Hello all,
This is a new tutorial on Sails . Many of you were asking how to implement authentication in Sails. Here i’ve an awesome tool called Waterlock which enables easier authentication methods.
What is Waterlock ?
As its official website says , Waterlock is an all encompassing user authentication/json web token management tool, built for Sails. It provides user authentication , json webtokens and customisation.Waterlock provides you nice generators, so you can get up and running fast spend less time building structure and more time working on features!
So let’s get started.
Create a sails app
sails new authapp
Move to the Sails app directory.
Waterlock Installation
As every other node module , waterlock is also installed using npm. You have an advantage here, that this tool is exclusively built for Sails.
npm install waterlock
Authentication itself is handled via modular libraries, making Waterlock more lightweight. The current auth libraries are listed below.
Method | Library |
---|---|
Local Auth | waterlock-local-auth |
Twitter Auth | waterlock-twitter-auth |
Facebook Auth | waterlock-facebook-auth |
Using Local Auth
Install local auth.
npm install waterlock-local-auth
Generate local auth
The executable script provided with Waterlock ./node_modules/.bin/waterlock
gives you all the power you need to generate the different components of Waterlock.
Execute the command -
./node_modules/.bin/waterlock generate
You will see the list of resources Waterlock provides you.These are generated dynamically based on the auth method you have used. Let us choose all
for now.
./node_modules/.bin/waterlock generate all
Now you can see the list of files generated by waterlock.
Let us see the config file now.You have following options
-
baseUrl
- this is the URL your app resides at, used in password reset urls -
jsonWebTokens
- object containing information on how the jwt's should be constructed
Configure with your app secret
.
Let us try authentication now. Create a new api post
sails generate api post
In Post Controller file add new function restricted
as given below.
/**
* PostController
*
* @description :: Server-side logic for managing posts
* @help :: See http://links.sailsjs.org/docs/controllers
*/
module.exports = {
restricted:function(req,res){
return res.ok("If You can see this you are authenticated");
},
open:function(req,res){
return res.ok("This is open to all!!!");
}
};
Now let us apply some policies here . Sails uses basic sessionAuth. So we will add this to policies file in sails.
/**
* Policy Mappings
* (sails.config.policies)
*
* Policies are simple functions which run **before** your controllers.
* You can apply one or more policies to a given controller, or protect
* its actions individually.
*
* Any policy file (e.g. `api/policies/authenticated.js`) can be accessed
* below by its filename, minus the extension, (e.g. "authenticated")
*
* For more information on configuring policies, check out:
* http://sailsjs.org/#!documentation/
*/
module.exports.policies = {
'*': true,
PostController:{
restricted:['sessionAuth'],
open:true
}
};
Let us lift the app again.Let us see what happens.
Let us go to http://localhost:1337/post/open
You can see the following
Yeah !!! This is open to all users . So let us see what happens when we load our restricted page.
http://localhost:1337/post/restricted
Yeah!!! Authentication works. You see the restricted access page. So now let us create a user and check whether the authentication works correct.
Create a user
You can create a user by POSTing data to http://localhost:1337/auth/login
.
I’ve used POSTMAN for creating a post request to the AuthController
You’ll be automatically logged in when you create a user. So let us check the restricted
page once again.
Yeah!!! It works perfect. This was a tutorial developed on Session based authentication adapted from the Intro given by Waterlock. Let us see how to create a JSON token based authentication and create a complete user login/registration system with Waterlock,Angular and obiviously Sails in next tutorials.
So this is the end of this tutorial. Let us see in the next tutorial, bye :)