restify-ensure-login
v2.0.2
Published
Login session ensuring middleware for Restify.
Downloads
11
Readme
restify-ensure-login
This middleware ensures that a user is logged in. If a request is received that is unauthenticated, the request will be redirected to a login page. The URL will be saved in the session, so the user can be conveniently returned to the page that was originally requested.
If the request appears to be an ajax request (XHR), a 401 status code will be sent instead of redirecting to login. This is detected by looking for an X-Requested-With header, or for query string parameter called ajax with a value of 'true'.
Install
$ npm install restify-ensure-login
Usage
Ensure Authentication
In this example, an application has a settings page where preferences can be configured. A user must be logged in before accessing this page.
app.get('/settings',
ensureLoggedIn('/login'),
function(req, res) {
res.render('settings', { user: req.user });
});
If a user is not logged in when attempting to access this page, the request will
be redirected to /login
and the original request URL (/settings
) will be
saved to the session at req.session.returnTo
.
Log In and Return To
This middleware integrates seamlessly with Passport Restify.
Simply mount Passport's authenticate()
middleware at the login route.
app.get('/login', function(req, res) {
res.render('login');
});
app.post('/login', passport.authenticate('local', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));
Upon log in, Passport will notice the returnTo
URL saved in the session and
redirect the user back to /settings
.
Step By Step
If the user is not logged in, the sequence of requests and responses that take place during this process can be confusing. Here is a step-by-step overview of what happens:
- User navigates to
GET /settings
- Middleware sets
session.returnTo
to/settings
- Middleware redirects to
/login
- Middleware sets
- User's browser follows redirect to
GET /login
- Application renders a login form (or, alternatively, offers SSO)
- User submits credentials to
POST /login
- Application verifies credentials
- Passport reads
session.returnTo
and redirects to/settings
- User's browser follows redirect to
GET /settings
- Now authenticated, application renders settings page
Tests
$ npm install --dev
$ make test
Credits
License
Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>