This is a resume about an authentication method.
I tried to use express.basicAuth, but it forces the browser to ask for user and pass, and I need to use my own login page, like google, facebook yahoo...
Is this right? Is there any better way to do this?
I want to avoid modules, like passport, if I can.
I want to use a function like this, using auth middleware (app.get('/loggedin', auth, function(req, res)...)
var express = require('express');
var app = express();
app.use(express.cookieParser());
var RedisStore = require('connect-redis')(express);
app.use(express.session({
store: new RedisStore({
host: 'localhost',
port: 6379,
db: 2,
pass: 'RedisPASS'
}), secret: '1234567890QWERTY'
}));
var auth = function(req, res, next) {
if (req.session.authStatus === 'loggedIn')
next();
else
res.redirect('/login');
};
app.get('/', function(req, res) {
console.log("/");
res.send('not authenticate');
});
app.get('/signin', function(req, res) {
console.log("/signin");
if (req.body.user && req.body.pass)
{
req.user = req.body.user;
req.remoteUser = req.body.user;
req.session.authStatus = 'loggedIn';
req.session.lastPage = '/signin';
res.redirect('/loggedin');
}
else
res.redirect('/login');
});
app.get('/loggedin', auth, function(req, res) {
if(req.session.lastPage) {
res.write('Last page was: ' + req.session.lastPage + '. ');
}
req.session.lastPage = '/loggedin';
res.write('Yeeeeeeeeeee');
res.end();
});
app.get('/loggedin2', auth, function(req, res) {
console.log("/loggedin2");
if(req.session.lastPage) {
res.write('Last page was: ' + req.session.lastPage + '. ');
}
req.session.lastPage = '/loggedin2';
res.write('WoWWWWW!!!!!!');
res.end();
});
app.get('/logout', auth, function(req, res) {
console.log("/logout");
req.session.destroy();
});
app.get('/login', function(req, res) {
console.log("/notlogged");
res.send('enter user and pass...');
});
app.listen(process.env.PORT || 8080);
You could use the passport middleware module in npm — the passport-local module provides authentication against a local resource such as a database.