{"id":20006826,"url":"https://github.com/mystpi/scratch-auth-express","last_synced_at":"2026-02-27T05:40:37.075Z","repository":{"id":65346693,"uuid":"499296746","full_name":"MystPi/scratch-auth-express","owner":"MystPi","description":"Scratch Auth integration for Express. Just plug and play, minimal setup required","archived":false,"fork":false,"pushed_at":"2024-03-26T11:59:38.000Z","size":60,"stargazers_count":8,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-04-26T18:22:11.983Z","etag":null,"topics":["auth","authentication","cookie","cookie-session","express","express-middleware","expressjs","middleware","scratch","scratchauth"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MystPi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-02T21:31:20.000Z","updated_at":"2023-09-09T14:04:47.000Z","dependencies_parsed_at":"2024-11-13T06:13:52.503Z","dependency_job_id":"7d9b828e-3d62-4e8d-871b-8052cf4742e2","html_url":"https://github.com/MystPi/scratch-auth-express","commit_stats":{"total_commits":31,"total_committers":2,"mean_commits":15.5,"dds":"0.032258064516129004","last_synced_commit":"f7d2339479bd30069323324528182e6bda869e00"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MystPi%2Fscratch-auth-express","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MystPi%2Fscratch-auth-express/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MystPi%2Fscratch-auth-express/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MystPi%2Fscratch-auth-express/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MystPi","download_url":"https://codeload.github.com/MystPi/scratch-auth-express/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252382711,"owners_count":21739207,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","cookie","cookie-session","express","express-middleware","expressjs","middleware","scratch","scratchauth"],"created_at":"2024-11-13T06:13:49.572Z","updated_at":"2026-02-27T05:40:37.020Z","avatar_url":"https://github.com/MystPi.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Scratch Auth integration for Express\n\n- Plug and play, minimal setup required\n- Easy to use\n\n## Installation\n\n```\nnpm install sa-express\n```\n\n## Usage\n\n```js\nconst express = require('express');\nconst scratchauth = require('sa-express');\n\nconst app = express();\n\nconst needsAuth = scratchauth(app, {\n  secret: 'SuperSecret1234',\n  appName: 'My Cool Express App',\n  succeeded(req, res) {\n    res.redirect('/welcome');\n  },\n  failed(req, res) {\n    res.redirect('/authfailed');\n  },\n});\n```\n\n### Options\n\n| Name             | Description                                                                                                                                                                       | Default                                       |\n| ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |\n| `secret`         | Secret that `cookie-session` will use. It should be stored securely in an environment variable.                                                                                   | _No default; this option is required_         |\n| `appName`        | Name for Scratch Auth to use on the login page.                                                                                                                                   | `''`                                          |\n| `loginRoute`     | Route for redirecting the user to Scratch Auth.                                                                                                                                   | `'/auth/login'`                               |\n| `verifyRoute`    | Route for verifying Scratch Auth's repsonse.                                                                                                                                      | `'/auth/verify'`                              |\n| `logoutRoute`    | Route for logging the user out.                                                                                                                                                   | `'/auth/logout'`                              |\n| `logoutRedirect` | Route to redirect to after logging out.                                                                                                                                           | `'/'`                                         |\n| `domain`         | The domain of your app. This is only needed if your app unexpectedly redirects to localhost instead of your app's domain. It should not include `http[s]://` or a trailing slash. | `''`                                          |\n| `succeeded`      | Called when the user has been logged in successfully.                                                                                                                             | `(req, res) =\u003e res.redirect('/')`             |\n| `failed`         | Called when auth has failed.                                                                                                                                                      | `(req, res) =\u003e res.send('Auth failed')`       |\n| `cookie`         | [More options here.](https://github.com/expressjs/cookie-session#cookie-options)                                                                                                  | By default lasts 7 days with `sameSite: lax`. |\n\n### Using Auth/Protected Routes\n\nCalling `scratchauth` returns a middleware for protected routes. It will redirect the user if they are not logged in. By default, the redirect route is whatever you passed for `loginRoute`.\n\n```js\napp.get('/dashboard', needsAuth(), (req, res) =\u003e {\n  res.send(`Welcome to your dashboard, ${res.locals.username}!`);\n});\n```\n\nYou can manually implement protected routes by using `res.locals.loggedIn`:\n\n```js\napp.get('/dashboard', (req, res) =\u003e {\n  if (res.locals.loggedIn) {\n    res.send(`Welcome to your dashboard, ${res.locals.username}!`);\n  } else {\n    res.redirect('/auth/login');\n  }\n});\n```\n\nIn fact, `needsAuth` uses `res.locals.loggedIn` under the hood, so both of the methods are equivalent.\n\n## Demo Application\n\nA demo can be found in demo/.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmystpi%2Fscratch-auth-express","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmystpi%2Fscratch-auth-express","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmystpi%2Fscratch-auth-express/lists"}