Sails.js hook for JWT-based authentication, for humans.
If you're looking for using JSON Web Tokens on your Sails apps, you're on the right place.
Install with
$ npm install sails-hook-kimyjwt
And then create the config on config/kimyjwt.js
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id", // This is an attribute in the model
passportLike: false // defaults to true
}Next, you should only add the kimyjwt policy to the routes you require the
authentication and you're done:
'get /user/protected/route': [{
policy: 'kimyjwt'
}, {
controller: 'UserController',
action: 'mySecureRoute'
}]If you enable the Passport.js-like API then you can use the req.user object
as you usually do in a Passport.js-based application:
// UserController
module.exports = {
secureRoute: function(req, res) {
res.json({
success: true,
message: "Welcome, " + req.user.name // Name is a property in the model
});
}
};With the passportLike option enabled, the hook can attach the full model
object to the req.user object. This adds the possibility to the following
code to be used:
// someController.js
module.exports = {
myRoute: function(req, res) {
req.user.someMethodInTheModel();
// ...
res.json({
"success": true,
"message": "Well done, " + req.user.name + "!"
});
}
};For doing so just add the magicObject setting to true in the options
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id", // This is an attribute in the model
passportLike: true, // defaults to true
magicObject: true // defaults to false
}If you'd like to get the data contained in the JWT Payload in your controllers,
then you should only enable the option passPayloadInReq (which defaults to
false) in the config file for the module.
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id",
passportLike: true,
passPayloadInReq: true
}So the following code can be used:
// someController.js
module.exports = {
myRoute: function(req, res) {
var issuedAt = req.payload.iat;
console.log("This token was issued at: " + new Date(issuedAt));
res.json({
message: "I think we're all good right now"
});
}
};If you create a unauthorized response in the api/responses folder you can
use it instead of the traditional more Express.js-styled response included
by default in the module. So, if your response is defined this way:
// unauthorized.js
module.exports = function unauthorized (data, options) {
var req = this.req;
return res.status(401).json({
authorized: false,
message: "You shall not pass"
});
};You can enable this response for being the default one to be sent in the configs
module.exports.kimyjwt = {
// Required
model: "user",
secretField: "secret",
// Optional
idField: "id",
passportLike: true,
useSailsResponses: true
}All PR and Issues are welcome. You can get in touch with @SoyOrlSan too.
(C) 2016, Orlando Sánchez & Jorge Santiago Álvarez, Grupo Jaque.