Basic user login for express apps using mongoose

Usage no npm install needed!

<script type="module">
  import expressMongooseAuth from '';



Username/password auth for express apps with Mongoose-backed user models

Getting Started

Install the module with npm (soon...)

Model Setup

express-mongoose-auth assumes you have some sort of User model backed by Mongoose.

Define your schema as normal. Note that express-mongoose-auth requires you to have salt and hashed_password String attributes:

var mongoose = require('mongoose');

var userSchema = new mongoose.Schema({
  email: String,
  hashed_password: String,
  salt: String

Before defining the model with mongoose#model:

var auth = require('express-mongoose-auth');


This will define methods to facilitate password hashing, validation, etc. Finally, declare the model as normal:

mongoose.model('User', userSchema);

Route setup

In your routes, first you'll want to log users in:

var app = require('express')();

...'/login', function(req, res) {
  auth.loginUser(req, res, {
    password: req.body.password,
    default_redirect: '/something_you_need_to_be_logged_in_to_see',
    user_model: User // optional, defaults to mongoose.model('User')
  }, function(err) {
    if(err) {
      if(err.type == 'AuthenticationFailure') {
        res.status(400).send('denied'); // or however you'd handle that
      } else {

Then, in your routes you want to require authentication in:

var myRequireUser = function() {

  // This generates standard express middleware with a signature of (req, res, next)
  return auth.requireUser({
    login_url: '/my_different_login_url', // optional, defaults to '/login'
    user_model: User                      // optional, defaults to mongoose.model('User')

app.get('/something_you_need_to_be_logged_in_to_see, myRequireUser(), function(req, res) {
  res.status(200).send('Welcome, authenticated user!');


  • Use bcrypt
  • Entitlements support
  • Lots