{"id":15371630,"url":"https://github.com/charlesread/hapi-form-authentication","last_synced_at":"2025-11-07T12:30:37.922Z","repository":{"id":75015258,"uuid":"98141457","full_name":"charlesread/hapi-form-authentication","owner":"charlesread","description":"Form-based authentication for hapi apps","archived":false,"fork":false,"pushed_at":"2017-08-01T18:19:05.000Z","size":39,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-27T21:32:05.554Z","etag":null,"topics":["authentication","hapi","hapijs"],"latest_commit_sha":null,"homepage":"https://github.com/charlesread/hapi-auth-form","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/charlesread.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-24T02:31:55.000Z","updated_at":"2017-07-24T14:45:54.000Z","dependencies_parsed_at":"2023-04-13T09:48:03.198Z","dependency_job_id":null,"html_url":"https://github.com/charlesread/hapi-form-authentication","commit_stats":{"total_commits":23,"total_committers":2,"mean_commits":11.5,"dds":0.4347826086956522,"last_synced_commit":"48c1bbeb5d7cc45065f998faac4d26befbf2a0db"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlesread%2Fhapi-form-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlesread%2Fhapi-form-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlesread%2Fhapi-form-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlesread%2Fhapi-form-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/charlesread","download_url":"https://codeload.github.com/charlesread/hapi-form-authentication/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239529672,"owners_count":19654155,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","hapi","hapijs"],"created_at":"2024-10-01T13:48:11.110Z","updated_at":"2025-11-07T12:30:37.837Z","avatar_url":"https://github.com/charlesread.png","language":"JavaScript","readme":"[![Build Status](https://travis-ci.org/charlesread/hapi-form-authentication.svg?branch=master)](https://travis-ci.org/charlesread/hapi-form-authentication)\n# hapi-form-authentication\n\n\u003c!-- toc --\u003e\n\n- [Installation](#installation)\n- [Utilization](#utilization)\n- [Configuration Options](#configuration-options)\n * [Plugin-centric options](#plugin-centric-options)\n * [Additional Options](#additional-options)\n\n\u003c!-- tocstop --\u003e\n\nThere are a _ton_ of great authentication plugins for `hapi` out there, this is just another one, and it provides simple `\u003cform\u003e`-based authentication.\n\nCool stuff that `hapi-form-authentication` gives you:\n\n* A simple plug-and-play authentication mechanism in only a few lines of code.\n* Custom login and logout pages\n\nCheck out the [example](https://github.com/charlesread/hapi-form-authentication/tree/master/example) directory for examples!\n\n## Installation\n\n```bash\nnpm i -S hapi-form-authentication\n```\n\n## Utilization\n\n```js\n'use strict'\n\nconst Hapi = require('hapi')\n\nconst plugins = [\n {\n register: require('hapi-form-authentication'),\n options: {\n handler: function (username, password, callback) {\n // if the password is \"password\" let them in\n const isValid = password === 'password'\n // the callback takes two parameters; the first is a simple Boolean\n // that indicates whether or not the user is valid, the second is an\n // object that must contain, at a minimum, a `username` attribute,\n // this object will accessible as `request.auth.credentials` in routes\n callback(isValid, {username: username})\n }\n }\n }\n]\n\nconst server = new Hapi.Server()\n\nserver.connection({\n host: 'localhost',\n port: 8000\n})\n\nserver.register(plugins, function (err) {\n if (err) {\n throw err\n }\n // the first argument can really be anything, it's just an identifier that\n // is to be used in a route's config.auth attribute, as shown below\n server.auth.strategy('arbitraryString', 'form')\n // an insecure route\n server.route({\n method: 'get',\n path: '/',\n handler: function (request, reply) {\n return reply('/')\n }\n })\n // a secure route\n server.route({\n method: 'get',\n path: '/secure',\n handler: function (request, reply) {\n return reply('secure, username: ' + request.auth.credentials.username)\n },\n config: {\n auth: 'arbitraryString'\n }\n })\n})\n\nserver.start((err) =\u003e {\n if (err) {\n throw err\n }\n console.log('Server running at:', server.info.uri)\n})\n\n```\n\n## Configuration Options\n\n### Plugin-centric