sa-express
v3.1.1
Published
Scratch Auth integration for Express. Just plug and play, minimal setup required
Downloads
33
Maintainers
Readme
Scratch Auth integration for Express
- Plug and play, minimal setup required
- Easy to use
Installation
npm install sa-express
Usage
const express = require('express');
const scratchauth = require('sa-express');
const app = express();
const needsAuth = scratchauth(app, {
secret: 'SuperSecret1234',
appName: 'My Cool Express App',
succeeded(req, res) {
res.redirect('/welcome');
},
failed(req, res) {
res.redirect('/authfailed');
},
});
Options
| Name | Description | Default |
| ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
| secret
| Secret that cookie-session
will use. It should be stored securely in an environment variable. | No default; this option is required |
| appName
| Name for Scratch Auth to use on the login page. | ''
|
| loginRoute
| Route for redirecting the user to Scratch Auth. | '/auth/login'
|
| verifyRoute
| Route for verifying Scratch Auth's repsonse. | '/auth/verify'
|
| logoutRoute
| Route for logging the user out. | '/auth/logout'
|
| logoutRedirect
| Route to redirect to after logging out. | '/'
|
| domain
| The domain of your app. This is only needed if your app unexpectedly redirects to localhost instead of your app's domain. It should not include http[s]://
or a trailing slash. | ''
|
| succeeded
| Called when the user has been logged in successfully. | (req, res) => res.redirect('/')
|
| failed
| Called when auth has failed. | (req, res) => res.send('Auth failed')
|
| cookie
| More options here. | By default lasts 7 days with sameSite: lax
. |
Using Auth/Protected Routes
Calling scratchauth
returns a middleware for protected routes. It will redirect the user to the route given if they are not logged in. By default, the route is whatever you passed for loginRoute
.
app.get('/dashboard', needsAuth(), (req, res) => {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
});
You can manually implement protected routes by using res.locals.loggedIn
:
app.get('/dashboard', (req, res) => {
if (res.locals.loggedIn) {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
} else {
res.redirect('/auth/login');
}
});
In fact, needsAuth
uses res.locals.loggedIn
under the hood, so both of the methods are exactly equivalent.
Demo Application
A demo can be found in demo/.