Skip to content

Files

Latest commit

 

History

History

10-authentication

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

To create an application, you probably need authentication. The simplest cookie-based session module is koa-session. For CSRF protection, we've included koa-csrf. For body parsing, we've included co-body. Be sure to read the documentation on these middleware.

Exercise

Let's create a very simple app with login and logout features. Let's define the following routes:

  • / - If the user logs in, they should see hello world. Otherwise, they should see a 401 error because they aren't logged in.
  • /login - if the method is GET, a form should be returned. If the method is POST, it should validate the request body and attempt to login the user.
  • /logout - it should logout the user.

We're not actually going to create users in this example. The only acceptable authentication is:

username = username
password = password

Mark the user as authenticated by populating this.session.authenticated. If this.session.authenticated exists, then the user is considered logged in. In real life, you'd want to set this.session.userid= or something to specify the user.

For more specifics on how the app should work, consult the tests! If you'd like to test it out on your computer, run PORT=3000 node --harmony-generators index.js and open localhost:3000 in your browser.