So you got a really cool idea for an app or a service. You get all fired up, talk to your friends about, write down some bullet points and run that exciting git init
command in an empty folder. One of the first things you are most likely to in the very near future is begin working on some kind of user login and registration process.
Of course, passport.js is great when you can leverage external authentication, but otherwise you are stuck rolling your own system… After a while you find yourself doing it over and over again. How boring! Wouldn’t it be nice if somebody finally just wrote a module that you could plugin into your express app that would take care of all this user registration stuff?
Well, look no further than lockit , which is a collection of modules written by that helps you with initial user registraion and password management flow.
npm install lockit
Features
- Supports multiple database adapters (MongoDB, CouchDB, SQL).
- Sends confirmation emails.
- Manages email address verification with verification link expiration.
- Brings own Bootstrap based views which are easy to customize.
- Account locking after too many failed login attempts.
- Events for
login
,logout
,signup
anddelete
. - Implementation of lots of best pratices.
- REST API
- Authentication for SPAs and CSRF support.
Usage
var Lockit = require('lockit');
var app = express();
// express middleware
// ...
// sessions are required
app.use(express.cookieParser('your secret here'));
app.use(express.cookieSession());
var config = {
db: 'mongodb://127.0.0.1/test',
dbCollection: 'users'
};
// use middleware before router so your own routes have access to
// req.session.email and req.session.username
var lockit = new Lockit(app, config);
// you now have all the routes like /login, /signup, etc.
// and you can listen on events. For example 'signup'
lockit.on('signup', function(user, res) {
console.log('a new user signed up');
// set signup.handleResponse to 'false' for this to work
res.send('Welcome!');
});
app.use(app.router);
// continue with express middleware
// ...
Emails
By default of course emails aren’t being sent. That means that you won’t receive any signup and password reset tokens. To send emails you need an email server and you have pass the right settings:
With mailgun you can send up to 10,000 emails per month for free. emailSettings
– see nodemailer for more information.
config = {
emailType: 'SMTP',
emailSettings: {
service: 'Mailgun',
auth: {
user: 'postmaster@username.mailgun.org',
pass: 'secret-password'
}
}
}
Custom views
Lockit comes with built-in views which are based on Bootstrap. If you want to use your own custom views you can. It is dead simple. Put them into your views
folder, for example views/lockit/myLogin.jade
.
config = {
login: {
route: '/login',
logoutRoute: '/logout',
views: {
login: 'lockit/myLogin.jade',
loggedOut: 'lockit/myLogoutSuccess.jade'
}
}
}
Routes included
From lockit-signup
- GET /signup
- POST /signup
- GET /signup/:token
- GET /signup/resend-verification
- POST /signup/resend-verification
From lockit-login
- GET /login
- POST /login
- GET /logout
- GET /forgot-password
- POST /forgot-password
- GET /forgot-password/:token
- POST /forgot-password/:token
- GET /delete-account
- POST /delete-account
Closing thoughts
I love how customizable lockit is and yet comes with very reasonable defaults. It’s has pretty much everything you need to get started with basic user registration and password management flow. Checkout lockit github page for full set of options as well as its associated modules.