users.json
{
"tobi": {
"password": "ferret",
"name": "Tobi Holowaychuk"
}
}
session.js
var connect = require('connect')
var users = require('./users')
var server = connect(
connect.logger('dev'),
connect.bodyParser(),
connect.cookieParser(),
connect.session({secret: 'my app secret'}),
function(req, res, next) {
if ('/' == req.url && req.session.logged_in) {
res.writeHead(200, {'Content-Type': 'text/html'})
res.end('Welcome back, ' + req.session.name + '<a href="/logout">Logout</a>')
} else {
next()
}
},
function(req, res, next) {
if ('/' == req.url && 'GET' == req.method) {
res.writeHead(200, {'Content-Type': 'text/html'})
res.end([
'<form action="/login" method="POST">',
'<input type="text" name="user">',
'<input type="password" name="password">',
'<button>Submit</button>',
'</form>'
].join(''))
} else {
next()
}
},
function(req, res, next) {
if ('/login' == req.url && 'POST' == req.method) {
res.writeHead(200)
if (!users[req.body.user] || req.body.password != users[req.body.user].password) {
res.end('Bad username/password')
} else {
req.session.logged_in = true
req.session.name = users[req.body.user].name
res.end('Authenticated!')
}
} else {
next()
}
},
function(req, res, next) {
if ('/logout' == req.url) {
req.session.logged_in = false
res.writeHead(200)
res.end('Logged out')
} else {
next()
}
}
)
server.listen(3000)