passport / todos-express-password Goto Github PK

Todo app using Express and Passport for sign in with username and password.

License: The Unlicense

JavaScript 39.73% EJS 22.38% CSS 37.89%

express passport nodejs sqlite example password

todos-express-password's Introduction

todos-express-password

This app illustrates how to use Passport with Express to sign users in with a username and password. Use this example as a starting point for your own web applications.

Quick Start

To run this app, clone the repository and install dependencies:

$ git clone https://github.com/passport/todos-express-password.git
$ cd todos-express-password
$ npm install

Then start the server.

$ npm start

Navigate to http://localhost:3000.

Tutorial

Follow along with the step-by-step Username & Password Tutorial to learn how this app was built.

Overview

This app illustrates how to build a todo app with sign in functionality using Express, Passport, and the passport-local strategy.

This app is a traditional web application, in which application logic and data persistence resides on the server. HTML pages and forms are rendered by the server and client-side JavaScript is not utilized (or kept to a minimum).

This app is built using the Express web framework. Data is persisted to a SQLite database. HTML pages are rendered using EJS templates, and are styled using vanilla CSS.

When a user first arrives at this app, they are prompted to sign in. Once authenticated, a login session is established and maintained between the server and the user's browser with a cookie.

After signing in, the user can view, create, and edit todo items. Interaction occurs by clicking links and submitting forms, which trigger HTTP requests. The browser automatically includes the cookie set during login with each of these requests.

When the server receives a request, it authenticates the cookie and restores the login session, thus authenticating the user. It then accesses or stores records in the database associated with the authenticated user.

Next Steps

Extend with credential management.

Study todos-express-password-credential-management to learn how to use the Credential Managment API to help the user store and select their password.
Add social login.

Study todos-express-google to learn how to let users sign in with their social network account, using their existing profile and avoiding the need to sign up and repeatedly enter account details.
Add passwordless.

Study todos-express-webauthn to learn how to let users sign in with biometrics or a security key.

License

The Unlicense

Credit

Created by Jared Hanson

todos-express-password's People

Contributors

Stargazers

Watchers

Forkers

mayanksyn juniorkid llwanghong piemonkey jokecamp lijay philipp-l lynxpardina nitinlal tzvika-m nurfarazi rodrigarau bognix giska ddmills kierian zeniagromoff xarsh galdinorosas hanss ttseattle jensworkgit aruncmohan feliks-the-cat mauricionr caiocutrim jawadh-salih dr3am3r kvamsi linkblade0 sherpic ronihcohen miles990 kofidazy gabosdk walkingtospace la-mari christina-regis ianspringer navyvet1125 allierains ilya0 mrparvinsmith madprofit hh747hh julioamorim govo blmandac smuraligs bashmb sokunthearith harithamadhav mdubie lukb paddingme gongxiancao kei-sato shsaci debuiteb xulubo behindthemath niklas-dahl yuanjl bguivarch xuatz rezunenko mfeeney ull-esit-sytw-1617 julianamariemorales konatopic zakimdb gauravbtech dcsu zonkil evonne0211 jmimi prahaladm javorosas chandusekhar verniign rchezrutt88 jrgleason gtatyous hiteshtara gajendra93 ryanj89 hit1st alexwileyy muhammad-zunair pouet-- cardmstr m-tambo brettjnorris djgonza charleswdickstein diaakasem xieyuls suranan jpajuelo mattlong87

todos-express-password's Issues

says port is taken

When I run npm start, with nothing else open I get this:

      throw er; // Unhandled 'error' event
      ^

Error: listen EADDRINUSE: address already in use :::3000
    at Server.setupListenHandle [as _listen2] (net.js:1317:16)
    at listenInCluster (net.js:1365:12)
    at Server.listen (net.js:1451:7)
    at Function.listen (/Users/benfisher/Downloads/todos-express-password-master/node_modules/express/lib/application.js:618:24)
    at Object.<anonymous> (/Users/benfisher/Downloads/todos-express-password-master/app.js:69:5)
    at Module._compile (internal/modules/cjs/loader.js:1015:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
    at Module.load (internal/modules/cjs/loader.js:879:32)
    at Function.Module._load (internal/modules/cjs/loader.js:724:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
Emitted 'error' event on Server instance at:
    at emitErrorNT (net.js:1344:8)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  code: 'EADDRINUSE',
  errno: 'EADDRINUSE',
  syscall: 'listen',
  address: '::',
  port: 3000
}
[nodemon] app crashed - waiting for file changes before starting...```

duplicate query to the user table

Thanks for this great example. I got it to work as intended, however, I noticed after a successful login, every time we load a page, there are 2 queries issued to the user table. It is a SELECT * ... WHERE id = xyz.

