AndersonFirmino
1/9/2012 - 6:46 AM

Express simple authentication example

Express simple authentication example

var express = require('express');

var port = 8999;

var app = express.createServer();

function checkAuth (req, res, next) {
	console.log('checkAuth ' + req.url);

	// don't serve /secure to those not logged in
	// you should add to this list, for each and every secure url
	if (req.url === '/secure' && (!req.session || !req.session.authenticated)) {
		res.render('unauthorised', { status: 403 });
		return;
	}

	next();
}

app.configure(function () {

	app.use(express.cookieParser());
	app.use(express.session({ secret: 'example' }));
	app.use(express.bodyParser());
	app.use(checkAuth);
	app.use(app.router);
	app.set('view engine', 'jade');
	app.set('view options', { layout: false });

});

require('./lib/routes.js')(app);

app.listen(port);
console.log('Node listening on port %s', port);
var util = require('util');

module.exports = function (app) {

	app.get('/', function (req, res, next) {
		res.render('index');
	}); 

	app.get('/welcome', function (req, res, next) {
		res.render('welcome');
	});

	app.get('/secure', function (req, res, next) {
		res.render('secure');
	});

	app.get('/login', function (req, res, next) {
		res.render('login', { flash: req.flash() } );
	});

	app.post('/login', function (req, res, next) {

		// you might like to do a database look-up or something more scalable here
		if (req.body.username && req.body.username === 'user' && req.body.password && req.body.password === 'pass') {
			req.session.authenticated = true;
			res.redirect('/secure');
		} else {
			req.flash('error', 'Username and password are incorrect');
			res.redirect('/login');
		}

	});

	app.get('/logout', function (req, res, next) {
		delete req.session.authenticated;
		res.redirect('/');
	});

};
{
  "author": "Scott Mebberson (http://www.scottmebberson.com/)",
  "name": "gist-expressauthentication",
  "description": "Simple Express authentication example",
  "version": "0.0.0",
  "homepage": "https://gist.github.com/1581536",
  "repository": {
    "type": "git",
    "url": "git@gist.github.com:1581536.git"
  },
  "scripts": {
	"start": "node app.js"
  },
  "engines": {
    "node": "~0.4.12"
  },
  "dependencies": {
	"express": "2.2.x",
	"jade": "0.20.x"
  },
  "devDependencies": {}
}
!!! 5
html(lang='en')
	head
		title Express authentication example
	body
		h1 Express authentication example
		p Navigate to
			ul
				li: a(href="/secure") Secure content
				li: a(href="/welcome") Welcome page
				li: a(href="/logout") Logout
!!! 5
html(lang='en')
	head
		title Express authentication example
	body
		h1 Sign-in to this Express authentication example
		p Use <i>user</i> for the username and <i>pass</i> for the password.
		form(method='post')
			p
				label(for='username') Username
				input(type='text', name='username')
			p
				label(for='password') Password
				input(type='password', name='password')
			input(type='submit')
		- each message in flash
			h4(style="color: red;") #{message}
!!! 5
html(lang='en')
	head
		title Express authentication example
	body
		h1 Hi, secure user.
		p Navigate to
			ul
				li: a(href="/secure") Secure content
				li: a(href="/welcome") Welcome page
				li: a(href="/logout") Logout
!!! 5
html(lang='en')
	head
		title Express authentication example
	body
		h1 Unathorised
		p You're unathorised to view this page.
		p Please <a href="/login">login</a> to continue
!!! 5
html(lang='en')
	head
		title Express authentication example
	body
		h1 Welcome