vendredi 20 février 2015

Hapi.js (auth-cookie + bell) integration

I'm running into issues trying to get my Hapi.js (8.1) app to integrate bell (2.1) with hapi-auth-cookie (2.0). I've seen a handful of samples on Github and SO, but I swear no combination of any juju I've tried has worked. The only discernible difference between what I'm doing and the samples are the version #s.


The call to the "/user/login/google" endpoint @ [1] seems to function just fine and completes without issue. A subsequent call to the "/user/profile" endpoint @ [2] has no idea that it's authenticated and fails with a 401 Unauthorized.


Has anyone gotten the 2.x versions of these two plugins playing nicely? Or maybe you have some ideas that you'd like to share with a humbled developer?


Controller.js: 



/*
 * [1] This gets called first (and appears? to complete without error)
 */
server.route({
  method: 'GET',
  path: '/user/login/google',
  config: {
    handler: function(request, reply) {
      var email = request.auth.credentials.profile.email;
      ProfileService.findByEmail(email, function(profile) {
        request.auth.session.set(profile);
        reply.redirect(request.headers.referer);
      });
    },
    auth: 'google'
  }
});

/*
 * [2] This gets called second (and fails /w a 401 Unauthorized)
 */
server.route({
  method: 'GET',
  path: '/user/profile',
  config: {
    handler: function(request, reply) {
      var email = request.auth.credentials.email;
      ProfileService.findByEmail(email, function(profile) {
        reply(profile);
      });
    },
    auth: 'session'
  }
});


server.js: 



var server = function(config) {
  var _server = new Hapi.Server();
  // Setup basic info
  _server.connection({
    routes: {cors: true}, 
    host: config.server.host, 
    port: config.server.port 
  });
  // Setup Cookie-based auth strategy
  _server.register(HapiAuthCookie, function(error) {
    _server.app.cache = _server.cache({ 
      segment: 'sessions', 
      expiresIn: 3 * 24 * 60 * 60 * 1000
    });
    _server.auth.strategy('session', 'cookie', {
      password: config.iron.password,
      isSecure: config.secure,
      cookie: 'sid'
    });
  });
  // Setup OAuth-based auth strategies
  _server.register(Bell, function(error) {
    _server.auth.strategy('google', 'bell', {
        provider: 'google',
        password: config.iron.password,
        clientId: config.google.oauth.appId,
        clientSecret: config.google.oauth.secret,
        isSecure: config.server.secure
    });
  });
  return _server;
}(Config);

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)