📦 Trailpack to allow passport authentification to Trails application
This Trailpack work only with trailpack-express as webserver
This Trailpack work only with these ORMs:
With yo :
npm install -g yo generator-trails
yo trails:trailpack trailpack-passport
With npm (you will have to create config file manually) :
npm install --save trailpack-passport
First you need to add this trailpack to your main configuration :
// config/main.js
module.exports = {
...
packs: [
...
require('trailpack-passport'),
...
]
...
}
You need to add passportInit
and optionally passportSession
:
// config/web.js
middlewares: {
order: [
'addMethods',
'cookieParser',
'session',
'passportInit',
'passportSession',
'bodyParser',
'methodOverride',
'router',
'www',
'404',
'500'
]
}
And to configure passport:
// config/passport.js
'use strict'
const JwtStrategy = require('passport-jwt').Strategy
const ExtractJwt = require('passport-jwt').ExtractJwt
const EXPIRES_IN_SECONDS = 60 * 60 * 24
const SECRET = process.env.tokenSecret || 'mysupersecuretoken';
const ALGORITHM = 'HS256'
const ISSUER = 'localhost'
const AUDIENCE = 'localhost'
module.exports = {
redirect: {
login: '/',//Login successful
logout: '/'//Logout successful
},
bcrypt: require('bcryptjs'), // custom bcrypt version if you prefer the native one instead of full js
//Called when user is logged, before returning the json response
onUserLogged: (app, user) => {
return Promise.resolve(user)
},
//Optional: can be used to merge data from all third party profiles and the default user properties.
mergeThirdPartyProfile: (user, profile) => {
const mergedProfile = {
email: user.email,
gender: profile.gender
}
return Promise.resolve(mergedProfile)
},
strategies: {
jwt: {
strategy: JwtStrategy,
tokenOptions: {
expiresInSeconds: EXPIRES_IN_SECONDS,
secret: SECRET,
algorithm: ALGORITHM,
issuer: ISSUER,
audience: AUDIENCE
},
options: {
secretOrKey: SECRET,
issuer: ISSUER,
audience: AUDIENCE,
jwtFromRequest: ExtractJwt.fromAuthHeader()
}
},
local: {
strategy: require('passport-local').Strategy,
options: {
usernameField: 'username' // If you want to enable both username and email just remove this field
}
}
/*
twitter : {
name : 'Twitter',
protocol : 'oauth',
strategy : require('passport-twitter').Strategy,
options : {
consumerKey : 'your-consumer-key',
consumerSecret : 'your-consumer-secret'
}
},
facebook : {
name : 'Facebook',
protocol : 'oauth2',
strategy : require('passport-facebook').Strategy,
options : {
clientID : 'your-client-id',
clientSecret : 'your-client-secret',
scope : ['email'] // email is necessary for login behavior
}
},
google : {
name : 'Google',
protocol : 'oauth2',
strategy : require('passport-google-oauth').OAuth2Strategy,
options : {
clientID : 'your-client-id',
clientSecret : 'your-client-secret'
}
}
github: {
strategy: require('passport-github').Strategy,
name: 'Github',
protocol: 'oauth2',
options: {
clientID : 'your-client-id',
clientSecret : 'your-client-secret',
callbackURL: 'your-app-url' + '/auth/google/callback',
scope: [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/plus.profile.emails.read'
]
}
}*/
}
}
Then make sure to include the new file in config/index.js
//config/index.js
...
exports.passport = require('./passport')
Further documentation on passport-jwt config can be found at themikenicholson/passport-jwt
Now you can apply some policies to control sessions under config/policies.js
ViewController: {
helloWorld: [ 'Passport.sessionAuth' ]
}
or
ViewController: {
helloWorld: [ 'Passport.jwt' ]
}
By default auth routes doesn't have prefix, but if you use trailpack-footprints
it automatically use footprints prefix to match your API. You can change this prefix by setting config.passport.prefix
.
You can register or log users with third party strategies by redirect the user to :
http://localhost:3000/auth/{provider}
example github
http://localhost:3000/auth/github
For adding a new user you can make a POST to auth/local/register
with at least this fields : username
(or email
) and password
.
For local authentification you have to POST credentials to /auth/local
in order to log the user.
If you want to disconnect a user from a provider you can call :
http://localhost:3000/auth/{provider}/disconnect
example if a user don't want to connect with github anymore
http://localhost:3000/auth/github/disconnect
Just make a GET to auth/logout
If you have some trouble, you can view a full example with JWT and local strategies here : https://github.com/jaumard/trails-example-express Clone the repo and play a little with it to see how it works :)
Hey dude! Help me out for a couple of 🍻!