@3merge/express-auth-middleware 中文文档教程
Authentication middleware
正在进行中!
The user model
区分用户模型(首选方法)为所有文档分配一个kind 属性。 我建议也使用此模块中的装饰器函数来获取/设置基础中的属性。
Schema
| Property | Type | Description | Default |
|---|---|---|---|
| active | boolean | System-generated to keep track of "deleted" users | true |
| email* | string | Self-explanatory | null |
| firstName* | string | Self-explanatory | null |
| frozen | boolean | Somewhat of an alias for active, only setting it does not affect other properties | false |
| lang | string | The preferred locale (en-CA or fr-CA). | en-CA |
| lastName* | string | Self-explanatory | null |
| loginAttempts | number | Used to block excessive login attempts (< 5) | 0 |
| password | password | Used to authenticate | null |
| secret* | string | Used to read and write JWT tokens. Nullifying this would destroy all active sessions | null |
| verified | boolean | Represents the validity of an email address. Login attempts are blocked without verification | false |
Methods
| Name | Description | Return |
|---|---|---|
await Model.findByEmail(string) | Lookup active users by email address | object |
await Model.findUnverifiedByEmail(string) | Lookup unverified users by email | object |
await Model.findVerifiedByEmail(string) | Lookup verified users by email | object |
await Model.findVerifiedById(string) | Lookup verified users by id | object |
await doc.setSecret() | Generate secret token | object |
await doc.verifyPassword(string, boolean) | Compare string against stored password. Throws error if second parameter is true | boolean |
await doc.deactivate() | Deletes a user for most intents-and-purposes | object |
doc.isBlocked | Is the user allowed to login? | boolean |
doc.hasExpired | Has more than 24 hours elapsed since requesting verification? | boolean |
doc.isPermitted | Does the user have all the necessary properties to login? | boolean |
Authentication middleware
Work in progress!
The user model
Discriminating the user model, the preferred approach, assigns a kind property to all documents. I recommend using the decorator functions in this module to get/set properties in the base as well.
Schema
| Property | Type | Description | Default |
|---|---|---|---|
| active | boolean | System-generated to keep track of "deleted" users | true |
| email* | string | Self-explanatory | null |
| firstName* | string | Self-explanatory | null |
| frozen | boolean | Somewhat of an alias for active, only setting it does not affect other properties | false |
| lang | string | The preferred locale (en-CA or fr-CA). | en-CA |
| lastName* | string | Self-explanatory | null |
| loginAttempts | number | Used to block excessive login attempts (< 5) | 0 |
| password | password | Used to authenticate | null |
| secret* | string | Used to read and write JWT tokens. Nullifying this would destroy all active sessions | null |
| verified | boolean | Represents the validity of an email address. Login attempts are blocked without verification | false |
Methods
| Name | Description | Return |
|---|---|---|
await Model.findByEmail(string) | Lookup active users by email address | object |
await Model.findUnverifiedByEmail(string) | Lookup unverified users by email | object |
await Model.findVerifiedByEmail(string) | Lookup verified users by email | object |
await Model.findVerifiedById(string) | Lookup verified users by id | object |
await doc.setSecret() | Generate secret token | object |
await doc.verifyPassword(string, boolean) | Compare string against stored password. Throws error if second parameter is true | boolean |
await doc.deactivate() | Deletes a user for most intents-and-purposes | object |
doc.isBlocked | Is the user allowed to login? | boolean |
doc.hasExpired | Has more than 24 hours elapsed since requesting verification? | boolean |
doc.isPermitted | Does the user have all the necessary properties to login? | boolean |
