npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hapi-login

v1.2.2

Published

Authenticate people using payload parameters e.g: a POST request

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nelsonicnelsonic

Keywords

payloadauthentication

Readme

hapi-login

The simplest possible login via standard html form POST payload ... #ProgressiveEnhancement

Build Status codecov.io Code Climate Dependency Status devDependencies Status

HAPI 13.4.1 Node.js Version npm bitHound Score HitCount Join the chat at https://gitter.im/dwyl/chat

Lead Maintainer: Nelson

Why?

Login should be a simple seamless experience.

basic example

if you need a working example of this, see: https://github.com/dwyl/hapi-login-example

What?

Most login forms send data to a server using the POST method; some apps send data the "traditional" way while others send via "ajax"... In Hapi this data is available in the request.payload.
This tiny plugin simplifies setting up a "simple" /login route which you can POST to using a form in your hapi.js based app/api.

How?

We have tried to make this as simple as possible, but if you have any questions,
please ask and/or Join the chat at https://gitter.im/dwyl/chat

1. Install from NPM

First install the hapi-login plugin from npm and save as a dependency:
( You will also need Joi to specify the required fields for loging in, e.g: email and password and bcrypt to securely hash passwords before storing them in a database )

npm install hapi-login joi bcrypt --save

### 2. Specify the fields required for login

most login forms will require an email address and a password:

var Joi = require('joi');
var custom_fields = {
  email     : Joi.string().email().required(), // Required
  password  : Joi.string().required().min(6)   // minimum length 6 characters
}

Note: If you want/need to define any additional/cusotm fields, simply add them to your fields object.
( as always, if you have any questions, please ask )

3. Define your custom handler function

Define your handler function with the following signature:

  • handler - (required) a user lookup and password validation function with the signature function(request, reply) where:
    • request - is the hapi request object of the request which is being authenticated.
    • reply - the hapi reply object used to send the response to the client when login succeeds (or fails).

Example handler function:

var Bcrypt = require('bcrypt'); // use bcrypt to hash passwords.
var db     = require('your-favourite-database'); // your choice of DB
var Boom   = require('boom') //

function handler (request, reply) {
  db.get(request.payload.email, function(err, res) { // GENERIC DB request. insert your own here!
    if(err) {
      reply('fail').code(400); // don't leak info about user existence
    }
    Bcrypt.compare(request.payload.password, user.password, function (err, isValid) {
        if(!err && isValid) {
          reply('great success'); // or what ever you want to rply
        } else {
          reply(Boom.notFound('Sorry, that username or password is invalid, please try again.'));
        } // see: https://github.com/dwyl/hapi-login/issues/14
    }); // END Bcrypt.compare which checks the password is correct
  }); // END db.get which checks if the person is in our database
}

Note: You can store this handler function in a separate file and require it into your app.

Note: if you want to send a people-friendly error message (page) check out: https://github.com/dwyl/hapi-error

Custom Login Path
  • loginPath - (optional) an optional login path String, defaults to /login but can assigned any valid path.

add it to your options object:

var options = {
  fields: fields,
  handler: handler,
  loginPath: "/api/login"
}

4. Boot your Hapi.js Server with the Plugin

var Hapi   = require('hapi'); // https://github.com/nelsonic/learn-hapi
var server = new Hapi.Server({ debug: false })
server.connection({ port: 8000 });

// define the options you are going to pass in when registering your plugin
var opts = { fields:fields, handler:handler, loginPath:loginPath }; // the fields and handler defined above

server.register([{ register: require('hapi-login'), options:opts }], function (err) {
  if (err) { console.error('Failed to load plugin:', err); }
});

server.start(function() {
  console.log('Now Visit: http://127.0.0.1:'+server.info.port);
});

That's it.

Want more?

What is a fail_action_handler ?

Frequently Asked Questions

Q: What are the advantages of authenticating using the payload rather than request header? see: #1
A: it makes writing apps simpler. instead of having perform the 4 steps listed in the Notes section (below)
this plugin lets apps use a simple - progressive enhancement - approach: a basic html form.

Notes:

We were using hapi-auth-basic for our projects, while there's nothing "wrong" with that plugin,
we feel there is one too many steps involved. Specifically: hapi-auth-basic requires the username
and password be sent in the request.header as a Base64-encoded string.

There are four steps involved in preparing the auth request to hapi-auth-basic:

  1. Get values for username and password from the form.
  2. Encode the values as Base64:
var header = "Basic " + (new Buffer(email + ':' + password, 'utf8')).toString('base64');
  1. Attach the auth header to the request you are about to send to the Server
  2. Send the POST request to the server.

We thought this was too many steps and not very beginner-friendly.
So we removed the first 3 steps and use a simple html form with a POST action.

if you know (or can think of) a simpler way of doing this, please tell us!