- Generated By Server
- Sent to Client Browser
- Saved on Client Browser
- Cookies are sent to server along with the HTTP request
- Server sends some data as response back to client
We can create a persistent session using cookies.
Required modules for this version of project:
npm install passport passport-local express-session bcrypt
const bcrypt = require('bcrypt')
const saltRounds = 10;
const session = require('express-session')
const passport = require('passport')
const LocalStrategy = require("passport-local").Strategy;
1. Initialize Session of express-session
app.use(session({
secret: process.env.SECRET_KEY,
resave: false,
saveUninitialized: false
}));
2. Initialize passport for use (Comes from passport)
app.use(passport.initialize());
3. For persistent session (Comes from passport)
app.use(passport.session());
4. Configure passport local strategy
// traditional method. Requires LocalStrategy defined right after passport
passport.use(new LocalStrategy(User.authenticate()));
// new method defined by passport-local-mongoose
passport.use(User.createStrategy());
5. To serialize and deserialize cookies (Comes from passport-local)
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
User.findById(id)
.then((founduser) => {
done(null, founduser);
})
.catch(err => {
done(err);
});
});
bcrypt.hash(req.body.password, saltRounds, (err, hash) => {
if (err) {
console.log(err);
} else {
const newUser = new User({
username: req.body.username,
password: hash
})
newUser.save()
.then(() => {
passport.authenticate('local', {
successRedirect: '/secrets',
failureRedirect: '/login'
})(req, res);
})
}
})
const user = new User({
username: req.body.useername,
password: req.body.password
});
req.login(user, (err) => {
if (err) {
console.log(err);
} else {
passport.authenticate('local', {
successRedirect: '/secrets'
})(req, res);
}
});
Reference: express-session
// To prevent back button redirect after log out
res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
if (req.isAuthenticated()) {
// Render Protected Endpoint
} else {
res.redirect("/login");
}
Reference: passport
Alternative method is on: express-session
app.route('/logout')
.get((req, res) => {
req.logOut((err) => {
if (err) {
console.log(err);
} else {
res.redirect('/');
}
});
});
OAuth npm install passport-google-oauth2
findOrCreate: npm install mongoose-findorcreate
Google OAuth Console
Then
const findOrCreate = require('mongoose-findorcreate');
// Define googleSchema
googleSchema.plugin(findOrCreate);
- Passport Google OAuth2
- YT - NodeJS & Express - Google OAuth2 using PassportJS
- YT - Login with Google using Node JS | Google Authentication | Google OAuth using PassportJS
auth.js basic Structure
var GoogleStrategy = require( 'passport-google-oauth2' ).Strategy;
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: "http://yourdomain:3000/auth/google/callback",
passReqToCallback : true
},
function(request, accessToken, refreshToken, profile, done) {
GoogleUser.findOrCreate({ googleId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
Then in app.js
// Google OAuth endpoint: Transfer request to Google for Google account login
app.get("/auth/google",
passport.authenticate('google', {scope: ['email', 'profile']}));
// Google Callback endpoint: The one we defined in [google console > Credentials > 'OAuth 2.0 Client IDs']
app.get('/google/callback',
passport.authenticate('google', {
successRedirect: '/secrets',
failureRedirect: '/auth/failure'
})
);
// Auth Failure Endpoint
app.get('/auth/failure', (req, res) => {
res.send('Something Went Wrong...');
});