PassportJS is a good login option and it is available for hapi . With express check if the user is logged in with intercept with express-session. I do not have the property to talk about hapi, but searching I saw that there is hapi-sesion .
Example
authenticator.js
module.exports = function(req, res, next) {
if(!req.session.usuario) {
return res.redirect('/');
}
return next();
};
route.js
var autenticar = require('autenticador');
router.get('/index', autenticar , function(req, res){
res.status(200).json({
mensagem: 'Logado!'
});
});
This is an example with express and node, where the user is saved in the session in the successful callback of login and used in the routes. Likely that you need to adapt a bit to hapi or someone with that knowledge comes up here:)