Everything You Ever Wanted to Know About Authentication in Node.js
In this talk I walk the audience through building a basic Node.js site with complete user authentication, explaining how HTTP authentication works along the way.
2.6.2 connecting to: test Server has startup warnings: 2014-10-11T17:12:22.963-0700 [initandlisten] 2014-10-11T17:12:22.963-0700 [initandlisten] ** WARNING: soft rlimits too low. Number of files is 256, should be at least 1000 >
= 'Dashboard' block body h1 Dashboard p. Welcome to your dashboard! You are now logged in. h2 User Information p First Name: #{user.firstName} p Last Name: #{user.lastName} p Email: #{user.email}
email: req.session.user }, function(err, user) { // if a user was found, make the user available if (user) { req.user = user; req.session.user = user.email; // update the session info res.locals.user = user; // make the user available to templates } next(); }); } else { next(); // if no session is available, do nothing } }); Smart User Middleware
logged in, redirect them to // the login page if (!req.user) { res.redirect('/login'); // if the user is logged in, let them pass! } else { next(); } }; app.get('/dashboard', requireLogin, function(req, res) { // ... }); Force Authentication
60 * 1000, activeDuration: 5 * 60 * 1000, httpOnly: true, // don't let JS code access cookies secure: true, // only set cookies over https ephemeral: true, // destroy cookies when the browser closes }));
and api auth • works in many different languages • pre-built authentication views • handles security / storage for you Pros • core product is closed source Cons