To create an application, you probably need authentication. The simplest cookie-based session module is koa-session. For CSRF protection, we've included koa-csrf. For body parsing, we've included co-body. Be sure to read the documentation on these middleware.
Let's create a very simple app with login and logout features. Let's define the following routes:
/
- If the user logs in, they should seehello world
. Otherwise, they should see a401
error because they aren't logged in./login
- if the method isGET
, a form should be returned. If the method isPOST
, it should validate the request body and attempt to login the user./logout
- it should logout the user.
We're not actually going to create users in this example. The only acceptable authentication is:
username = username
password = password
Mark the user as authenticated by populating this.session.authenticated
.
If this.session.authenticated
exists, then the user is considered logged in.
In real life, you'd want to set this.session.userid=
or something to specify the user.
For more specifics on how the app should work, consult the tests!
If you'd like to test it out on your computer,
run PORT=3000 node --harmony-generators index.js
and open localhost:3000
in your browser.