Howto : using connect-auth with express
180 views
Skip to first unread message
ashish01
Sep 14, 2010, 6:05:24 PM9/14/10
to Express
Hi
I am new to node and want to know how to use any connect modules which
are not directly exported by express. Esp. how to use connect-auth in
express. Is it same as adding a filter (like logger) ?
Thanks
I am new to node and want to know how to use any connect modules which
are not directly exported by express. Esp. how to use connect-auth in
express. Is it same as adding a filter (like logger) ?
Thanks
Ciaran
Sep 15, 2010, 2:12:45 AM9/15/10
to expre...@googlegroups.com
Hiyah sorry I can't give any more details at the mo ;) am on
honeymoon. but there should be some examples of using connect auth
with express on the wiki over on github iirc?
honeymoon. but there should be some examples of using connect auth
with express on the wiki over on github iirc?
- cj
> --
> You received this message because you are subscribed to the Google Groups "Express" group.
> To post to this group, send email to expre...@googlegroups.com.
> To unsubscribe from this group, send email to express-js+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/express-js?hl=en.
>
>
ashish01
Sep 15, 2010, 11:39:07 PM9/15/10
to Express
Actually my bad, but I am very new to node, connect and express. I
went through few examples in connect and the auth was just drop in "as-
is" in express.
Thanks a lot.
/**** Pasting code here as it may help someone else ***/
var express = require('express'),
auth= require('connect-auth');
var getPasswordForUserFunction= function(user, callback) {
var result;
if( user == 'foo' )
result= 'bar';
callback(null, result);
}
var app = express.createServer(
auth(
[auth.Basic({getPasswordForUser: getPasswordForUserFunction})]
),
//express.cookieDecoder(),
//express.session(),
//express.logger(),
express.staticProvider());
app.get('/', function(req, res) {
req.authenticate(['basic'], function(error, authenticated) {
console.log(JSON.stringify(error));
console.log(JSON.stringify(authenticated));
var obj = ["1","2","3","4"];
var body = JSON.stringify(obj);
res.writeHead(200, {
"Content-Type": "application/json",
});
res.end(body);
});
});
app.listen(3000);
went through few examples in connect and the auth was just drop in "as-
is" in express.
Thanks a lot.
/**** Pasting code here as it may help someone else ***/
var express = require('express'),
auth= require('connect-auth');
var getPasswordForUserFunction= function(user, callback) {
var result;
if( user == 'foo' )
result= 'bar';
callback(null, result);
}
var app = express.createServer(
auth(
[auth.Basic({getPasswordForUser: getPasswordForUserFunction})]
),
//express.cookieDecoder(),
//express.session(),
//express.logger(),
express.staticProvider());
app.get('/', function(req, res) {
req.authenticate(['basic'], function(error, authenticated) {
console.log(JSON.stringify(error));
console.log(JSON.stringify(authenticated));
var obj = ["1","2","3","4"];
var body = JSON.stringify(obj);
res.writeHead(200, {
"Content-Type": "application/json",
});
res.end(body);
});
});
app.listen(3000);
Robbie Clutton
Sep 16, 2010, 4:48:40 AM9/16/10
to Express
Is that correct that you have to have password in plain text? Can you
store it encrypted and store outside of the code, e.g. in a file or
db ?
store it encrypted and store outside of the code, e.g. in a file or
db ?
Validatorian
Sep 16, 2010, 2:21:26 PM9/16/10
to Express
You would generally use a database of some sort to pull the password
based on the username, I think this is just a simple example to show
what it expects.
based on the username, I think this is just a simple example to show
what it expects.
Ciaran
Sep 16, 2010, 7:56:24 PM9/16/10
to expre...@googlegroups.com
Yeah spot on, http basic and digest just require a function that is
handed the username and password that the client has passed to the
server. One would normally expect that function to look up the user
from some sort of persistent store, pull out a user specific salt,
concatenate it in some way with the password given, apply a hashing
function to that string (them optionally encrypt the hashed value,
purely to slow down the hashing operation) then compare this hashed
value against the value stored.... Never save the password, if the
password is never used to access 3rd parties there can be no reason to
store it ;)
handed the username and password that the client has passed to the
server. One would normally expect that function to look up the user
from some sort of persistent store, pull out a user specific salt,
concatenate it in some way with the password given, apply a hashing
function to that string (them optionally encrypt the hashed value,
purely to slow down the hashing operation) then compare this hashed
value against the value stored.... Never save the password, if the
password is never used to access 3rd parties there can be no reason to
store it ;)
Does that help!
- cj
Robbie Clutton
Sep 17, 2010, 7:40:20 AM9/17/10
to Express
oh right, I just got thrown by returning 'bar' it looked for a moment
that it was returning what would have been the password, but I see now
that it's just the callback authenticated variable.
Thanks
Hope you're enjoying your honeymoon Ciaran.
Robbie
that it was returning what would have been the password, but I see now
that it's just the callback authenticated variable.
Thanks
Hope you're enjoying your honeymoon Ciaran.
Robbie
Robbie Clutton
Sep 17, 2010, 12:24:39 PM9/17/10
to Express
wait, sorry. In this example, is the handler expecting a password to
be returned? Looking at your code at basic.js, it gets the cleartext
password from that function and does a comparison against that.
Shouldn't it be the case that the password is passed into that
function and it returns a boolean?
Robbie
be returned? Looking at your code at basic.js, it gets the cleartext
password from that function and does a comparison against that.
Shouldn't it be the case that the password is passed into that
function and it returns a boolean?
Robbie
Reply all
Reply to author
Forward
0 new messages