Skip to content

Files

Latest commit

 

History

History

10-authentication

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Jun 29, 2014
Jun 29, 2014
Jun 29, 2014
Jun 29, 2014

To create an application, you probably need authentication. The simplest cookie-based session module is koa-session. For CSRF protection, we've included koa-csrf. For body parsing, we've included co-body. Be sure to read the documentation on these middleware.

Exercise

Let's create a very simple app with login and logout features. Let's define the following routes:

  • / - If the user logs in, they should see hello world. Otherwise, they should see a 401 error because they aren't logged in.
  • /login - if the method is GET, a form should be returned. If the method is POST, it should validate the request body and attempt to login the user.
  • /logout - it should logout the user.

We're not actually going to create users in this example. The only acceptable authentication is:

username = username
password = password

Mark the user as authenticated by populating this.session.authenticated. If this.session.authenticated exists, then the user is considered logged in. In real life, you'd want to set this.session.userid= or something to specify the user.

For more specifics on how the app should work, consult the tests! If you'd like to test it out on your computer, run PORT=3000 node --harmony-generators index.js and open localhost:3000 in your browser.