npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hapi-reset-password

v1.0.1

Published

Authenticate people using payload parameters e.g: a POST request

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nelsonicnelsonic

Keywords

payloadauthentication

Readme

hapi-login-payload

The simplest possible login via standard html form POST payload ... #ProgressiveEnhancement #LookMaNoAjax

Build Status codecov.io Code Climate Dependency Status devDependency Status

HAPI 10.4.1 Node.js Version npm bitHound Score HitCount Join the chat at https://gitter.im/dwyl/chat

Lead Maintainer: Nelson

Why?

Login should be a simple seamless experience.

What?

Most login forms send data to a server using the POST method; some apps send data the "traditional" way while others send via "ajax"... In Hapi this data is available in the request.payload.
This tiny plugin simplifies setting up a "simple" /login route which you can POST to using a form in your hapi.js based app/api.

How?

We have tried to make this as simple as possible, but if you have any questions,
please ask and/or Join the chat at https://gitter.im/dwyl/chat

1. Install from NPM

First install the hapi-login-payload plugin (and Joi) from npm and save as a dependency:

npm install hapi-login-payload joi --save

### 2. Specify the fields required for login

In general most login forms will require an email address and a password:

var Joi = require('joi');
var custom_fields = {
  email     : Joi.string().email().required(), // Required
  password  : Joi.string().required().min(6)   // minimum length 6 characters
}

Note: If you want/need to define any additional/cusotm fields, simply add them to your fields object.
(as always, if you have any questions, ask!)

3. Define your custom handler function

Define your handler function with the following signature:

  • handler - (required) a user lookup and password validation function with the signature function(request, reply) where:
    • request - is the hapi request object of the request which is being authenticated.
    • reply - the hapi reply object used to send the response to the client when login succeeds (or fails).

Example handler function:

var Bcrypt = require('bcrypt'); // use bcrypt to hash passwords.
var db     = require('your-favourite-database'); // your choice of DB

function handler (request, reply) {
  db.get(request.payload.email, function(err, res) { // GENERIC DB request. insert your own here!
    if(err) {
      reply('fail').code(400); // don't leak info about user existence
    }
    Bcrypt.compare(request.payload.password, user.password, function (err, isValid) {
        if(!err && isValid) {
          reply('great success'); // or what ever you want to rply
        } else {
          reply('fail').code(400);
        }
    }); // END Bcrypt.compare which checks the password is correct
  }); // END db.get which checks if the person is in our database
}

Note: You can store this function in a separate file and require it into your app.

4. Boot your Hapi.js Server with the Plugin

var Hapi   = require('hapi'); https://github.com/nelsonic/learn-hapi
var server = new Hapi.Server({ debug: false })
server.connection({ port: 8000 });

// define the options you are going to pass in when registering your plugin
var opts = { fields:fields, handler:handler }; // the fields and handler defined above

server.register([{ register: require('hapi-login-payload'), options:opts }], function (err) {
  if (err) { console.error('Failed to load plugin:', err); }
});

server.start(function() {
  console.log('Now Visit: http://127.0.0.1:'+server.info.port);
});

That's it.

Want more?

What is a fail_action_handler ?

Frequently Asked Questions

Q: What are the advantages of authenticating using the payload rather than request header? see: #1
A: it makes writing apps simpler. instead of having perform the 4 steps listed in the Notes section (below)
this plugin lets apps use a simple - progressive enhancement - approach: a basic html form.

Notes:

We were using hapi-auth-basic for our projects, while there's nothing "wrong" with that plugin,
we feel there is one too many steps involved. Specifically: hapi-auth-basic requires the username
and password be sent in the request.header as a Base64-encoded string.

There are four steps involved in preparing the auth request to hapi-auth-basic:

  1. Get values for username and password from the form.
  2. Encode the values as Base64:
var header = "Basic " + (new Buffer(email + ':' + password, 'utf8')).toString('base64');
  1. Attach the auth header to the request you are about to send to the Server
  2. Send the POST request to the server.

We thought this was too many steps and not very beginner-friendly.
So we removed the first 3 steps and use a simple html form with a POST action.

if you know (or can think of) a simpler way of doing this, please tell us!