Manage a rabble of users.
export default function(server) {
return server.registerAsync({
register : require('rabble'),
options : {
privateKey : process.env.JWT_SECRET,
getUser : function(decodedToken) {
return UserMapper.find(decodedToken.id);
},
},
});
}
This module provides some helpers for you, but due to the incredibly diverse nature of databases and user representations, we don't provide any API endpoints. We do, however, provide some samples:
server.route({
path : '/user',
method : 'POST',
handler : function(request, reply) {
let user = new User(request.payload);
let hashPassword = Promise.promisify(request.server.methods.hashPassword);
let promise = hashPassword(request.payload.password)
.then((hash) => user.set('password', hash))
.then((user) => user.save())
.then((user) => _.omit(user.toObject(), 'password'));
return reply(promise);
},
config : {
description : 'Create a user',
notes : 'Authentication not required',
tags : [ 'api', 'users' ],
auth : false,
validate : {
payload : Joi.object().keys({
email : Joi.string().email().required(),
password : Joi.string().required(),
}),
},
},
});
server.route({
path : '/token',
method : 'POST',
handler(request, reply) {
let compare = Promise.promisify(request.server.methods.comparePassword);
let promise = User.find({ email : request.payload.email })
.then((user) => {
return compare(request.payload.password, user.get('password'))
.then((same) => {
if (! same) {
throw Boom.unauthorized();
}
return request.server.methods.signToken(user);
});
})
.then((token) => {
return { token : token };
});
return reply(promise);
},
config : {
description : 'Create a login token',
notes : 'Authentication not required',
tags : [ 'api', 'users' ],
auth : false,
validate : {
payload : Joi.object().keys({
email : Joi.string().email().required(),
password : Joi.string().required(),
}),
},
},
});
HEAD
- check login
GET
- fetch user data
server.route({
path : '/user',
method : [ 'HEAD', 'GET' ],
handler : function(request, reply) {
reply(_.omit(request.auth.credentials.toObject(), 'password'));
},
config : {
description : 'Verify login',
notes : 'Allows GET or HEAD; returns user object for GETs',
tags : [ 'api' , 'users' ],
}
});