README
Lockit login
Log in users to your Express app. The module is part of Lockit.
Installation
npm install lockit-login
var Login = require('lockit-login');
var utils = require('lockit-utils');
var config = require('./config.js');
var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);
var app = express();
// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
secret: 'this is my super secret string'
}));
// create new Login instance
var login = new Login(config, adapter);
// use login.router with your app
app.use(login.router);
// listen to events [optional]
login.on('login', function(user, res, target) {
res.send('Welcome ' + user.name);
})
Configuration
More about configuration at Lockit.
Features
- two-factor authentication
- track failed log in attempts
- lock account after too many failed login attempts
- track time and ip of log ins
- redirect unauthorized users to /login and save requested url to session
- input validation
- allow login with username and/or email
Routes included
- GET /login
- POST /login
- POST /login/two-factor
- GET /logout
REST API
If you've set exports.rest
in your config.js
the module behaves as follows.
- all routes have
/rest
prepended GET /rest/login
isnext()
ed and you can catch/login
on the clientPOST /rest/login
stays the same but sends JSONPOST /rest/login/two-factor
stays the same but sends JSONGET /rest/logout
sends JSON and you can catch/logout
on the client
Test
make test
License
MIT