@fabrix/spool-passport
v1.6.0
Published
Spool - To allow passport authentification for a Fabrix application
Downloads
40
Maintainers
Readme
spool-passport
[![Test Coverage][coverage-image]][coverage-url]
Dependencies
Supported ORMs
| Repo | Build Status (edge) | |---------------|---------------------------------------| | spool-sequelize | |
Supported Webserver
| Repo | Build Status (edge) | |---------------|---------------------------------------| | spool-express | |
Intallation
With the cli:
$ npm install -g @fabrix/fab-cli
$ fab install spool spool-passport
With npm (you will have to create config file manually):
npm install --save @fabrix/spool-passport
Configuration
First you need to add this spool to your main configuration :
// config/main.ts
import { PassportSpool } from '@fabrix/spool-passport'
export const main = {
// ...
spools: [
// ...
PassportSpool,
// ...
]
// ...
}
You need to add passportInit
and optionally passportSession
:
// config/web.ts
middlewares: {
order: [
'addMethods',
'cookieParser',
'session',
'passportInit',
'passportSession',
'bodyParser',
'methodOverride',
'router',
'www',
'404',
'500'
]
}
And to configure passport:
// config/passport.ts
const JwtStrategy = require('passport-jwt').Strategy
const ExtractJwt = require('passport-jwt').ExtractJwt
const EXPIRES_IN_SECONDS = 60 * 60 * 24
const SECRET = process.env.tokenSecret || 'mysupersecuretoken'
const ALGORITHM = 'HS256'
const ISSUER = 'localhost'
const AUDIENCE = 'localhost'
export const passport = {
redirect: {
login: '/',// Login successful
logout: '/'// Logout successful
},
bcrypt: require('bcryptjs'), // custom bcrypt version if you prefer the native one instead of full js
// Called when user is logged, before returning the json response
onUserLogin: (req, app, user) => {
return Promise.resolve(user)
},
onUserLogout: (req, app, user) => {
return Promise.resolve(user)
},
// Optional: can be used to merge data from all third party profiles and the default user properties.
mergeThirdPartyProfile: (user, profile) => {
const mergedProfile = {
email: user.email,
gender: profile.gender
}
return Promise.resolve(mergedProfile)
},
strategies: {
jwt: {
strategy: JwtStrategy,
tokenOptions: {
expiresInSeconds: EXPIRES_IN_SECONDS,
secret: SECRET,
algorithm: ALGORITHM,
issuer: ISSUER,
audience: AUDIENCE
},
options: {
secretOrKey: SECRET,
issuer: ISSUER,
audience: AUDIENCE,
jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme("jwt")
}
},
local: {
strategy: require('passport-local').Strategy,
options: {
usernameField: 'username' // If you want to enable both username and email just remove this field
}
}
/*
twitter : {
name : 'Twitter',
protocol : 'oauth',
strategy : require('passport-twitter').Strategy,
options : {
consumerKey : 'your-consumer-key',
consumerSecret : 'your-consumer-secret'
}
},
facebook : {
name : 'Facebook',
protocol : 'oauth2',
strategy : require('passport-facebook').Strategy,
options : {
clientID : 'your-client-id',
clientSecret : 'your-client-secret',
scope : ['email'] // email is necessary for login behavior
}
},
google : {
name : 'Google',
protocol : 'oauth2',
strategy : require('passport-google-oauth').OAuth2Strategy,
options : {
clientID : 'your-client-id',
clientSecret : 'your-client-secret'
}
}
github: {
strategy: require('passport-github').Strategy,
name: 'Github',
protocol: 'oauth2',
options: {
clientID : 'your-client-id',
clientSecret : 'your-client-secret',
callbackURL: 'your-app-url' + '/auth/google/callback',
scope: [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/plus.profile.emails.read'
]
}
}*/
}
}
Then make sure to include the new file in config/index.ts
//config/index.ts
...
export { passport } from './passport'
WARNING : be sure you configure sessions correctly if your strategies need them
Further documentation on passport-jwt config can be found at themikenicholson/passport-jwt
Usage
Policies
Now you can apply some policies to control sessions under config/policies.ts
ViewController: {
helloWorld: [ 'Passport.sessionAuth' ]
}
or
ViewController: {
helloWorld: [ 'Passport.jwt' ]
}
Routes prefix
By default auth routes do not have a prefix, you can change this prefix by setting config.router.prefix
or by setting config.passport.prefix
.
Log/Register users with third party providers
You can register or log users with third party strategies by redirect the user to :
http://localhost:3000/auth/{provider}
example github
http://localhost:3000/auth/github
Log/Register users with credentials
For adding a new user you can make a POST to auth/local/register
with at least this fields : username
(or email
) and password
.
For local authentication you have to POST credentials to /auth/local
in order to log the user.
Disconnect
If you want to disconnect a user from a provider you can call :
http://localhost:3000/auth/{provider}/disconnect
example if a user don't want to connect with github anymore
http://localhost:3000/auth/github/disconnect
Logout
Just make a POST or GET request to auth/logout