npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hoster-login

v0.1.0

Published

* Prevents access to login required paths * Handles login/logout

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

orionorion

Keywords

Readme

Login for express

  • Prevents access to login required paths
  • Handles login/logout

Requirements

  • session middleware
  • body-parser middleware
  • method-override middleware

They should be loaded before in the middleware stack.

Usage

In a regular express app

var app = express()
...

app.use(sessions);
app.use(bodyParser);
app.use(methodOverride);

require('hoster-login')(app, { OPTIONS });

...
app.get('/login', function (req, res) { res.render('login'); });
...

Require it soon enough in your middleware stack so that it can prevent unauthorized accesses.

As a hoster feature

Load it as a feature in hoster:

$ hoster +/login:hoster-login app.js

Then, in your app.js you should include the feature at the appropriate place

app.use(sessions);
app.use(bodyParser);
app.use(methodOverride);

if (app.features) app.features('/login', { OPTIONS });

...
app.get('/login', function (req, res) { res.render('login'); });
...

Call the feature soon enough in your middleware stack so that it can prevent unauthorized accesses.

Workflow

The handler does this:

  • adds a route to the provided app context to check all paths accesses i.e. app.all('*', check)
  • adds a POST /login route for authentication form processing
  • adds a DELETE /logout route for logout

Login required

If the one tries to access a path that requires authentication, one is redirected to the login page. The default login page is /login.

You may provide your own login page address as login option:

app.features('/login', {
  page: '/authentication'
});

Login

The POST /login route handler expect two body parameters accessible via the req.body. Hence, the body-parser middleware should be loaded before.

Required body parameters:

  • login
  • password

Neither of them should be empty.

If not empty then the user id is fetched and recorded in the req.session. Hence, the session middleware should be loaded before.

Fetch user id

This operation should be provided as an option named 'getid'. The arguments are (login, password, next) where next is a function that should be called by the getid function with a unique argument, an id for the user if any or null (or undefined) if no user.

Example:

{
  getid: function (login, password, next) { 
    User.findByLoginAndPassword(login, password, function (err, user) {
      next(err ? null : user.id);
    });
  }
}

On authenticated

When a user id is returned by the getid function (whether it is a value or a null which indicate a failed authentication), the not null id is recorded in the session, then, the authenticated function is called with (req, res, error).

The default authenticated method when no custom one is provided as authenticated option, redirects the user (to the referer as record by the redirect query parameter or to '/') if no error is reported.

If error is not null, then user is redirected to the page that submitted the form (i.e 'back').

Logout

On DELETE /logout the id is removed from the session and the user is redirected to the req.query.redirect or to /. Hence, the method-override should be loaded before if your client does not support DELETE HTTP method.

Options

  • policy: String, 'deny' | 'allow' (default: 'deny')
  • except: String, a list of comma-separated paths that are considered exceptions to the policy (default: '/')
  • page: String, the login page url (default: '/login')
  • getid: Function(String login, String password, Function(Value) next), the function that calls next(user_id) for matching login/password (default: returns next(1) this allow any login/password)
  • key: String, the session's key where to store the user id (default: 'user_id')
  • authenticated: Function (req, res, error), called when a user id has been returned (null or not). If no error, then the access is granted. On error, you may look at the app.get('loginErrors') for the meaning of the error.

License terms

Copyright (c), 2014 Thierry Passeron

The MIT License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.