Basic authentication

[hueniverse]

Using the hapi-auth-basic plugin, add a new /private endpoint protected by a username and password that returns a simple HTML page with a welcome message. The welcome message should include the logged in username. Do not use any templates (views) at this stage. For username/password validation, create a static lib/users.json file (we will replace this in the near future) that contains a few sample users and passwords.

The new endpoint will be contained in its own plugin, similar to how we set up /version, and will require bringing test coverage back to 100%.

Due: 4/27

[AdriVanHoudt]

Do you want to have the passwords encrypted with something like bcrypt or just plain text for now?

[AdriVanHoudt]

For all of those getting ready for this. Read the comments on the cleanup commit first as to why some things have changed! 13b9f07

[hueniverse]

No need to encrypt the passwords. This is just a quick step before we do something else.

[AdriVanHoudt]

👍

[ghost]

First question.

I have this according to the tutorial on the hapi page :

Server.register(Basic, function (err) {
    Server.auth.strategy('simple', 'basic', { validateFunc: validate });
    Server.route({
        method: 'GET',
        path: '/private',
        config: {
            auth: 'simple',
            handler: function (request, reply) {
                reply('hello, ' + request.auth.credentials.name);
            }
        }
    });
});

I think server is the same as the this line in index.js : server = new Hapi.server().
How can I say that they are the same. I do not think its wise to make a new server object for this ?

[AdriVanHoudt]

Make a new plugin (like Version) and use the server object you get there

[ghost]

I did make a new plugin. You mean something like this : exports.register = function (server, options, next) {

[AdriVanHoudt]

yeah, you can use the server object you get there to register the Basic Auth strategy

[AdriVanHoudt]

Sorry for all the references, I was messin up my rebases 😬

[ghost]

Second question.

I rewrote index.js to this so it's register more then 1 plugin.

var Hapi = require('hapi');
var Version = require('./version');
var Authentication = require('./authentication')

// Declare internals

var internals = {};


exports.init = function (port, next) {

    var server = new Hapi.Server();
    server.connection({ port: port });

   server.register([
       {
           register: require('Version'),
           options: {} 
           },
       {
           register: require('Authentication'),
           options: {} 
       }
       ], function (err) {

       if (err) {
            return next(err);
        }

        server.start(function (err) {

            return next(err, server);
        });
    });

but on testing and running I see this error message :

Error: Cannot find module 'Version'

What did I have done wrong ?

[AdriVanHoudt]

No need to make it so complex, just build on the existing code. You can pass an array of objects into register meaning if your options are empty you can just pass in the module. Also you are requiring the plugins twice. Once on top and then again in the register function. The ones on top are the right ones.

[hussainanjar]

No need to require dependencies twice, pass the variable names in register function as array.

server.register([Version, Authentication], function (err) {

       if (err) {
            return next(err);
        }

        server.start(function (err) {

            return next(err, server);
        });
    });

[ghost]

When I do what hussainanjr says I see this error message :

Invalid plugin object - invalid or missing register function attributes property (1)

[hussainanjar]

@roelof1967 does your authentication plugin follow similar guidelines to version plugin ?

[ghost]

Yes, my code so far can be found here : https://github.com/roelof1967/hueniversity

[ghost]

and when I do npm start I see this error message :

/home/action/workspace/hueniversity/node_modules/hapi/node_modules/hoek/lib/index.js:678                                                                                                                                                                                          
    throw new Error(msgs.join(' ') || 'Unknown error');                                                                                                                                                                                                                           
          ^                                                                                                                                                                                                                                                                       
Error: Invalid plugin object - invalid or missing register function attributes property (1)                                                                                                                                                                                       
    at Object.exports.assert (/home/action/workspace/hueniversity/node_modules/hapi/node_modules/hoek/lib/index.js:678:11)                                                                                                                                                        
    at internals.Plugin.register (/home/action/workspace/hueniversity/node_modules/hapi/lib/plugin.js:207:14)                                                                                                                                                                     
    at Object.exports.init (/home/action/workspace/hueniversity/lib/index.js:18:12)                                                                                                                                                                                               
    at Object.<anonymous> (/home/action/workspace/hueniversity/lib/start.js:12:8)                                                                                                                                                                                                 
    at Module._compile (module.js:456:26)                                                                                                                                                                                                                                         
    at Object.Module._extensions..js (module.js:474:10)                                                                                                                                                                                                                           
    at Module.load (module.js:356:32)                                                                                                                                                                                                                                             
    at Function.Module._load (module.js:312:12)                                                                                                                                                                                                                                   
    at Function.Module.runMain (module.js:497:10)                                                                                                                                                                                                                                 
    at startup (node.js:119:16)          

