{"id":15689645,"url":"https://github.com/andrewda/passport-securelogin","last_synced_at":"2025-09-10T04:13:32.237Z","repository":{"id":138526900,"uuid":"94152203","full_name":"andrewda/passport-securelogin","owner":"andrewda","description":"A Passport strategy and Express middleware for SecureLogin authentication","archived":false,"fork":false,"pushed_at":"2017-07-18T17:14:03.000Z","size":43,"stargazers_count":8,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-07T23:04:09.367Z","etag":null,"topics":["auth","authentication","middleware","passport","passportjs","securelogin"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrewda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-13T00:24:15.000Z","updated_at":"2021-02-03T11:56:00.000Z","dependencies_parsed_at":"2023-03-21T10:17:52.854Z","dependency_job_id":null,"html_url":"https://github.com/andrewda/passport-securelogin","commit_stats":{"total_commits":32,"total_committers":1,"mean_commits":32.0,"dds":0.0,"last_synced_commit":"f593b9296bca227960070d2717a5d2fd8f35dc2e"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewda%2Fpassport-securelogin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewda%2Fpassport-securelogin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewda%2Fpassport-securelogin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewda%2Fpassport-securelogin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrewda","download_url":"https://codeload.github.com/andrewda/passport-securelogin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252968114,"owners_count":21833251,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","middleware","passport","passportjs","securelogin"],"created_at":"2024-10-03T18:03:54.967Z","updated_at":"2025-05-07T23:04:14.740Z","avatar_url":"https://github.com/andrewda.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Passport SecureLogin\n\n[![Travis][travis-img]][travis-url]\n[![Coveralls][coveralls-img]][coveralls-url]\n[![Release][release-img]][release-url]\n[![Downloads][downloads-img]][downloads-url]\n[![License][license-img]][license-url]\n\nA Passport strategy and Express middleware for SecureLogin authentication.\n\n## What Is SecureLogin?\n\n\u003e SecureLogin is a decentralized authentication protocol for websites and apps.\n\u003e Classic passwords/2FA are poorly designed, hard to backup and inconvenient to\n\u003e use. SecureLogin is an all-in-one solution that creates a cryptographic\n\u003e private key from your email and master password to sign in everywhere and\n\u003e helps you forget about passwords.\n\nLearn more about SecureLogin [here](https://github.com/sakurity/securelogin).\n\nThis module provides a set of useful tools to develop Node.js apps that use the\nSecureLogin protocol. You can easily provide authentication by using the\nPassport strategy, and confirm important actions using the included Express\nmiddleware. See [usage](#usage) below.\n\n## Usage\n\n### Authentication with Passport\n\nUse the SecureLogin strategy as you would any other Passport strategy. It's\nsuper easy. Here's how you would get it set up:\n\n```javascript\npassport.use(new SecureLogin.Strategy({ domains: 'http://c.dev:3001' }));\n\napp.post('/login', passport.authenticate('securelogin', { session: true }),\n    (req, res) =\u003e res.sendStatus(200));\n```\n\nYou can also check to make sure you want to let a user login. This could be\nuseful if you only want to allow only certain people to authenticate (e.g. a\nprivate blog or beta website).\n\n```javascript\npassport.use(new SecureLogin.Strategy({ domains: 'http://c.dev:3001' },\n    (user, done) =\u003e {\n        // Do some verification here, then call `done(err, user, info)`\n        if (user.authkeys.public === 'WfgIE2wK/9N3PQE5KpZOCwNEPVAFV3c8T6NweX+dSos=') {\n            done(null, user);\n        } else {\n            done(null, false, 'not allowed to authenticate');\n        }\n    }));\n\napp.post('/login', passport.authenticate('securelogin', { session: true }),\n    (req, res) =\u003e res.sendStatus(200));\n```\n\n### Action Confirmation\n\nImportant actions should be verified to make sure they are being performed by\nthe person who they claim to be. This can be easily done using this module by\nusing something like the following Express route:\n\n```javascript\napp.post('/sendmoney', SecureLogin.ScopeMiddleware({ domains: 'http://c.dev:3001' }),\n    (req, res) =\u003e {\n        console.log(`${req.user.authkeys.public} -\u003e $${req.securelogin.scope.amount} -\u003e ${req.securelogin.scope.address}`);\n        res.json(req.securelogin.scope);\n    });\n```\n\nWhen SecureLogin responds to the `/sendmoney` callback URL (which we define in\nthe client-side JavaScript), the middleware will verify the response and set\n`req.securelogin.scope` to the verified scope if the verification is successful.\nOtherwise, `req.securelogin.errors` will contain the errors.\n\n### Profile Change\n\nAn important part of the SecureLogin protocol is the ability to change profiles.\nThis could include a user changing their email and/or password, which will\nalso change their identifying public key. Here's how you would implement this\nendpoint in passport-securelogin:\n\n```javascript\napp.post('/securelogin', SecureLogin.SLMiddleware({ domains: DOMAINS },\n    (err, newUser, oldPublicKey) =\u003e {\n        if (err) {\n            console.log(err);\n        } else {\n            // Update user's database entry with the new profile info\n        }\n    }));\n```\n\nThe `SecureLogin.SLMiddleware` requires a callback with an `err`, a `newUser`\nobject and the user's `oldPublicKey`. Assuming you're using the user's public\nkey as a unique identifier in your database (you should be doing this), you can\nuse `oldPublicKey` to find the user, and update their profile according to the\n`newUser` object.\n\n## Example\n\nAn example application can be found in the `/example` directory. To run the\nexample, `cd` into the directory, `npm install` the dependencies, then run\n`node server`. You should be able to visit `http://localhost:3001` to see the\napp. This example is also running at https://passport-securelogin.herokuapp.com\nif you would like to take a look.\n\n[travis-img]: https://img.shields.io/travis/andrewda/passport-securelogin.svg?style=flat-square\n[travis-url]: https://travis-ci.org/andrewda/passport-securelogin\n[coveralls-img]: https://img.shields.io/coveralls/andrewda/passport-securelogin.svg?style=flat-square\n[coveralls-url]: https://coveralls.io/github/andrewda/passport-securelogin\n[release-img]: https://img.shields.io/npm/v/passport-securelogin.svg?style=flat-square\n[release-url]: https://www.npmjs.com/package/passport-securelogin\n[downloads-img]: https://img.shields.io/npm/dm/passport-securelogin.svg?style=flat-square\n[downloads-url]: https://www.npmjs.com/package/passport-securelogin\n[license-img]: https://img.shields.io/npm/l/passport-securelogin.svg?style=flat-square\n[license-url]: https://github.com/andrewda/passport-securelogin/blob/master/LICENSE\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewda%2Fpassport-securelogin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrewda%2Fpassport-securelogin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewda%2Fpassport-securelogin/lists"}