node server side auth for SPA apps (angular, react, ..)
Last updated 4 years ago by vencax .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install node-spa-auth 
SYNC missed versions from official npm registry.

REST server for SPA apps authentication

build status

Tested with angular, but supposing that all other SPA frameworks have similar possibilities. Based on passport, social auths included. Provides authentication based on jsonwebtoken (JWT). Is express pluggable.


npm install node-spa-auth --save


Config is performed through few environment variables with obvious meaning:


Presence of FBCLIENTID variable unlocks facebook authentication. Similary for TWITTERCONSUMERKEY and GOOGLECLIENTID.

Another env var are used for registration stuff config:

  • EMAIL_TRANSPORTER_USER: email from who emails are sent (default: admin@localhost)
  • EMAIL_TEMPLATE_DIR: directory where email templates are (default: emailTemplates in this project)
  • EMAIL_VALIDATION_TOKEN_DURATION: duration (in minutes) of tokens used in emails
  • FALLBACKLANG: code of fallback language for email template
  • CHPASSWDLINK: url with chage password form
  • PROJECT_NAME: name of your project or team used in email templates
  • TOKEN_VALIDITY_IN_MINS: duration of JWT token in minutes

Rest of env vars are probably defined due to other parts of your app. If not, define following:

  • SERVER_SECRET: random string


Command line interface provided for user creation and modification. Create with e.g.:

node manage_cli.js create \
'{"uname":"saruman","email":"","passwd": "whisperings","gid": 0}'

Update with e.g.:

node manage_cli.js update \
'{"uname":"saruman","change":{"email":"","passwd": "whisper.."}}'


NOTE: this lib DO NOT care how the user is stored. Instead it recieve usermanip object for all user manipulations. See what methodes such object MUST provide.

Routes provided

  • /login : POST (username, password), performs local users login
  • /logout : GET, performs logout
  • /check : POST (email), checks if given email is already registered (can be used on registration form)
  • /register : POST (name, email, password), register new user
  • /userverify : GET, completes user registration process (the link in email)
  • /setpasswd: POST (passwd), change password form
  • /requestforgotten: POST (email), form for requesting reset of pwd

If you want to give a feedback, raise an issue.

Current Tags

  • 0.3.0                                ...           latest (4 years ago)

1 Versions

  • 0.3.0                                ...           4 years ago
Maintainers (1)
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (11)
Dev Dependencies (19)
Dependents (0)

Copyright 2014 - 2017 © |