rdegges / svcc-auth Goto Github PK

View Code? Open in Web Editor NEW

98.0 8.0 55.0 12 KB

Demo code for my Silicon Valley Code Camp talk about authentication in Node.js!

Home Page: https://speakerdeck.com/rdegges/everything-you-ever-wanted-to-know-about-authentication-in-node-dot-js

JavaScript 78.87% HTML 21.13%

svcc-auth's Introduction

svcc-auth

This project contains code which shows how to implement your own user authentication in a Node.js web app with MongoDB.

The talk slides can be found on SpeakerDeck.

Installation

Installing this project is simple, run the following commands:

$ git clone https://github.com/rdegges/svcc-auth.git
$ cd svcc-auth
$ npm install
$ sudo mongod &  # start mongodb locally
$ npm start      # fire up the project!

NOTE: You must have MongoDB installed and working locally in order to run this project.

Purpose

This project shows how to implement basic user authentication in a Node.js web app. The accompanying talk explains how HTTP authentication works in a group-up way for new Node.js (and web) developers.

Questions

Got questions? Hit me up! I'm [email protected].

svcc-auth's People

Contributors

Stargazers

Watchers

svcc-auth's Issues

Client-sessions

Hello I started doing a project similar to yours and me came a doubt the use of client- sessions in which it differs from express-session has problems using the express-session for each working with sessions ?
Sorry I am from Brazil and meu Ingles is terrible
but I thank you for your attention and your time

update mongoose dependency

To fix following error, update mongoose dependency (in package.json) to: "mongoose": "^4.0.0"

~/dev/nodejs/svcc-auth/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/base.js:246
        throw message;
              ^
TypeError: Cannot read property 'length' of undefined

Display errors on any page that has errors

Moved the "if error p ERROR: #{error}" from login.jade to base.jade s.t. even errors in registration get displayed.

/views/base.jade

block vars 
doctype html
html
  head
    title SVCC Auth | #{title}

  body
  if error
      p ERROR: #{error}

    block body

middleware fetches already existing user data

Hey man,
First, thanks for the awesome tutorial, it has been a great help for my understanding the authentication process.

One thing i don't get though:

In the simpleAuth middleware you take data from an existing session (user.email) and then with createUserSession you put the same data back into the session. I just don't get the purpose of that.

Can you pls shed some light?
Thanks again.

Need to remove the comma for the final attribute

In Util.js there is a use of the client-sessions middleware that you need to fix..
app.use(session({
cookieName: 'session',
secret: 'keyboard cat',
duration: 30 * 60 * 1000,
activeDuration: 5 * 60 * 1000,
}));

csrf token has no purpose

Hey man,
I've noticed that you don't check for the proper csrf token inside the post request. Doesn't that render it useless or am I missing something?
Btw, great and comprehensive tutorial, very useful, best of luck! :)

invalid csrf token error

Hi,
I see that you committed a couple of days ago to fix the csrf issue by passing in csrfToken: req.csrfToken() to render. I was trying to test the incorrect login errors and encountered the invalid csrf token error on every other invalid attempt.
I managed to fix it by also passing in req.csrfToken() to the res.render that belongs to the if (!user) part.
I believe you must have meant it but just missed putting it in there as well.
Cheers!
Thanks for the great tutorial.

csrfToken

Add the csrfToken to routes/auth:39.