UNPKG

sails-auth

Version:

Passport-based User Authentication system for sails.js applications.

github.com/tjwebb/sails-auth

tjwebb/sails-auth

116 lines (105 loc) 3.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
var bcrypt = require('bcryptjs'); /** * Hash a passport password. * * @param {Object} password * @param {Function} next */ function hashPassword (passport, next) { var config = sails.config.auth.bcrypt; var salt = config.salt || config.rounds; if (passport.password) { bcrypt.hash(passport.password, salt, function (err, hash) { if (err) { delete passport.password; sails.log.error(err); throw err; } passport.password = hash; next(null, passport); }); } else { next(null, passport); } } /** * Passport Model * * The Passport model handles associating authenticators with users. An authen- * ticator can be either local (password) or third-party (provider). A single * user can have multiple passports, allowing them to connect and use several * third-party strategies in optional conjunction with a password. * * Since an application will only need to authenticate a user once per session, * it makes sense to encapsulate the data specific to the authentication process * in a model of its own. This allows us to keep the session itself as light- * weight as possible as the application only needs to serialize and deserialize * the user, but not the authentication data, to and from the session. */ var Passport = { attributes: { // Required field: Protocol // // Defines the protocol to use for the passport. When employing the local // strategy, the protocol will be set to 'local'. When using a third-party // strategy, the protocol will be set to the standard used by the third- // party service (e.g. 'oauth', 'oauth2', 'openid'). protocol: { type: 'alphanumeric', required: true }, // Local field: Password // // When the local strategy is employed, a password will be used as the // means of authentication along with either a username or an email. password: { type: 'string', minLength: 8 }, // Provider fields: Provider, identifer and tokens // // "provider" is the name of the third-party auth service in all lowercase // (e.g. 'github', 'facebook') whereas "identifier" is a provider-specific // key, typically an ID. These two fields are used as the main means of // identifying a passport and tying it to a local user. // // The "tokens" field is a JSON object used in the case of the OAuth stan- // dards. When using OAuth 1.0, a `token` as well as a `tokenSecret` will // be issued by the provider. In the case of OAuth 2.0, an `accessToken` // and a `refreshToken` will be issued. provider : { type: 'alphanumericdashed' }, identifier : { type: 'string' }, tokens : { type: 'json' }, // Associations // // Associate every passport with one, and only one, user. This requires an // adapter compatible with associations. // // For more information on associations in Waterline, check out: // https://github.com/balderdashy/waterline user: { model: 'User', required: true }, /** * Validate password used by the local strategy. * * @param {string} password The password to validate * @param {Function} next */ validatePassword: function (password, next) { bcrypt.compare(password, this.password, next); } }, /** * Callback to be run before creating a Passport. * * @param {Object} passport The soon-to-be-created Passport * @param {Function} next */ beforeCreate: function (passport, next) { hashPassword(passport, next); }, /** * Callback to be run before updating a Passport. * * @param {Object} passport Values to be updated * @param {Function} next */ beforeUpdate: function (passport, next) { hashPassword(passport, next); } }; module.exports = Passport;