This is a very simple IndieAuth (or rel='me' auth) middleware (Connect) for Node.js. The main design goal is to enable a dead simple auth inside any Connect-type application.
npm install relmeauth
It requires that you use the bodyParser middleware, the cookieParser middleware (for the session).
var express = require('express');
var relme = require('relmeauth');
var app = express();
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
secret: "A secret for the Sessions encryption"
}));
app.use(relme.middleware({
root: 'http://127.0.0.1:8080',
providers: {
'google.com': {
id: 'xxxxx',
secret: 'yyyyy'
},
'github.com': {
id: 'xxxxx',
secret: 'yyyyy'
}
}
}));
app.get('/private', relme.authenticated ,function(req, res){
res.end('This is a scret that you can now only if youre authentified.');
});
app.listen(8080)
Current providers include: Google, Github, with OStatus sites, Twitter, to come. If you want to support IndieAuth, make sure you support OAuth2, provide rel=me links on your profiles pages.
Test it in on this site.
You can initialize the middleware by providing a configuration object. Options include
- prefix: the prefix for all the relmeauth urls. Default is
relmeauth. Change it if it conflicts with your application. - authPage: the page on which the user will be asked to submit his indieAuth url. The form must be of GET method and the
url provided' name must be
me. - authErrorPage: the page on which error messages will be displayed. The error message is accessible in response.authError
Example:
app.use(relme.middleware({
prefix: 'auth',
root: 'http://127.0.0.1:8080',
authPage = function(req, res, next) {
// Render whatever makes sense to render on the authPage. You can also redirect... etc.
}
authErrorPage = function(req, res, next) {
// Render whatever makes sense to render on the authErrorPage
}
}));Special thanks go to ciaranj for his node-auth NPM, and praise goes to jaredhanson for his willingness to make passport simpler to use!