Created
January 9, 2012 06:46
-
-
Save smebberson/1581536 to your computer and use it in GitHub Desktop.
Express simple authentication example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| node_modules | |
| *.swp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var express = require('express'); | |
| var port = 8999; | |
| var app = express.createServer(); | |
| function checkAuth (req, res, next) { | |
| console.log('checkAuth ' + req.url); | |
| // don't serve /secure to those not logged in | |
| // you should add to this list, for each and every secure url | |
| if (req.url === '/secure' && (!req.session || !req.session.authenticated)) { | |
| res.render('unauthorised', { status: 403 }); | |
| return; | |
| } | |
| next(); | |
| } | |
| app.configure(function () { | |
| app.use(express.cookieParser()); | |
| app.use(express.session({ secret: 'example' })); | |
| app.use(express.bodyParser()); | |
| app.use(checkAuth); | |
| app.use(app.router); | |
| app.set('view engine', 'jade'); | |
| app.set('view options', { layout: false }); | |
| }); | |
| require('./lib/routes.js')(app); | |
| app.listen(port); | |
| console.log('Node listening on port %s', port); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Express authentication example | |
| p Navigate to | |
| ul | |
| li: a(href="/secure") Secure content | |
| li: a(href="/welcome") Welcome page | |
| li: a(href="/logout") Logout |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Sign-in to this Express authentication example | |
| p Use <i>user</i> for the username and <i>pass</i> for the password. | |
| form(method='post') | |
| p | |
| label(for='username') Username | |
| input(type='text', name='username') | |
| p | |
| label(for='password') Password | |
| input(type='password', name='password') | |
| input(type='submit') | |
| - each message in flash | |
| h4(style="color: red;") #{message} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "author": "Scott Mebberson (http://www.scottmebberson.com/)", | |
| "name": "gist-expressauthentication", | |
| "description": "Simple Express authentication example", | |
| "version": "0.0.0", | |
| "homepage": "https://gist.github.com/1581536", | |
| "repository": { | |
| "type": "git", | |
| "url": "git@gist.github.com:1581536.git" | |
| }, | |
| "scripts": { | |
| "start": "node app.js" | |
| }, | |
| "engines": { | |
| "node": "~0.4.12" | |
| }, | |
| "dependencies": { | |
| "express": "2.2.x", | |
| "jade": "0.20.x" | |
| }, | |
| "devDependencies": {} | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var util = require('util'); | |
| module.exports = function (app) { | |
| app.get('/', function (req, res, next) { | |
| res.render('index'); | |
| }); | |
| app.get('/welcome', function (req, res, next) { | |
| res.render('welcome'); | |
| }); | |
| app.get('/secure', function (req, res, next) { | |
| res.render('secure'); | |
| }); | |
| app.get('/login', function (req, res, next) { | |
| res.render('login', { flash: req.flash() } ); | |
| }); | |
| app.post('/login', function (req, res, next) { | |
| // you might like to do a database look-up or something more scalable here | |
| if (req.body.username && req.body.username === 'user' && req.body.password && req.body.password === 'pass') { | |
| req.session.authenticated = true; | |
| res.redirect('/secure'); | |
| } else { | |
| req.flash('error', 'Username and password are incorrect'); | |
| res.redirect('/login'); | |
| } | |
| }); | |
| app.get('/logout', function (req, res, next) { | |
| delete req.session.authenticated; | |
| res.redirect('/'); | |
| }); | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Hi, secure user. | |
| p Navigate to | |
| ul | |
| li: a(href="/secure") Secure content | |
| li: a(href="/welcome") Welcome page | |
| li: a(href="/logout") Logout |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !!! 5 | |
| html(lang='en') | |
| head | |
| title Express authentication example | |
| body | |
| h1 Welcome |
Thanks! Really useful, one thing - req.body.username and req.body.password are checked twice in the same line:
req.body.username && req.body.username === 'user'
Is this intended?
Thanks! another thing:
var util = require('util');
It's not necessary, right?
@guumo right.
Excellent. Just what I needed
Why do you check req.body.username && req.body.username === 'user' (same with password)? Is there any reason to that instead of just checking req.body.username ==='user'? If username doesn't existing, wouldn't it fail anyway?
I can't run it...
"TypeError: mime.lookup i not a function"
why is that?
@ggalihpp I had the same issue. I fixed by: npm install mime@^1
@smebberson: Great project!
Perfect! DANKE!
I changed line 12 in app.js from
req.url === '/secure'
to
req.url.indexOf("/secure")===0
Now every request inside /secure ( '/secure/foo' or '/secure/johndoe') requires authentication without the need to add additional urls to the list in the checkAuth-function
@dgabrahams, @dagoss: Imagine req.body.username was undefined. If you accessed the variable's value without checking whether it is truthy, you would be confronted with an exception.
is the use of next in (req, res, next) necessary as next is reserved for middlewares
This is fantastic!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Veru useful.