options\n\n| Name | Type | Default | Description |\n| --- | --- | --- | --- |\n| handler (required) | `function` | | a `function` with signature `function(isValid, object)`. `isValid` should be a `Boolean` that indicates whether or not the user is valid, i.e. if their credentials are correct. The `object` can be arbitrary, but it must contain a `username` attribute, it will be accessible via `request.auth.credentials` in routes. The `handler` function is where you will perform whatever logic you like to verify the authenticity of the credentials. |\n| loginPath | `string` | \"/login\" | This is the path of the login form, like where users will log in, `http://example.com/login`, for example. `hapi-form-authentication` creates this route for you, you can just tell it what you want it named.|\n| postPath | `string` | \"/login\" | This is the path that the login form will actually `POST` to. `hapi-form-authentication` creates this route for you, you can just tell it what you want it named. |\n| logoutPath | `string` | \"/logout\" | This is the path where users can logout, `http://example.com/logout`, for example, this route kills the users session. `hapi-form-authentication` creates this route for you, you can just tell it what you want it named. |\n| redirectPath | `string` | \"/\"| If a user attempts to access a secure route they will be redirected to `loginPath`, upon successful authentication they will redirected back to the originally requested route. But what if they access `loginPath` directly? It wouldn't make much sense for them to be redirect _back_ to the login page now would it? To where will they be redirected upon successful authentication? If you guessed `redirectPath` you're right! |\n| loginSuccessRedirectPath | `string` | originally requested route | by default a user will be redirected to the originally requested route after successful authentication, you can override that here, if you'd like user to be redirected somewhere else, like `/profile`, for example |\n| loginPageFunction | `function` | | Don't like the default login page/form? No worries, you can edit it here. `loginPageFunction` should return the page that you'd like rendered at `loginPath`. That which this function returns is passed to [hapi's reply interface](https://hapijs.com/api#reply-interface), so it can be lots of things, like a `Stream` or a `string`. The function has the signature `function(object)`, where `object` is an object that contains the value of `postPath`, so that you can dynamically determine where your `\u003cform\u003e` should post to. |\n| logoutPageFunction | `function` | | `logoutPageFunction` should return the page that you'd like rendered at `loginPath`. That which this function returns is passed to [hapi's reply interface](https://hapijs.com/api#reply-interface), so it can be lots of things, like a `Stream` or a `string`. By default, logging out will just redirect the user back to `loginPath`. |\n\n### Additional Options\n\n`hapi-form-authentication` makes use of sessions and cookies, it uses [yar](https://www.npmjs.com/package/yar) to do so. You can override the default `yar` options with the `yar` attribute. `hapi-form-authentication` uses a fairly secure `yar` configuration, so you should be careful in tinkering with these options as they may have a drastic impact on the security of your site. \u003cstrong style=\"color:red\"\u003eYou have been warned.\u003c/strong\u003e\n\nOf particular importance is the `yar.cookieOptions.isSecure` attribute. When set to `true` cookies \u003cstrong\u003ewill only be sent if the connection uses https\u003c/strong\u003e. This is a good thing. This should be `true` in production environments. By default `hapi-form-authentication` uses `server.info.protocol` to determine if your application is serving over https and will set `yar.cookieOptions.isSecure` appropriately. For reference, the default options are below.\n\n```js\nyar: {\n storeBlank: false,\n cookieOptions: {\n password: randomize('*', 256), // https://www.npmjs.com/package/randomatic\n isSecure: server.info.protocol === 'https',\n isHttpOnly: true,\n isSameSite: 'Strict'\n }\n}\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharlesread%2Fhapi-form-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcharlesread%2Fhapi-form-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharlesread%2Fhapi-form-authentication/lists"}