Example repo with Passport.js

[MichaelJCole]

Hi Kartik, my name's Michael.

I'm making a websocket app and interested in using hyper-express, and looking for a reference implementation for authentication.

My plan so far is to authenticate over REST, then use the REST token to authorize the websocket on connection.

I forked the Passport.js 'local' example repo and started hacking, but I got stuck in the weeds.
https://github.com/MichaelJCole/hyper-express-sessions-passport-local

Is a better place to start?
Do you have an authentication example?
Would you be interested in collaborating a small example over github/discord/slack?

Thank you for this cool project Kartik!

[kartikk221]

Hi Michael,

HyperExpress is essentially a platform on which you can build out any features you need since it is unopinionated. So for example, If you wanted to use EJS templates for rendering with EJS, you would simply have a middleware which would create/inject the render method into all incoming requests. Below is an example of a full rendering system powered with LiveDirectory and EJS:

const server = new HyperExpress.Server();
const ejs = require('ejs');
const LiveDirectory = require('live-directory');

// Create a live directory instance which will load all EJS template files into memory
const templates = new LiveDirectory({
    path: './path/to/ejs-templates/',
    keep: {
         extensions: ['.ejs'] // We only want to load in .ejs files into memory
    }
});

// Create a helper function which can be used to render an EJS template file and send response
function render_ejs_template(response, path, parameters) {
    // Retrieve the EJS template file from live directory instance
    const file = templates.get(path);
    if (file == undefined) throw new Error('Invalid EJS file path received when trying to render a template');

    // Render the template file content into html and send it as a response with proper mime type
    const html = ejs.render(file.content, parameters);
    return response.type('html').send(html);
}

// Bind a global middleware which will attach our helper method into all incoming requests
server.use((request, response, next) => {
    // Inject the render method onto the response object on each request
    response.render = (path, parameters) => render_ejs_template(response, path, parameters);
    next();
});

// Then anywhere in your code/application logic on any route you can use the render method like this
server.get('/news/latest', (request, response) => {
    // Run some of your own processing code here

    // Render the html content and send as response
    response.render('/news-template.ejs', {
        some_param: true,
        some_param_two: 'something'
    });
});

In regards to authentication, If you need to work with cookie based sessions then you can use the official hyper-express-session middleware. While the official hyper-express-session is built for cookie based session transport, you could in theory use it situationally with any means of token transport like this:

const SessionEngine = require('hyper-express-session');
const TestEngine = /* Assume this is a SessionEngine instance with proper methods attached */

// Example of a route which creates the session
webserver.post('/session/create', async (request, response) => {
   // Perform some authentication here to ensure this request is good to go for creating a session

   // Initiate a new session
   await request.session.start();
    
   // Store some data in this session
   request.session.set({
       account_id: 'some_account_id',
       some_param: 'some_data',
       some_other_param: 'some_other_data'
   });

   // Send the signed session id as a token to the requester
   // Be sure to only return the signed id, so in the future we can unsign this id with our session engine secret for security
   return response.json({
        token: request.session.signed_id
   });
});

// Example of a route which loads a previously created session through a provided token rather than cookie header
webserver.post('/api/user/some-endpoint', async (request, response) => {
     // Retrieve the token from somewhere in the request as sent by the requester
     const token = request.headers['x-access-token'];
     
     // Resume a session by setting the signed id to the received token
     request.session.set_signed_id(token);
     await request.session.start();

     // We can check that the user provided token is a valid session by checking if it is stored in our database
     // Or we can also just check the data of the session to see if its a valid session
     if (!request.session.stored || request.session.get('account_id') == undefined)
         return response.status(403).json({
             code: 'UNAUTHENTICATED',
             message: 'Please provide a valid access token'
         });

     // The user has been verified so run the rest of your logic here with the session data as needed
});

Hope the above two examples give some clarity on how you can go about implementing rendering and authentication in you repository.

[MichaelJCole]

Thanks Kartik, I going to try splitting the auth and websockets code into two different processes and mount them at /auth and /ws as micro-services.

There is for sure a way to do both in the same process. Here is as far as I got: https://github.com/MichaelJCole/hyper-express-sessions-passport-local

[kartikk221]

Oh, you should 100% be able to create websocket routes and normal routes in the same process and on the same Server instance. I currently run two production web applications which have normal HTTP routes and a websocket route on the same Server instance. Websocket routes aren't anything special as they are just incoming HTTP Upgrade requests which then get turned into a websocket based connection with uWebsockets.js hence they can operate along with normal HTTP routes perfectly.