[FennNaten]

@roelof1967 Hi, from what I see on your repo, your export.register.attributes object is empty and defined inside of the export.register instead of after it.
I think you should move it out and add a 'name' property in it (see version.js)

[ghost]

Thanks, I changed it and now I see this error message : Timed out (2000ms) - starts server and returns hapi server object

[ghost]

found it. It was a missing return next() on the new plugin.

[ghost]

New problem :
I now see this error : Debug: internal, implementation, error
ReferenceError: Uncaught error: users is not defined

on this code : https://github.com/roelof1967/hueniversity/blob/master/test/authentication.js

[ghost]

also solved. I have forgotten to do something when a user is valid, PR is already ready

[hueniverse]

Life has been pretty busy lately (selling house, starting a few new projects) and as you can see this project (along with many others) suffered from it. I intent to finish reviewing assignment 4 this week and post one more assignment before taking a break for a bit. If anyone wants to take lead on this and write some more assignments (I am happy to review it and the expected responses to keep things consistent) please let me know.

[AdriVanHoudt]

That is both great and sad to hear. I wish you all the success with the new projects and selling the house! I hope to see something cool again in the near future from you. As for hueniversity, it's sad because I really feel this is something really great and useful to learn from. If I had enough experience with node and hapi I would consider taking this up but I don't feel I'm the man for the job. I will give all my support for anyone who does take it.

[zoe-1]

@hueniverse @AdriVanHoudt and community. I am willing to write assignments for hueniversity.
I have been writing a hapijs tutorial so we could just use what I developed so far as a road map for future assignments. To see the tutorial's learning objectives please refer to:
https://github.com/zoe-1/hapitimes
This gives a big picture overview of where I think a hapijs application tutorial should go.
Feed back would be much appreciated.

Every learning objective described in the above link is illustrated in this project:
git clone -b step-7 https://github.com/zoe-1/glued.git
Make sure you clone step-7 (has %100 coverage).
Originally, I wrote the "glued" project as a tutorial, but it quickly became a sandbox to accomplish
all the learning objectives described in the "hapitimes" project. I started the "hapitimes" project after writing "glued" in order to make a pretty version of it.

The "glued" project has all the core components a hapijs web server should have except
for the "crumb" plugin, plus, it is a little messy in in the authentication tests. But, all test pass with 100% coverage.

It would be fun to collaborate with the community and build a great tutorial and at the same time
master hapijs. I hope @AdriVanHoudt @idanwe and @thealphanerd would also consider contributing to the assignments. I believe your efforts would add value the project!

Additionally, hueniversity needs to continue because hapijs is the best node.js application framework in existence. However, it does not have the best documentation. So, this project has a lot of value to add to the community because it addresses the documentation need. So, let's keep this project going :-)

What does everyone think?

Note: I work too and am busy just like everyone else here. So, I hope this will really become a community / team effort :-) Let's try to share the load.

[rutaihwa]

@zoe-1 @AdriVanHoudt @hueniverse 👍

[AdriVanHoudt]

@zoe-1 I really like the community approach and as I said, I'm willing to
help as good as I can!
I think if some people (like Zoe proposed) come together and make up a
'course' that @hueniverse can verify and we make a solution that he can
verify, we can verify the pr's from others and make something nice.
And just as a personal opinion, I think we should move the wiki to a
report. Mainly for control and versioning but also because the layout of
github wikis are imo not that great ^^

On Mon, 4 May 2015 19:28 rutaihwa [email protected] wrote:

@zoe-1 https://github.com/zoe-1 @AdriVanHoudt
https://github.com/AdriVanHoudt @hueniverse
https://github.com/hueniverse [image: 👍]

—
Reply to this email directly or view it on GitHub
#118 (comment)
.

[hussainanjar]

I'm still new to JS world but I'm willing to participate as much as possible @zoe-1 @AdriVanHoudt 👍

[hueniverse]

@zoe-1 happy to move this project over to the hapijs org and add some maintainers. Should we give it a new name?

[hussainanjar]

@hueniverse I would suggest hapiuniversity as a new name

[AdriVanHoudt]

Moving this under the hapijs org makes sense. What about makemehapi?
New name can be nice although I like hueniversity but that probably doesn't make sense for new people. Maybe Hapiversity? Or Hapi School (like nodeschool) or something.
Also maybe move this topic to hapijs/contrib so we can start a discussion about how we are going to do this. And I don't know who conrols the hapi twitter account but maybe do a callout for contributors/"students"/"teachers"?

[idanwe]

@hueniverse and all the contributors thanks for this amazing experience, I learned a lot from it about how hapijs application should be built.

I think it is very important to continue to advance the project, as it is a great way to learn and teach.
@zoe-1 and @AdriVanHoudt I will be glad to help with the assignments.

[zoe-1]

@hueniverse and community, I think moving the project to hapijs is a great idea :-)
and I am willing to help maintain it if @hueniverse finds it helpful.

End Goal

If we focus on the learning objectives described in https://github.com/zoe-1/hapitimes, together we will build boilerplate code for a hapijs web server reviewed and approved by @hueniverse.
New comers to node.js and hapijs will be able to use our project as a reference and guide to kick start their hapijs applications.

Assignment Style

Assignments will guide us to build a web server in a step by step process. Each step will be completed with an accepted PR for the assignment, documented with a commit id or branch name. This allow an HTML tutorial to make references to the project in different states of development.

New Name

I suggest we call the project "tutorial" or "web-tutorial" because that is what we hope to create.
The end result of our collaboration will be a tutorial / guide on how to build a hapijs
web server and boiler plate code for the application. Other names I like are: "hapitimes" and "glued".

@hueniverse If you want to call it something else that is fine too.
Whatever you think is best.

HTML tutorial

@hueniverse is providing his expertise by reviewing our project's code. I think something we can
give back to him is a solid HTML tutorial/guide which promotes the hapijs framework he has created. To start we can put the tutorial pages in a /tutorial directory in the root of the project. But, if we get momentum we could make it into something really nice (a website or something). Would you guys be supportive of this?

Keep the Hueniversity Distictives

We all enjoy the learning dynamics of hueniversity. Hueniversity is not just top down (vertical) learning but also sideways (horizontal) learning. I really hope we can keep those characteristics and
critique and review each others assignments :-) It would be really sad if our project destroyed that aspect of our community.

@hueniverse Hopefully, you find what I wrote above as acceptable.
Please advise if you would like to change or add anything.

@AdriVanHoudt @hussainanjar @idanwe I am really glad you guys want to contribute.
Your thoughts and feedback are valued and appreciated :-)

Perhaps, after this project is done we can build an api-tutorial project :-)

[rutaihwa]

@zoe-1 and whole community, thanks all these thoughts! I think Hapi is a great framework and Hapi community is really awesome. And this project has been great, I am learning a lot. We have to keep it alive. Despite not being highly experienced, I will try to contribute with what I can!

[AdriVanHoudt]

I like the end goal although I want to hear what the plan from @hueniverse was as to what kind of application he had in mind/goals.

I like the idea of splitting up the assignments in branches, this will allow us to easily extract a tutorial with the solution for every assignment.

As for the name please don't take anything generic like 'tutorial' or something. It doesn't stand out. Something like makemehapi doesn't feel as daunting to start with imo.

I think that the reviewing from @hueniverse is very important. He knows the Hapi coding style and the framework the best.
I like the idea of eventually turning this into a website where people can follow the assignments step by step.

