Saturday, June 1, 2024
Homepage · node.js
 Popular · Latest · Hot · Upcoming
57
rated 0 times [  59] [ 2]  / answers: 1 / hits: 18051  / 10 Years ago, thu, october 2, 2014, 12:00:00

in the passport [configure authentication] documentation, it has a rather scary-looking function that uses the mysterious function done.'



passport.use(new LocalStrategy(

  function(username, password, done) {

    User.findOne({ username: username }, function (err, user) {

      if (err) { return done(err); }

      if (!user) {

        return done(null, false, { message: 'Incorrect username.' });

      }

      if (!user.validPassword(password)) {

        return done(null, false, { message: 'Incorrect password.' });

      }

      return done(null, user);

    });

   }

));


Now, in the express documentation there are quite a few methods that pass something called next. 



app.use(function(err, req, res, next){

  console.error(err.stack);

  res.status(500).send('Something broke!');

});


Is this the difference between the two frameworks, express and passport? Or are they doing two separate things?


More From » node.js
 Answers
51

Is this the difference between the two frameworks, express and passport?


No they are different in the purpose for which they are used for. Express is used as a application framework on node.js where as passport just handles the authentication part of a web application.


about next()


next() is part of connect which inturn is an express dependency. The purpose of calling next() is to trigger the next middle ware in express stack.


To understand the next() concept in an easier way, you could look at a sample app built on express here.


as you can see in the line pointed the application uses a route level middleware to check whether the user is logged in or not.


app.get('/account', ensureAuthenticated, function(req, res){

Here ensureAuthenticated is the middleware which is defined at bottom like


function ensureAuthenticated(req, res, next) {

  if (req.isAuthenticated()) { return next(); }

  res.redirect('/login')

}

as you can see if the user is authenticated the function invokes next() and passes control to the next layer in route handler written above, else it redirects to another route even without invoking the next()


about done()


done() on the other hand is used to trigger the return url handlers that we write for passport authentication. To understand more on how done works you could look at the code samples at passport here and check the section titled Custom Callback


app.get('/login', function(req, res, next) {

  passport.authenticate('local', function(err, user, info) {

    if (err) { return next(err); }

    if (!user) { return res.redirect('/login'); }

    req.logIn(user, function(err) {

      if (err) { return next(err); }

      return res.redirect('/users/' + user.username);

    });

  })(req, res, next);

});

Here the second parameter to passport.authenticate is the definition of done() that you are going to call from the passport strategy.


note


Here going through the sample codes in the two links I provided above have helped alot in understanding its behavior than the docs. I would suggest you to do the same.


[#69262] Tuesday, September 30, 2014, 10 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
calicinthias
Add To Favorites
Follow
Total Points: 447
Total Questions: 101
Total Answers: 118
Location: Botswana
Member since Sat, Dec 31, 2022
1 Year ago
calicinthias questions
Sun, Jan 2, 22, 00:00, 2 Years ago
Wed, Jan 13, 21, 00:00, 3 Years ago
Mon, Aug 10, 20, 00:00, 4 Years ago
Tue, Jul 14, 20, 00:00, 4 Years ago
Fri, Jun 26, 20, 00:00, 4 Years ago
View All
;