('/login'); | |
| } | |
| }); | |
| app.get('/logout', function (req, res, next) { | |
| delete req.session.authenticated; | |
| res.redirect('/'); | |
| }); | |
| }; |
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Hi, secure user. | |
| p Navigate to | |
| ul | |
| li: a(href="/secure") Secure content | |
| li: a(href="/welcome") Welcome page | |
| li: a(href="/logout") Logout |
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Welcome |
Thank you. This was very helpful.
Thanks so much ^^!
This is great. Thanks so much.
Veru useful.
Thanks! Really useful, one thing - req.body.username and req.body.password are checked twice in the same line:
req.body.username && req.body.username === 'user'
Is this intended?
Thanks! another thing:
var util = require('util');
It's not necessary, right?
@guumo right.
Excellent. Just what I needed
Why do you check req.body.username && req.body.username === 'user' (same with password)? Is there any reason to that instead of just checking req.body.username ==='user'? If username doesn't existing, wouldn't it fail anyway?
I can't run it...
"TypeError: mime.lookup i not a function"
why is that?
@ggalihpp I had the same issue. I fixed by: npm install mime@^1
@smebberson: Great project!
Perfect! DANKE!
I changed line 12 in app.js from
req.url === '/secure'
to
req.url.indexOf("/secure")===0
Now every request inside /secure ( '/secure/foo' or '/secure/johndoe') requires authentication without the need to add additional urls to the list in the checkAuth-function
@dgabrahams, @dagoss: Imagine req.body.username was undefined. If you accessed the variable's value without checking whether it is truthy, you would be confronted with an exception.
is the use of next in (req, res, next) necessary as next is reserved for middlewares
This is fantastic!
Just wanted to say that this was really helpful to get my feet wet! Much appreciated!