lockit-login-auth

login and logout module for lockit, adds cookie authentication

Usage no npm install needed!

<script type="module">
  import lockitLoginAuth from 'https://cdn.skypack.dev/lockit-login-auth';
</script>

README

Lockit login

Build Status NPM version

Log in users to your Express app. The module is part of Lockit.

Installation

npm install lockit-login

var Login = require('lockit-login');
var utils = require('lockit-utils');
var config = require('./config.js');

var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);

var app = express();

// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
  secret: 'this is my super secret string'
}));

// create new Login instance
var login = new Login(config, adapter);

// use login.router with your app
app.use(login.router);

// listen to events [optional]
login.on('login', function(user, res, target) {
  res.send('Welcome ' + user.name);
})

Configuration

More about configuration at Lockit.

Features

  • two-factor authentication
  • track failed log in attempts
  • lock account after too many failed login attempts
  • track time and ip of log ins
  • redirect unauthorized users to /login and save requested url to session
  • input validation
  • allow login with username and/or email

Routes included

  • GET /login
  • POST /login
  • POST /login/two-factor
  • GET /logout

REST API

If you've set exports.rest in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/login is next()ed and you can catch /login on the client
  • POST /rest/login stays the same but sends JSON
  • POST /rest/login/two-factor stays the same but sends JSON
  • GET /rest/logout sends JSON and you can catch /logout on the client

Test

grunt

License

MIT