{"id":18906849,"url":"https://github.com/sequelize/sequelize-authentication","last_synced_at":"2025-07-30T04:05:12.624Z","repository":{"id":6961271,"uuid":"8213562","full_name":"sequelize/sequelize-authentication","owner":"sequelize","description":"A connect module for authentication against a database.","archived":false,"fork":false,"pushed_at":"2017-05-04T14:28:02.000Z","size":14,"stargazers_count":17,"open_issues_count":0,"forks_count":1,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-04T01:04:54.043Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sequelize.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-02-15T06:05:15.000Z","updated_at":"2024-03-04T22:05:40.000Z","dependencies_parsed_at":"2022-09-26T16:21:21.242Z","dependency_job_id":null,"html_url":"https://github.com/sequelize/sequelize-authentication","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/sequelize/sequelize-authentication","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequelize%2Fsequelize-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequelize%2Fsequelize-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequelize%2Fsequelize-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequelize%2Fsequelize-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sequelize","download_url":"https://codeload.github.com/sequelize/sequelize-authentication/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sequelize%2Fsequelize-authentication/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267807919,"owners_count":24147352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T09:18:54.673Z","updated_at":"2025-07-30T04:05:12.574Z","avatar_url":"https://github.com/sequelize.png","language":"JavaScript","readme":"# sequelize-authentication [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/sequelize/sequelize-authentication/trend.png)](https://bitdeli.com/free \"Bitdeli Badge\") [![Build Status](https://secure.travis-ci.org/sequelize/sequelize-authentication.png)](http://travis-ci.org/sequelize/sequelize-authentication)\n\nA connect module for authentication against a database.\n\n## Usage\n\n\tvar app            = express()\n\t  , authentication = require('sequelize-authentication')\n\t  , Sequelize      = require('sequelize')\n\t  , sequelize      = new Sequelize('database', 'user', 'password')\n\t\n\tapp.configure(function() {\n\t  // express.static would go here\n\t  app.use(authentication(sequelize[, options]))\n\t  // express router would go here\n\t})\n\n**Note:** If you are serving static files (e.g. via `express.static`), make sure, that authentication is added afterwards.\nAlso you should make sure, that the router is added after the authentication module.\n\n## Options\n\nThe second parameter of the `authentication` function is an object with options. Let's assume an application,\nthat delivers `hello world` if the a user has authenticated successfully for the following description. You\nmight want to check the example application under `example/app.js`. My local database has a `root` user \nwithout password.\n\n### Option: `via`\n\n`via` defines, where the module will find the credentials.\n\n#### Credentials in the params (default)\n\n\tauthentication(sequelize, { via: 'params' })\n\nThis will tell the module, that the credentials are either in the URL of the request or the body (POST).\nIf you don't want to use headers, this is most likely what you want.\n\n\tcurl \"http://localhost:3000?user=root\u0026password=\"\n\t# =\u003e hello world\n\n\tcurl \"http://localhost:3000?user=root\u0026password=fnord\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -d \"user=root\u0026password=\" \"http://localhost:3000\"\n\t# =\u003e hello world\n\n\tcurl -d \"user=root\u0026password=fnord\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\n#### Credentials in the headers\n\n\tauthentication(sequelize, { via: 'headers' })\n\nThis defines, that the credentials are in the headers of the request.\n\n\tcurl \"http://localhost:3000?user=root\u0026password=\"\n\t# =\u003e Unauthorized\n\n\tcurl \"http://localhost:3000?user=root\u0026password=fnord\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -d \"user=root\u0026password=\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -d \"user=root\u0026password=fnord\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -H \"user: root\" -H \"password: \" http://localhost:3000\n\t# =\u003e hello world\n\t\n\tcurl -H \"user: root\" -H \"password: fnord\" http://localhost:3000\n\t# =\u003e Unauthorized\n\n#### Credentials in the URL\n\n\tauthentication(sequelize, { via: 'query' })\n\nCredentials are in the URL of the request only.\n\n\tcurl \"http://localhost:3000?user=root\u0026password=\"\n\t# =\u003e hello world\n\t\n\tcurl \"http://localhost:3000?user=root\u0026password=fnord\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -d \"user=root\u0026password=\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\n\tcurl -d \"user=root\u0026password=fnord\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\n#### Credentials in the post body\n\n\tauthentication(sequelize, { via: 'body' })\n\nCredentials are in the body of the request only.\n\n\tcurl \"http://localhost:3000?user=root\u0026password=\"\n\t# =\u003e Unauthorized\n\t\n\tcurl \"http://localhost:3000?user=root\u0026password=fnord\"\n\t# =\u003e Unauthorized\n\t\n\tcurl -d \"user=root\u0026password=\" \"http://localhost:3000\"\n\t# =\u003e hello world\n\t\n\tcurl -d \"user=root\u0026password=fnord\" \"http://localhost:3000\"\n\t# =\u003e Unauthorized\n\n### Option: `scope`\n\n`scope` defines, which urls should receive protection via the module.\n\n\tauthentication(sequelize, { scope: '/api' })\n\nThis will protect each url that starts with `/api`.\n\n\tcurl http://localhost:3000\n\t# =\u003e hello world\n\t\n\tcurl http://localhost:3000/api/secret\n\t# =\u003e Unauthorized\n\n\tcurl http://localhost:3000/api/secret?user=root\u0026password=\n\t# =\u003e hello world\n\n### Option: `param`\n\n`param` defines a parameter name which scopes the credentials. The default is none.\n\n\tauthentication(sequelize, { param: 'credentials' })\n\nThe module will now check, if the credentials are located in the credentials object.\n\n\tcurl \"http://localhost:3000?credentials\\[user\\]=root\u0026credentials\\[password\\]=\"\n\t# =\u003e hello world\n\n## Hm? So, what's next?\n\nThe server will send each request through the authentication module. If the request authenticates correctly, it will be passed to the router. If authentication fails, the module will response with a 401 and the message 'Unauthorized'.\n\n## License\nHereby placed under MIT license.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsequelize%2Fsequelize-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsequelize%2Fsequelize-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsequelize%2Fsequelize-authentication/lists"}