NOTE: Please use the 0.5 branch if you're using Derby/Racer 0.5
Provides authentication middleware (using Passport) for use in your Derby projects.
Setup derby-auth strategies and configurations
var
auth = require('derby-auth'),
// Pass in actual Passport Strategy objects as well as their configurations (see http://passportjs.org/guide/facebook/)
// Note: this means you'd need "passport-facebook" in your package.json file
strategies = {
facebook: {
strategy: require('passport-facebook').Strategy,
conf: { clientID: process.env.FACEBOOK_KEY, clientSecret: process.env.FACEBOOK_SECRET }
},
// Pass in options. Domain defaults to localhost:3000, but consider it required
// (It's a Passport technicality, if anyone has suggestions for determining domain on run-time, please message me)
options = {
domain: (process.env.NODE_ENV==='production' ? "http://my.com" : "http://localhost:3000" )
}
Initialize the Store (queries, accessControl, etc)
// initialize queries and accessControl
auth.store(store);
Use derby-auth's mounted middleware
.use(store.modelMiddleware())
// derby-auth.middleware is inserted after modelMiddleware and before the app router to pass server accessible data to a model
.use(auth.middleware(strategies, options))
.use(app.router())
Also, make sure your express app is using sessions:
# Uncomment and supply secret to add Derby session handling
# Derby session middleware creates req.session and socket.io sessions
.use(express.cookieParser())
.use(store.sessionMiddleware
secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE'
cookie: {maxAge: ONE_YEAR}
)
And finaly, we need to add form data parsing support:
// Uncomment to add form data parsing support
.use(express.bodyParser())
If you want drop-in Login and Register forms, including form validation, use the <derby-auth:login />
and <derby-auth:register />
components. To enable these, you'll need this in your /lib/app/index.js
file:
derby.use(require('derby-auth/components'));
See the example for more details, as well as login / registration forms, sign-in buttons, etc.
This project was originally implemented with Everyauth (see branch), but had some issues: