Using koa and passport for authentication

Question

Using koa and passport for authentication

I am using koa and a passport trying to implement middleware to prevent access to the URI when it is not authenticated.

var koa = require('koa'); var session = require('koa-generic-session'); var bodyParser = require('koa-bodyparser'); var koaRouter = require('koa-router'); var passport = require('koa-passport'); var views = require('co-views'); var render = views('.', { map: { html: 'swig' }}); var localStrategy = require('passport-local').Strategy; var app = koa(); var router = koaRouter(); app.keys = ['secret']; app.use(session()); app.use(bodyParser()); app.use(passport.initialize()); app.use(passport.session()); passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(user, done) { done(null, user); }); passport.use(new localStrategy(function(username, password, done) { if (username === 'user1' && password === 'password2') { done(null, { userId: 99, userName: 'redBallons' }); } else { done(null, false); } })); router.get('/login', function *(next) { this.body = yield render('index.html'); }); router.post('/login', passport.authenticate('local', { successRedirect: '/secretBankAccount', failureRedirect: '/login' })); router.get('*', function *(next) { if (! this.isAuthenticated()) { console.log('not authenticated'); this.redirect('/login'); } else { console.log('authenticated'); yield next; } }); router.get('/secretBankAccount', function *(next) { this.body = '2 dollars'; }); app.use(router.routes()); app.listen(8080);

however, I can never get to my secret bank. I can enter the correct user and password and see the authentication message, but the output following in the router.get ('*') file does not pass me the following routing function

+4

authentication routing koa passport.js

mfc Aug 7 '15 at 13:41

source share

1 answer

Peadar doyle · Accepted Answer · 2015-08-09T21:04:53+0000

When using koa-router , it is expected that only one route will be deleted. Therefore, when you press the route '*' , it will not hit another route, even if you yield next .

So, you should replace the universal route with your own authentication middleware:

 app.use(function*(next) { if (this.isAuthenticated()) { yield next } else { this.redirect('/login') } });

The authentication tool forces you to perform your routing with two routing objects instead of one. This way you can distinguish between public and secure routes. So something like:

 var public = new koaRouter(); public.get('/login', function *(next) { this.body = yield render('index.html'); }); public.post('/login', passport.authenticate('local', { successRedirect: '/secretBankAccount', failureRedirect: '/login' })); app.use(public.routes()); app.use(function*(next) { if (this.isAuthenticated()) { yield next; } else { this.redirect('/login'); } }) var secured = new koaRouter(); secured.get('/secretBankAccount', function *(next) { this.body = '2 dollars'; }); app.use(secured.routes());

In the above example, the request will first go to the public routing middleware. Then, if it does not match the current request with a public route, it will switch to middleware authentication. If isAuthenticated() is false , a redirect will occur. If isAuthenticated() is true , it will switch to secure routing.

This approach is based on a draft example of a kao passport that was created by koa-passport .

Using koa and passport for authentication

More articles: