Closed zoe-1 closed 9 years ago
hapijs lab uses eslint to lint JavaScript files. Default configurations for linting are found here:
./node_modules/lab/lib/linters/eslint/.eslintrc
You can extend or modify linting configurations by putting a .eslintrc
file in the root of your project. See: eslint's documentation and look at my .eslintrc file for examples of extending default linting options. Plus, see @AdriVanHoudt 's comments at this post: hapijs/lab#372
I am open to any eslint questions!
Due date extended to July 7, 2015. Original due date was June 28, 2015.
@AdriVanHoudt Thank you for being willing to help with the linting :-)
np I don't have time for the assignments so I try to help where possible
@AdriVanHoudt Can you explain the no-shadow-relaxed
@rwobben the standard no-shadow was too strict, shadowing things like err and done have a really small chance of messing things up and changing it makes the code less readable so @geek made a relaxed version
Objectives
Study Helps
If you read the assignment requirements and do not know where to start then go to: the study helps. Or, view this sample hapi-auth-cookie project . It is written using ES6 JavasScript and uses hapi v13 so it is an up-to-date example.
Cookie-based session management.
Configure hapi-auth-cookie for cookie-based session management. Every route will be black listed requiring authentication and authorization globally. White list public routes. Make two user roles for basic RBAC authorization:
There will be three types of authorization restrictions:
Login Process
We created the GET /login route in assignment6. This route is to be open to the public. When the user clicks the submit button on the HTML form, client side JavaScript should handle the submission and make an AJAX POST request. If the POST request is successful, the login form should disappear and user is presented with links to access restricted content /account or /logout. At this stage the login process is complete, session cookies are set, and authorized users can begin to access restricted content.
If the login AJAX request fails, a red HTML format error message is displayed above the login form. If the user clicks submit again the error message should disapear. Bonus: Add clientside logic to avoid duplicate form submissions.
api first steps
Building towards a client-server architecture for an application that serves multiple clients. Begin building the api:
Restricted Access Content
The /account route
After a successful login, user sees "My Account" link and "Logout" link. The "My Account" link goes to the /account route which is restricted to authenticated users with roles of "user" or "admin". The /account route will display a page with the username of the logged in user and the following links: "Logout", "Home", and "Admin Panel" (if user has admin privileges). Correspondingly, the previous mentioned links point to /logout, /home, and /admin.
The /admin route
The /admin route should display an admin welcome message with the admin's username displayed. Plus, there should be three links: "My Account", "Logout" , "Home". Only users with the role of "admin" should be able to access /admin route.
The /home route
If a logged in user goes to /home, "My Account" and "Logout" links are displayed along with the hapi university image. When a user clicks on the "My Account" link they are taken to the /account route described above. If user is not logged in the login link is displayed.
Logging Out
On /home, /account, and /admin routes there should be a logout button which links to /logout and destroys the session. Plus, the /login POST route should have a "Logged out" message displayed after the logout AJAX request successfully completes.
Other Technical Details and Refactoring:
When configuring the application to use hapi-auth-cookie
Due Date July 7, 2015
The work required to master the content of this assignment will reap benefits over the long run. hapi's authorization and authentication logic is powerful and beautiful. :-) Let's push each other to work hard and make this assignment a great learning experience!