And yes this project has be horizontal no matter what, that's what makes this so great.

I would like to hold of on making the solutions public from the start. People finding out themselves and looking at each others PR's is a very important part of the learning process

@zoe-1 what are your thoughts on having the wiki also in the repo (or maybe a seperate one)?

[FennNaten]

Hi there,
I cannot participate in this discussion as I'd like to, I'm currently travelling a bit, but I'd like to follow along with this project. Finding a maintainer and moving it to hapi org would be a good thing IMHO, and if help is needed, I'd be happy to be in.

[mikejerome]

I will certainly participate as a student. Would it be possible to add something like role-based authorization as a learning point? By that I mean restricting access to certain routes to certain roles/users. For example only admins could POST to /users or something.

[zoe-1]

@AdriVanHoudt I appreciate your perspective and feedback :-)
Below are my responses to your discussion points:

In respect to the name, I understand you thoughts. I was thinking the name should represent what the project is about after it is completed. So, having "tutorial" in the name would do this. But, something funny or catchy may work too. Do you have a better suggestion? I do not like school or something-versity in the name because in several months after our project is completed the name no longer has meaning.

Glad you like the website idea because I think it would really help people coming from other frameworks or languages to get up to speed with node and hapijs. I hope we will make it :-)

I agree with your thoughts about @hueniverse input. But, I hope our efforts will lighten his load.
We can do most of the grunt work and he can focus time on advising the most important issues. I hope he will give his input on each assignment that is written, every PR that is accepted, and clean up each accepted PR to match his way of building hapijs apps. That would provide the community with really solid code base to learn from and build their projects with. We want his input. But, at the same time, we do not want to create a mountain of work for him.

In respect to not providing solutions too early, I agree with you.
We should keep the hueniversity style of doing assignments.

In respect to the wiki, like you said before wikis are not that great. They are too easy to change and get messed up by others. The suggestion to have a separate repo is a good idea. We should build html guides for each assignment in a separate repo (After the assignment is completed that is). Plus, the separate repo would be a good place to build a tutorial website to complement the completed project. Do you agree?

@rutaihwa really glad you are excited about the project. I agree we need to keep it going.

@mikejerome Yeah, putting role based access controls in the project is possible.
Plan to do it.

[AdriVanHoudt]

Why not? Nodeschool also is a thing.
And yeah I really think the website is needed, since Hapi is not as popular as Express for example their are almost no tutorials out there.
I agree that we should put in the effort to make sure the project can exist without Eran in the long run. Also I am in favour of making sure that the PR that is accepted fully covers the assignment and should not require cleanup. If so the merged PR was not 'the best' one or could use some more work but this is something we need to test for sure.
Good idea to make the wiki repo also the website (maybe not from the start but turning markdown files into a website shouldn't be to hard)

@mikejerome roles are something special I feel. They are highly dependent on the architecture you have and how you define the roles. I think a plugin that looks something like an auth plugin may work. Where you specify the roles on the route config and specify a validateFunction that gets run on every request. You would still need to do the validation yourself though (like auth)

[ghost]

I like to the idea but I think it's better I use it as student so I can learn much more about hapi

[idanwe]

@AdriVanHoudt I support your opinion about the name. In addition, I prefer University, to stay close as much to the current name. Especially when it will be under the hapijs org, and we may create a tutorial or an app example from this course.

I think that creating a tutorial is a great idea too, and it would be nice if we created it as an application, for example an email server.

Lately, as a part of the angular-meteor team, we decided to add a tutorial similar to the Hueniversity, and I think it could be a great reference (angular-meteor tutorial). Most of the steps were created by the team and also the community added some (join us!). This is the Github repo that has the matching steps branches.

@hueniverse i'm curios to know more about testing schemes (Joi) and db model. Is it possible to add these subject in the next assignment?

[hueniverse]

Overall this was very well done by everyone!

One comment:

• When creating a user JSON file, avoid repeating data (e.g. the key and username field). Set the username in code to remove the need to duplicate data in the file and create potential inconsistencies.