Express simple authentication example
node_modules
*.swp
var express = require('express');
var port = 8999;
var app = express.createServer();
function checkAuth (req, res, next) {
console.log('checkAuth ' + req.url);
// don't serve /secure to those not logged in
// you should add to this list, for each and every secure url
if (req.url === '/secure' && (!req.session || !req.session.authenticated)) {
res.render('unauthorised', { status: 403 });
return;
}
next();
}
app.configure(function () {
app.use(express.cookieParser());
app.use(express.session({ secret: 'example' }));
app.use(express.bodyParser());
app.use(checkAuth);
app.use(app.router);
app.set('view engine', 'jade');
app.set('view options', { layout: false });
});
require('./lib/routes.js')(app);
app.listen(port);
console.log('Node listening on port %s', port);
var util = require('util');
module.exports = function (app) {
app.get('/', function (req, res, next) {
res.render('index');
});
app.get('/welcome', function (req, res, next) {
res.render('welcome');
});
app.get('/secure', function (req, res, next) {
res.render('secure');
});
app.get('/login', function (req, res, next) {
res.render('login', { flash: req.flash() } );
});
app.post('/login', function (req, res, next) {
// you might like to do a database look-up or something more scalable here
if (req.body.username && req.body.username === 'user' && req.body.password && req.body.password === 'pass') {
req.session.authenticated = true;
res.redirect('/secure');
} else {
req.flash('error', 'Username and password are incorrect');
res.redirect('/login');
}
});
app.get('/logout', function (req, res, next) {
delete req.session.authenticated;
res.redirect('/');
});
};
{
"author": "Scott Mebberson (http://www.scottmebberson.com/)",
"name": "gist-expressauthentication",
"description": "Simple Express authentication example",
"version": "0.0.0",
"homepage": "https://gist.github.com/1581536",
"repository": {
"type": "git",
"url": "git@gist.github.com:1581536.git"
},
"scripts": {
"start": "node app.js"
},
"engines": {
"node": "~0.4.12"
},
"dependencies": {
"express": "2.2.x",
"jade": "0.20.x"
},
"devDependencies": {}
}
!!! 5
html(lang='en')
head
title Express authentication example
body
h1 Express authentication example
p Navigate to
ul
li: a(href="/secure") Secure content
li: a(href="/welcome") Welcome page
li: a(href="/logout") Logout
!!! 5
html(lang='en')
head
title Express authentication example
body
h1 Sign-in to this Express authentication example
p Use <i>user</i> for the username and <i>pass</i> for the password.
form(method='post')
p
label(for='username') Username
input(type='text', name='username')
p
label(for='password') Password
input(type='password', name='password')
input(type='submit')
- each message in flash
h4(style="color: red;") #{message}
!!! 5
html(lang='en')
head
title Express authentication example
body
h1 Hi, secure user.
p Navigate to
ul
li: a(href="/secure") Secure content
li: a(href="/welcome") Welcome page
li: a(href="/logout") Logout
!!! 5
html(lang='en')
head
title Express authentication example
body
h1 Unathorised
p You're unathorised to view this page.
p Please <a href="/login">login</a> to continue
!!! 5
html(lang='en')
head
title Express authentication example
body
h1 Welcome