trailpack-passport

📦 Trailpack to allow passport authentification to Trails application

WARNING :

This Trailpack work only with trailpack-express as webserver

This Trailpack work only with these ORMs:

• trailpack-sequelize
• trailpack-waterline
• trailpack-mongoose

Intallation

With yo :

npm install -g yo generator-trails
yo trails:trailpack trailpack-passport

With npm (you will have to create config file manually) :

npm install --save trailpack-passport

Configuration

First you need to add this trailpack to your main configuration :

// config/main.js

module.exports = {
   ...

   packs: [
      ...
      require('trailpack-passport'),
      ...
   ]
   ...
}

You need to add passportInit and optionally passportSession :

// config/web.js
middlewares: {
        order: [
          'addMethods',
          'cookieParser',
          'session',
          'passportInit',
          'passportSession',
          'bodyParser',
          'methodOverride',
          'router',
          'www',
          '404',
          '500'
        ]
      }

And to configure passport:

// config/passport.js
'use strict'

const JwtStrategy = require('passport-jwt').Strategy
const ExtractJwt = require('passport-jwt').ExtractJwt

const EXPIRES_IN_SECONDS = 60 * 60 * 24
const SECRET = process.env.tokenSecret || 'mysupersecuretoken';
const ALGORITHM = 'HS256'
const ISSUER = 'localhost'
const AUDIENCE = 'localhost'

module.exports = {
  redirect: {
    login: '/',//Login successful
    logout: '/'//Logout successful
  },
  bcrypt: require('bcryptjs'), // custom bcrypt version if you prefer the native one instead of full js
  //Called when user is logged, before returning the json response
  onUserLogged: (app, user) => {
      return Promise.resolve(user)
  },
  //Optional: can be used to merge data from all third party profiles and the default user properties.
  mergeThirdPartyProfile: (user, profile) => {
    const mergedProfile = {
      email: user.email,
      gender: profile.gender
    }
    return Promise.resolve(mergedProfile)
  },
  strategies: {
    jwt: {
      strategy: JwtStrategy,
      tokenOptions: {
        expiresInSeconds: EXPIRES_IN_SECONDS,
        secret: SECRET,
        algorithm: ALGORITHM,
        issuer: ISSUER,
        audience: AUDIENCE
      },
      options: {
        secretOrKey: SECRET,
        issuer: ISSUER,
        audience: AUDIENCE,
        jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('jwt')
      }
    },

    local: {
      strategy: require('passport-local').Strategy,
      options: {
        usernameField: 'username' // If you want to enable both username and email just remove this field
      }
    }

    /*
     twitter : {
     name     : 'Twitter',
     protocol : 'oauth',
     strategy : require('passport-twitter').Strategy,
     options  : {
     consumerKey    : 'your-consumer-key',
     consumerSecret : 'your-consumer-secret'
     }
     },

     facebook : {
     name     : 'Facebook',
     protocol : 'oauth2',
     strategy : require('passport-facebook').Strategy,
     options  : {
     clientID     : 'your-client-id',
     clientSecret : 'your-client-secret',
     scope        : ['email'] // email is necessary for login behavior
     }
     },

     google : {
     name     : 'Google',
     protocol : 'oauth2',
     strategy : require('passport-google-oauth').OAuth2Strategy,
     options  : {
     clientID     : 'your-client-id',
     clientSecret : 'your-client-secret'
     }
     }

     github: {
     strategy: require('passport-github').Strategy,
     name: 'Github',
     protocol: 'oauth2',
     options: {
     clientID     : 'your-client-id',
     clientSecret : 'your-client-secret',
     callbackURL:  'your-app-url' + '/auth/google/callback',
     scope:        [
      'https://www.googleapis.com/auth/plus.login',
      'https://www.googleapis.com/auth/plus.profile.emails.read'
     ]
     }
     }*/
  }
}

Then make sure to include the new file in config/index.js

//config/index.js
...
exports.passport = require('./passport')

WARNING : be sure you configure sessions correctly if your strategies need them

Further documentation on passport-jwt config can be found at themikenicholson/passport-jwt

Usage

Policies

Now you can apply some policies to control sessions under config/policies.js

  ViewController: {
    helloWorld: [ 'Passport.sessionAuth' ]
  }
  or 
  ViewController: {
      helloWorld: [ 'Passport.jwt' ]
    }

Routes prefix

By default auth routes doesn't have prefix, but if you use trailpack-footprints it automatically use footprints prefix to match your API. You can change this prefix by setting config.passport.prefix.

Log/Register users with third party providers

You can register or log users with third party strategies by redirect the user to :

http://localhost:3000/auth/{provider}
example github 
http://localhost:3000/auth/github

Log/Register users with credentials

For adding a new user you can make a POST to auth/local/register with at least this fields : username (or email) and password. For local authentification you have to POST credentials to /auth/local in order to log the user.

Disconnect

If you want to disconnect a user from a provider you can call :

http://localhost:3000/auth/{provider}/disconnect
example if a user don't want to connect with github anymore
http://localhost:3000/auth/github/disconnect

Logout

Just make a GET to auth/logout

Disabling login and/or registration

In order to do that, you just need to add a custom policy on your project that will return a 404 for the following methods: AuthController.login and AuthController.register

Full example

If you have some trouble, you can view a full example with JWT and local strategies here : https://github.com/jaumard/trails-example-express Clone the repo and play a little with it to see how it works :)

License

MIT

Support on Beerpay

Hey dude! Help me out for a couple of 🍻!