hapi-password
A Hapi plugin that provides an easy-to-use password authentication scheme and login page for your routes.
Install
npm install hapi-password
or
yarn add hapi-password
Usage
// register the plugin with your hapi server:server;
Now your routes are password protected! Invoking a protected route will cause hapi to redirect the browser to the '/login' page. Once logged in, session authentication is provided by the cookie, which is fully configurable and lasts until the ttl timer expires. To review, the steps were:
- create a hapi server
- register the hapi-password plugin with your server
- register the strategy with whatever options you want
- define your routes
See the example folder and the unit tests in test/server-test.js for more examples.
Strategy options
These are options that you can pass to your call to server.auth.strategy:
- password: a password or map of passwords -> user credentials. If only one password is provided, then all users will share that one common password and one common account. Alternatively you can provide an object, where the keys are the passwords and the values are the hapi user credentials object associated with that password.
- salt: a [salt](https://en.wikipedia.org/wiki/Salt_(cryptography) used for encrypting passwords.
- cookieName: the name to give the authentication cookie
- ttl: how long (in milliseconds) before the cookie is unset and the authentication expires
- queryKey: the query parameter that specifies the key
- loginForm: data to pass to the login.html view
Registration Options
Thse are options that you can pass to your call to server.register, when registering the plugin:
- cookiePath: the path of the authentication cookie (see https://www.nczonline.net/blog/2009/05/05/http-cookies-explained/ for help understanding cookie paths). Default is '/'.
- schemeName: the name hapi will use to identify this authentication scheme, can be whatever you want. The default is "password".
A First + Third Project