Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mystpi/scratch-auth-express
Scratch Auth integration for Express. Just plug and play, minimal setup required
https://github.com/mystpi/scratch-auth-express
auth authentication cookie cookie-session express express-middleware expressjs middleware scratch scratchauth
Last synced: 5 days ago
JSON representation
Scratch Auth integration for Express. Just plug and play, minimal setup required
- Host: GitHub
- URL: https://github.com/mystpi/scratch-auth-express
- Owner: MystPi
- License: mit
- Created: 2022-06-02T21:31:20.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-26T11:59:38.000Z (8 months ago)
- Last Synced: 2024-04-26T18:22:11.983Z (7 months ago)
- Topics: auth, authentication, cookie, cookie-session, express, express-middleware, expressjs, middleware, scratch, scratchauth
- Language: JavaScript
- Homepage:
- Size: 58.6 KB
- Stars: 8
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Scratch Auth integration for Express
- Plug and play, minimal setup required
- Easy to use
## Installation
```
npm install sa-express
```
## Usage
```js
const express = require('express');
const scratchauth = require('sa-express');
const app = express();
const needsAuth = scratchauth(app, {
secret: 'SuperSecret1234',
appName: 'My Cool Express App',
succeeded(req, res) {
res.redirect('/welcome');
},
failed(req, res) {
res.redirect('/authfailed');
},
});
```
### Options
| Name | Description | Default |
| ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
| `secret` | Secret that `cookie-session` will use. It should be stored securely in an environment variable. | _No default; this option is required_ |
| `appName` | Name for Scratch Auth to use on the login page. | `''` |
| `loginRoute` | Route for redirecting the user to Scratch Auth. | `'/auth/login'` |
| `verifyRoute` | Route for verifying Scratch Auth's repsonse. | `'/auth/verify'` |
| `logoutRoute` | Route for logging the user out. | `'/auth/logout'` |
| `logoutRedirect` | Route to redirect to after logging out. | `'/'` |
| `domain` | The domain of your app. This is only needed if your app unexpectedly redirects to localhost instead of your app's domain. It should not include `http[s]://` or a trailing slash. | `''` |
| `succeeded` | Called when the user has been logged in successfully. | `(req, res) => res.redirect('/')` |
| `failed` | Called when auth has failed. | `(req, res) => res.send('Auth failed')` |
| `cookie` | [More options here.](https://github.com/expressjs/cookie-session#cookie-options) | By default lasts 7 days with `sameSite: lax`. |
### Using Auth/Protected Routes
Calling `scratchauth` returns a middleware for protected routes. It will redirect the user if they are not logged in. By default, the redirect route is whatever you passed for `loginRoute`.
```js
app.get('/dashboard', needsAuth(), (req, res) => {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
});
```
You can manually implement protected routes by using `res.locals.loggedIn`:
```js
app.get('/dashboard', (req, res) => {
if (res.locals.loggedIn) {
res.send(`Welcome to your dashboard, ${res.locals.username}!`);
} else {
res.redirect('/auth/login');
}
});
```
In fact, `needsAuth` uses `res.locals.loggedIn` under the hood, so both of the methods are equivalent.
## Demo Application
A demo can be found in demo/.