passwordless-hapi is a very thin adapter over top of the passwordless express middleware. It tries to use the base passwordless code and only change the way it interacts with requests, replies, and session. Because of the difference in middleware between Express and Hapi, some functionality feels slightly more awkward.
The only dependency is passwordless. This library currently only aims to support 1.1.1, but it may also work with previous versions. It technically is not constrainted by your Hapi version, although it may not work with really old Hapi versions.
The following should provide a quick-start in using Passwordless and Hapi. If you need more details check out the example, the deep dive, or the documentation. Also, don't hesitate to raise comments and questions on GitHub.
Follow instructions on the passwordless repo
$ npm install passwordless-hapi --save
Follow instructions on the passwordless repo
Follow instructions on the passwordless repo
Follow instructions on the passwordless repo
Follow instructions on the passwordless repo
// This code is placed at your hapi server definition.
server.register({
register: require('passwordless-hapi'),
// All options are listed here
options: {
passwordless: passwordless, // your passwordless instance is required
onSuccessfulAuth: function(reply, userId) { // anytime a successful validation occurs, this fires
// perform operations with the user id, like persisting to session
reply.continue(); // must be called if you want to pass through, otherwise handle the reply
},
getUserId: function(user, delivery, callback, req) { // the function that passwordless uses to validate users
// usually you would want something like:
User.find({email: user}, callback(ret) {
if(ret)
callback(null, ret.id)
else
callback(null, null)
})
// but you could also do the following
// if you want to allow anyone:
// callback(null, user);
},
sendTokenSuccessHandler: function(request, reply) {
// Called after a successful call to sendToken. Advised is to redirect
reply.response().redirect('/check-your-email');
},
sendTokenPath: '/sendtoken' // this is optional if you want to have a custom send token path
}
});
There is a bit of divergence here between the express and hapi version. Rather than setting up middleware for you, the core functionality is handled by Hapi, and you don't need to define custom routes.
All you need is a form where users enter their email address, for example:
<html>
<body>
<h1>Login</h1>
<form action="/sendtoken" method="POST">
Email:
<br><input name="user" type="text">
<br><input type="submit" value="Login">
</form>
</body>
</html>passwordless-hapi will look for a field called user submitted via POST.
passwordless-hapi does not provide middleware to protect your pages. Instead, you can write a server extension that uses session to check for a valid user id.
passwordless-hapi does not provide middleware on top of the request. You can access the user via your preferred session management code.