Setting Up Passport11:38 with Andrew Chalkley
In this video we'll integrate the core of Passport in to our project.
To follow along with me download the project files associated with this video. 0:00 Extract them. 0:06 And open them up in an editor of your choice. 0:11 Also navigate to the project using your favorite command line utility. 0:19 Here we have the beginnings of our application called bookworm. 0:27 It's a website generated with the express generator. 0:34 So to start the app, you can either 0:38 do /bin/www or run npm start. 0:42 To view the application in a web browser, visit localhost port 3000. 0:47 Remember to run npm install to install the dependencies. 0:55 Let’s get you up to speed with the current state of the application. 1:08 Our application will save user information to MongoDB. 1:13 We already have a Mongoose model that defines the user data that we 1:17 want to save. 1:21 As you can see, we've got an email, name, favoriteBook and photo. 1:23 Notice that we don't have a password field. 1:30 This is because we'll be using a user's profile information returned from either 1:32 GitHub or Facebook to authenticate them. 1:36 In the routes folder, we have an index.js 1:40 file that handles the root route about, 1:46 contact, profile, and login routes. 1:51 Passport makes the use a model available to the request object. 1:59 So all of our routes and views has access to that user data. 2:04 The handler I want you to pay close attention to is the profile handler. 2:08 If that is a user the profile page will render. 2:15 If there is no user it will redirect to the login page. 2:20 In the profile view, it also checks if the user exists. 2:29 If it does, it will show the photo and the name. 2:35 As for that navbar included in all the views it checks for the user to. 2:41 At the moment we haven't got a user so it'll display the login links. 2:47 If the user object is present the log out link will appear. 2:52 Now we're up to speed, let's get passport set up. 2:57 Let's install passport. 3:01 And remember to save it with the save flag. 3:06 We also need to install express session. 3:14 This is to store the user while the browser session is still open. 3:21 In this tutorial, we'll be using a persistent session store with MongoDB. 3:29 This will allow users to remain logged in when they return to the site. 3:34 We'll also need to install the connect Mongo middleware to handle the session 3:39 storage in Mongo db. 3:44 Let's get coding. 3:55 In the app.js file, let's require passports at the top. 3:58 Next, let's require express-session. 4:12 Then we need to set up a Mongoose session stall with connect Mongo 4:27 passing in the session. 4:31 We then need to initialize the express-session store. 4:53 Let's do this just after the database connection. 4:57 We want to configure the session for the passport end session storage. 5:12 Let's create an object literal called sessionOptions. 5:18 And give it a secret. 5:28 You should create your own secret, preferably a long phrase or 5:39 a long string of randomized characters, then have the resave. 5:43 And saveUninitialized. 5:51 Keys to be set to true. 6:01 Next we need to initialize the session store by calling the Mongoose 6:07 store constructor, passing in the mongooseConnection db. 6:12 Links are in the teacher's notes on these options. 6:26 Then we'll pass in the session options into the session middleware. 6:30 Now that we have our session setup as middleware, 6:42 it will be available to the Passport middleware. 6:45 First we need to initialize passport. 6:51 This is done by calling the initialize method on the passport object. 7:03 Then we need to restore the passport session. 7:19 This restores the user's previous session, in other words if a user was 7:23 previously signed in this still will be when to return to the site. 7:28 Passport doesn't require sessions to work which is fine if you want a temporary 7:41 authorization for a one of request. 7:46 For example, if you were running a competition or online poll, and 7:48 all you wanted was to get a participant's email to register an entry or a vote. 7:53 But in most instances, where you have a user model and they return to your site 7:58 frequently, you'll want to have sessions to remember users. 8:03 They don't need to be constantly signing in and being asked for 8:07 authorization every time they come back to the site. 8:11 In order for passport to handle sessions, you need to implement two methods. 8:17 SerializeUser and 8:26 deserialize user. 8:30 To serialize something is to translate a data structure for storage. 8:40 In this case a session storage. 8:45 To read the data again you need to deserialize or 8:49 reconstruct the stored data. 8:52 The serialized user method requires a function with two arguments. 8:55 User, and done. 9:05 The user could be something complex like a Mongoose or 9:11 sequelize model, in our case, it a mongoose model. 9:14 The done argument is a call back function which takes two values and 9:19 ever add a translation you want to store in the session. 9:24 We're going to pass null for the error, 9:30 and then the users_id property. 9:35 The user_id property is ideal for our app, because it's the smallest amount 9:40 of information required to reconstruct a user object at a later date. 9:45 The destabilize user method takes a function with two arguments. 9:51 A value which was stored in the session. 10:02 And then a call back. 10:08 The value in our case is a userId. 10:12 This is why you'd use your mongoose or sequalize models to find the user. 10:19 We’ll use mongoose’s find by ID method to find the particular users ID. 10:25 We can then call done when the user is found. 10:44 The done callback will either pass an error to the express middleware that 10:48 handles errors or the user model that will be added to the request object so 10:53 it's accessible to the route handlers and views, 10:58 We can pass the done as a callback since the done's function parameters 11:08 are the same as Mongoose's callback parameters, error and 11:12 then the document returned. 11:16 Now that we've got Passport sets up with sessions, 11:25 it's time to use the Passport strategies for GitHub and 11:29 Facebook to allow users of our site to sign in with their social accounts. 11:32
You need to sign up for Treehouse in order to download course files.Sign up