This application supports two authentication strategies: Session-based and Token-based. You can configure options such as the database table, unique sign-in column, strategy type, and more in the app/config/auth.ts file.
const auth: AuthConfig = {
option: "session", // Choose "session" or "token"
table: "users",
uniqueColumn: "email",
strategy: {
token: {
secret: process.env.JWT_SECRET || "secret",
expiresIn: "30d",
useRedis: true,
},
session: {
genid: () => randomUUI(),
useRedis: true,
prefix: "myapp:", // Prefix for RedisStore keys
secret: process.env.SESSION_SECRET || "secret",
resave: false, // Forces session persistence even if unmodified
saveUninitialized: false, // Saves session only if data exists
cookie: {
secure: SecurityPolicy.ssl,
httpOnly: true, // Prevents client-side access to the cookie
maxAge: 90 * 24 * 60 * 60 * 1000, // 3 months in milliseconds
sameSite: "lax",
},
},
},
};
To enable session-based authentication, set option to "session" in app/config/auth.ts.
Login Example:
static async store(request: Request, response: Response, next: Next) {
try {
const { email, password } = request.body;
const user = await SessionService.getUser(email, password); // Validate credentials
const userSession = await useAuth.login({
session: { request, response, next, user },
});
return ApiResponse.success(response, { session: userSession });
} catch (error: any) {
return ApiResponse.error(response, error);
}
}
Route Authentication:
useRouter.get("/", isAuthenticated, (req, res) => res.send("Authenticated"));
Logout Example:
static async destroy(request: Request, response: Response, next: Next) {
try {
await useAuth.logout({ session: { request, session } });
return ApiResponse.success(response, { message: "Logged out" });
} catch (error: any) {
return ApiResponse.error(response, error);
}
}
To enable session-based authentication for full-stack applications, set the option to "session" in app/config/auth.ts.
static async store(request: Request, response: Response, next: Next) {
try {
const { email, password } = request.body;
const user = await SessionService.getUser(email, password); // Validate credentials
// Initiates login and redirects to the specified path
useAuth.login({ request, response, next, user, redirectPath: "/dashboard" });
} catch (error: any) {
console.log(error);
// Handle errors here...
}
}
Use the isAuthenticated middleware to protect routes.
useRouter.get("/dashboard", isAuthenticated, (req, res) =>
res.send("Authenticated")
);
static async destroy(request: Request, response: Response, next: Next) {
try {
// Logs the user out and redirects to the specified path
useAuth.logout({ request, response, next, redirectPath: "/" });
} catch (error: any) {
console.log(error);
// Handle errors here...
}
}
redirectPath specifies where to redirect users after login or logout.To enable token-based authentication, set option to "token" in app/config/auth.ts.
Login Example:
static async store(request: Request, response: Response, next: Next) {
try {
const { email, password } = request.body;
const user = await SessionService.getUser(email, password); // Validate credentials
const userToken = await useAuth.login({
token: { userId: user.id },
});
return ApiResponse.success(response, { token: userToken });
} catch (error: any) {
return ApiResponse.error(response, error);
}
}
Route Authentication:
useRouter.get("/", isAuthenticated, (req, res) => res.render("home"));
Logout Example:
static async destroy(request: Request, response: Response, next: Next) {
try {
const result = await useAuth.logout({
token: { request, response },
});
return ApiResponse.success(response, result);
} catch (error: any) {
return ApiResponse.error(response, error);
}
}
Note: For token-based authentication, use the
Authorizationheader:
Authorization: Bearer, replacing `` with the token returned byAuth.login.
Both session and token strategies support Redis for storing authentication data. To use Redis:
useRedis to true in app/config/auth.ts.app/config/performance.ts.You can further customize Redis-related behavior in the module/auth directory if needed.