How to use passport.js on node to log in against the database

4

How to use passport.js to control access using the database and express.js middleware.

How to make login logic and how to know that the session is already authorized when the user has already logged in?

    
asked by anonymous 12.09.2015 / 22:56

1 answer

5

passport integrates well with express and has asynchronous methods to verify user / pass authenticity.

In my setup I use node-mysql and check with username and password (in hash MD5 ), and I've split the passport part in 3 parts:

  • configuration
  • Login authentication
  • middleware verification of req.user

Note: So I realize the passport needs express-session since version 4 of expressjs is a separate module / middleware.

Like I did:

I first dealt with the passport configuration on all middleware routes. This includes passing the middlewares to the route where I have the secure part of the site: app.use('/admin', middleware .

Then I also configured the database interaction part (MySql via node-mysql ). Not including the initialization part of the DB, but together in the code the query that checks the user / pass against the database using the MD5 to generate the password hash.

After this part of the login, which is different from the middleware of the pages already authenticated, I configured the middleware that verifies that req.user is filled. The passport puts this property of request o user , so we can know that we are in an authorized / authenticated session.

My setup:

index.js

var express = require('express');
var passport = require('passport');
var session = require('express-session');

var app = express();
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use('/admin',   session(sess));                         // enable sessions
app.use('/admin',   passport.initialize());                 // configuração do passport
app.use('/admin',   passport.session());                    // configuração do passport
app.use('/admin',   require('./routes/services/admin'));    // router para a zona que requer acesso

routes / services / admin.js

var md5 = require('md5');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var express = require('express');
var router = express.Router();

passport.use(new LocalStrategy(function(username, password, done) {
    // verificação de user/pass
    db.query('SELECT * FROM users WHERE username=? AND password=?', [username, md5(password)], function(err, rows){
        if (err) return done(err);
        var user = rows.length && rows[0].id; // podia passar mais info sobre o utilizador aqui
        done(null, user); // tudo ok! chamar a callback do passport
    });
}));

var authenticate = passport.authenticate('local', {
    // aqui pode configurar-se também sucessRedirect
    failureRedirect: '/admin/login',
    failureFlash: true
});

// configuração recomendada
passport.serializeUser(function(user, done) {
  done(null, user);
});
passport.deserializeUser(function(user, done) {
  done(null, user);
});

// middleware para verificar se a sessão está criada
function gateKeeper(req, res, next){
    if (req.user) next();
    else res.redirect('/admin/login');
}

// página de login
router.get('/login', function(req, res) {
    res.render('admin/login');
});

// tratar os dados de autenticação via POST com o middleware "authenticate"
router.post('/login', authenticate, function(req, res) {
    res.redirect('/admin/home');
});

// router para a parte segura, usando o middleware "gatekeeper"
router.get('/:page', gateKeeper, function(req, res) {
    res.send('Welcome to page ' + req.params.page); // resposta simplificada
});

Disclaimer:

I put this answer after learning how to gross. If there are errors, better ways or things that are missing: say! In the form of a new response or comment.

"Disclaimer" that say "for information I will explain something so that you do not think ill of me ...":)

More reading (in English):

12.09.2015 / 22:56