just-auth
Simple SPA focused token based authentication for Express.js
This library follows convention over configuration, but configuration is available
Installation
Download node at nodejs.org and install it, if you haven't already.
npm install just-auth --save
Usage
const express = require('express');
const justAuth = require('just-auth');
const app = express();
const auth = justAuth({
secret: 'c47sRfunny101',
getUser(email, callback) {
// if error: callback({ myerror: 'failure' });
// if success: callback(undefined, { email: 'my@email', passwordHash: '%asdaq42ad..' });
},
// Default behavior (don't specify if this suites you)
configureToken(user) {
// user without passwordHash
return user;
}
});
app.use('/auth', auth.router);
// Can also use `succeeded()` and `failed()` for redirects, etc.
// See https://www.npmjs.com/package/express-authentication
app.use('/api/admin', auth.middleware.required());
app.listen(80);
POST to /auth/login
with { email: 'my@email', password: 'bacon' }
.
Result will be JSON, e.g. { token: '2mkql3...' }
.
Note: To use the built in password utilities, you can use the following:
const passUtils = require('just-auth/lib/password');
const isValid = passUtils.validate(pass, hash);
passUtils.hash(pass, function (err, hash) {
// error or hash
});
Available Options
-
secret
- String, required. -
loginEndpoint
- String, defaults to '/login'. -
idField
- String, defaults to 'email', the field name of the identifier for the user. The value of this field is passed to thegetUser
function. -
passwordField
- String, defaults to 'password'. -
passwordHashField
- String, defaults to 'passwordHash'. -
rememberMeField
- String, defaults to 'rememberMe'. -
rememberMeAdditionalMinutes
- Number, defaults to 13 days in minutes. -
tokenOptions
- Object, defaults to this. See full options here.
Methods
-
getUser
- Required; Function,function (id, callback)
, should return a user object or an error via the callback. -
configureToken
- Function,function (user)
, should return the data that you want in the token, defaults touser
if not specified. -
validatePassword
- Function,function (password, passwordHash)
should return a promise. By default this ispbkdf2Utils.verify
, see here.
Tests
npm install
npm test
License
ISC