https://github.com/jquagliatini/now-connect
A project replicating the now.sh login system
https://github.com/jquagliatini/now-connect
authentication event-emitter express mailing nodejs nodemailer now server-sent-events
Last synced: 2 months ago
JSON representation
A project replicating the now.sh login system
- Host: GitHub
- URL: https://github.com/jquagliatini/now-connect
- Owner: jquagliatini
- Created: 2018-12-09T21:16:58.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-12-09T21:21:09.000Z (over 7 years ago)
- Last Synced: 2025-10-20T13:16:42.924Z (9 months ago)
- Topics: authentication, event-emitter, express, mailing, nodejs, nodemailer, now, server-sent-events
- Language: JavaScript
- Homepage:
- Size: 59.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# now.sh login system
I was amazed by how ingenious the [now.sh](https://now.sh) login system is.
I always wanted to reproduce it, so here is the base project.
Basically, it's playing a lot with Server Sent Events and the EventEmitter API from node.
## Installation
Just run a
$ npm i -g maildev
$ npm i
$ maildev # You could do a `npx maildev` too!
$ npm start # in another terminal
Then open maildev in a browser at http://localhost:1080. Just after that, open another tab at
http://localhost:3000.
Fill in any valid email address, and check the inbox in maildev. Click the button, you should see
a message "login success" on the first form. That's it!
## Roadmap
- [x] basic auth scenario
- [ ] adding a setTimeout
- [ ] adding a real data store (redis)
- [ ] security (see below)
- [ ] JWT to keep the authentication state.
## Security Considerations
At the moment, the implementation is naive at best.
One could really simply DOS the system, by simply sending a batch of request to the `/signin`
endpoint. Preventing this could be done by throttling the requests, logging the ip address, and
a load of things I still need to investigate.
## Endpoints
### /
The main endpoint, serving a authentication form with only a email field.
### POST /signin
The email handling operation. Will start the email sending operation, and serve another html
page subsribing to a SSE page.
### /sessions
If you want to check at any moment the current state of the app. It's a page subscribing to the
'login' event displaying all the past and present sessions. By doing so, it automatically
updates as soon as someone logs in.
### /connect/{sessionName}/{token}?email={email}
Fires the connection event and validates the user's email.
### /stream/sessions
A SSE endpoint to subscribe to any new login requests.
### /session/{sessionName}
SSE endpoint to subscribe to the 'clicked on login button in email' event.
Sessions names are a well known duo of adjective + animal name.