@uscreen.de/fastify-mongo-auth
Advanced tools
Readme
Stateless session backed by authentication against mongodb collection
Provides:
fastify.auth - the authentication adapter with it's api (see below)req.session - as provided by @fastify/secure-sessionreq.user - (default, customize by decorateRequest option) will be a current authenticated user accountUses secure-password for hashing and verification
$ yarn add @uscreen.de/fastify-mongo-auth
$ yarn add @fastify/mongodb @uscreen.de/fastify-mongo-crud
The session package @fastify/secure-session (see @npm) requires a secret or key. We stick to recommended setup with a generated key below, so you should generate one too:
$ secure-session-gen-key > session-key
Setup within a plugins/mongo.js file to resolve required dependencies before:
import fs from 'fs'
import path from 'path'
import fp from 'fastify-plugin'
import mongodb from '@fastify/mongodb'
import crud from '@uscreen.de/fastify-mongo-crud'
import auth from '@uscreen.de/fastify-mongo-auth'
/**
* mongodb related
*/
export default fp(async (fastify, opts) => {
/**
* 1) setup mongodb connection
*/
await fastify.register(mongodb, {
url: opts.mongoUri
})
/**
* 2) setup CRUD factory
*/
await fastify.register(crud)
/**
* 3) enable authentication
*/
await fastify.register(auth, {
key: fs.readFileSync(path.join(fastify.root, 'session-key')),
decorateRequest: 'account'
})
})
Prepare account within a service/accounts.js file:
export default async fastify => {
const { auth } = fastify
/**
* registration
* -> body.{username, password}
* <- account.{username, _id}
*/
fastify.post('/register', async req => ({
account: await auth.collection.create({
hash: auth.createHash(req.body.password),
username: req.body.username.toLowerCase()
})
}))
}
Usage within a services/auth.js file:
export default async fastify => {
const { auth } = fastify
/**
* authentication / login
* -> body.{username, password}
* <- account.{username, _id}
*/
fastify.post('/login', auth.loginHandler)
/**
* authentication / logout
* -> {} - no payload required
* <- {} - no payload returned
*/
fastify.post('/logout', auth.logoutHandler)
/**
* authentication / check currentUser
* <- account.{username, _id}
*/
fastify.get(
'/currentUser',
{
preHandler: auth.authorized
},
auth.currentUserHandler
)
}
| Option | Description | Default |
|---|---|---|
| collection | Name of the mongodb collection the accounts are stored in. | "accounts" |
| cookie | Options for session cookie as listed here cookie. | { path: '/' } |
| key | Path to file of session-key @fastify/secure-session uses to ensure secure stateless cookie sessions. | "" |
| decorateRequest | Property providing current authenticated account object within request object. (ie.: req.user as default) | "user" |
| usernameToLowerCase | Should usernames be treated case-insensitive (by lower-casing all queries) or not. | true |
| usernameField | Name of property for usernames. Affects mongodb documents and the login handler (see below). | "username" |
| passwordField | Name of property for passwords. | "password" |
Returns the fastify-mongo-crud collection object where the accounts are stored.
PreHandler validating authentication. Throws an 401 Unauthorized error on unvalid authentication.
Creates a hash from given password. Useful when creating a new account or changing an account's password.
Verifies the given password to the given hash.
Handler for logging in to an account (i.e. called by POST /login). Expects a req object with a body containing credentials as configured in Options, defaults to:
{
"username": "a user's name",
"password": "a user's password"
}
Handler for logging off from an account (i.e. called by POST /logout). Expects a req object without a body.
Handler returning the current authenticated account (i.e. called by GET /currentUser) or an empty object if no account is authenticated. Expects a req object without a body.
cookie defaults to { path: '/' }usernameToLowerCase to disable case-insensitive usernames (defaults to true)Licensed under MIT.
Published, Supported and Sponsored by u|screen
FAQs
Stateless session backed by authentication against mongodb collection
The npm package @uscreen.de/fastify-mongo-auth receives a total of 1 weekly downloads. As such, @uscreen.de/fastify-mongo-auth popularity was classified as not popular.
We found that @uscreen.de/fastify-mongo-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.