Add API Authentication in SailsJS

Prerequisites

This tutorial is related to "Create RESTful API in less than 5 minutes with sailsjs". And i'm forgot to mention which version of sailsjs, i'm using sails ~0.11.x when i writing this blog.

Before we going further, if you are following my previous tutorial and not creating new project for this tutorial, then you need to delete user model under api/models/, because we are gonna using npm sails-generate-auth which will automatically create a user model for us.

Install the packages

You can just following this section or looking at to the original documentation

  1. Install authentication generator
    npm install sails-generate-auth
  2. Run the auth generator
    sails generate auth
    the command above will generate boilerplate that need it for authentications as shown below: . ├── api │ ├── controllers │ │ ├── AuthController.js │ ├── models │ │ ├── Passport.js │ │ ├── User.js │ ├── policies │ │ ├── bearerAuth.js │ │ ├── passport.js │ │ ├── sessionAuth.js │ ├── responses │ ├── services │ │ ├── protocols │ │ │ ├── bearer.js │ │ │ ├── cas.js │ │ │ ├── index.js │ │ │ ├── local.js │ │ │ ├── oauth.js │ │ │ ├── oauth2.js │ │ │ ├── openid.js │ │ ├── passport.js ├── assests ├── config │ ├── env │ ├── locales │ ├── passport.js │ ├── ... ├── node_modules ├── tasks ├── views │ ├── auth │ │ ├── login.ejs │ │ ├── register.ejs │ ├── ...
  3. then we need to add the following line on config/bootstrap.js in order to load your Passport on startup:
    sails.services.passport.loadStrategies();

    And also add routes, config/routes.js:
    'get /login': 'AuthController.login', 'get /logout': 'AuthController.logout', 'get /register': 'AuthController.register',
    'post /auth/local': 'AuthController.callback',
    'post /auth/local/:action': 'AuthController.callback',
    //actually we don't need this code below for this tutorial 'get /auth/:provider': 'AuthController.provider',
    'get /auth/:provider/callback': 'AuthController.callback',
    'get /auth/:provider/:action': 'AuthController.callback',
  4. add the policies of the authentication, config/policies.js, like so:
    ' * ': ['passport', 'sessionAuth'],
    'auth': { '*': ['passport'] },
  5. Next, we need to install passport, bcryptjs and validator packages from npm.
    npm install passport
    npm install bcryptjs
    npm install validator
    If you check on config/passport.js you will see all authentication prepared for you by sails-generate-auth, but in this tutorial we are only need passport-local and passport-http-bearer, so its up to you whether you're gonna install all of it or not, but i'll just install these and commend the rest of it.
    npm install passport-local
    npm install passport-http-bearer
    and now we're done for installing packages and it's time for testing our authentication.
Running the API auth

First, we need to create controller for our user model, api/controllers/UserController.js.

Then, we need to modified our config/policies.js like so:
' * ' : ['passport', 'sessionAuth'], 'auth': {
'*' : ['passport']
},
'UserController' : {
' * ': ['passport','bearerAuth']
}

Run sails list and choose prompt: 3 to clean our previous data.

  • Type http://localhost:1337/register and registering your username, email, and password (alphanumeric). In this process, by default the system will generate your accessToken and hashing your password.
  • You can do login test using your registered data in: http://localhost:1337/login
  • And if you want to access your user data without login (just like Restful API), all you need to do is access_token which already generated for you. To know what is your access token, remove bearerAuth temporary and restart your server, and type http://localhost:1337/user and save the access_token.
  • Put back bearerAuth again, and restart the server. And now you can access your user data using access_token, like so:
    http://localhost:1337/user?id=<id>&access_token=<access_token>

Congratulation! We did it!!

Next: How to use mysql, mongodb, and postgresql in SailsJS

Cendekia P Putra

< Software Developer /> | @cendekiapp | me@cendekiapp.com

Jakarta, Indonesia http://cendekiapp.com