I understand that we want to fetch the user record from the DB based on the user id stored in the session, but how can we eliminate one query?

findById is relying on array position and not on user id

The findById method uses records[idx] to get a specific user record, but that only works if there are no gaps in the user id list, as in [ { id: 1 } , { id: 3 } ], which is common with autonumeric fields in databases. Maybe it would be better to remove findById from the example and use only findByUsername?

where can I find out serialized session in my hard disk?

just want to take a look how serialized session looks like but i don't know where i can find it out.
can you help?

Use of process.nextTick() at db/users.js

@jaredhanson Is the use of process.nextTick() at db/users.js necessary?

It seems you have clarified the addition of nextTick on a stack overflow question.
https://stackoverflow.com/questions/20743348/passport-js-and-process-nexttick-in-strategy

Maybe we should add a comment stating the reason of usage.

A lot has changed regarding the execution of nextTick since Node v12. Should we shift to the use of setImmediate()(since nextTick gets executed immediately in the current phase itself of the event loop)?

PS: I am a beginner. I am pondering around to improve my knowledge on the subject. Cheers.

Database is insecure - passwords in plain text

A server should never hold passwords in plain text. This is example code and should not be used as is. Storing passwords in plain text that are hard coded is not good practice.

I think the readme should clearly state that a proper salt and hash function should be used and that this example is not for production use. Many new coders might use this example as is and it would not be appropriate.

How this be used in an existing hyperledger composer angular2 project?

The angular2 project is created from hyperledger composer using the yo hyperledger-composer.

Doesn't work at all

I am trying to use Passport (v0.3.2) and LocalStrategy, I have copied the example code as is and it does not work at all.

I am not getting any errors, but the page keeps loading login every time I hit "Submit".

Putting console.log() inside the function that should find the users has no effect, seems that the function is never called.

The headers:

Weird log out issue

I am facing a weird problem here. I have an app where the login is working fine. But, once I logout I am unable to login back again. If I kill the node server and start again, I am able to signin. Anyone else faced this problem?

How to prevent user from going back using the browser?

Original issue

Link

Description

When the user signs up, the browser should prevent him from going back to the signup or login page.

it doesnt work at all

after login success, the req has no user property, and passport.deserializeUser doesnt run at all

Signing Up Users

Hey Jared Hanson!
I'd love to use your module for login, but I can't figure out how to add users (sign them up)..... I'm doing var loginDb = require('./db'); (your code in db folder) from a Node.js server, and have pushed data from a signUp form I made to the records section of db....and it seems to work temporarily ...but there is nothing permanent about the new users I've created....
Any modules/ advice for signing up new users with this module???
Thanks!!
Sincerely,
Brendan

user.password gives undefined

the password stored in the mongodb is encrypted and it will definitely not match the plain text... also it do not gives that hash it only gives "undefined"

Confusing TypeError req.flash is not a function

Hi Jared, i've been implementing a REST API and need to implement a login route.
I've read the docs and you example here, but I am receiving an error that I can't identify from where it comes from, the error is:

TypeError: req.flash is not a function at allFailed (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport/lib/middleware/authenticate.js:118:15) at attempt (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport/lib/middleware/authenticate.js:167:28) at Strategy.strategy.fail (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport/lib/middleware/authenticate.js:284:9) at Strategy.authenticate (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport-local/lib/strategy.js:75:17) at attempt (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport/lib/middleware/authenticate.js:348:16) at authenticate (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/passport/lib/middleware/authenticate.js:349:7) at Layer.handle [as handle_request] (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/express/lib/router/layer.js:95:5) at next (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/home/caio/Documents/Projetos-Outros/StartupOne/API/API-Pet/node_modules/express/lib/router/layer.js:95:5)

My code is as follows:
//strategy config
passport.use( new localStrategy({
passReqToCallback : true
}, //Here I tried to follow an awnser from stackoverflow, setting req as a parameter, but didn't help me
function(req, username, password, done){
const validate = new ValidateLoginDAO();
//Verify callback
validate.isValidUser({username: username}, (err, user) => {
if(err){ return done(err) }

  if(!user){ return done(null, false, req.flash('signupMessage','!user' )) }

  if(user.senha !== password){ return done(null, false, req.flash('signupMessage','user.senha' )) }

  return done(null, user);
});

}
));
//Middleware imlpementation without session
app.use(passport.initialize());

//POST route
router.post('/login',
passport.authenticate('local', {
session: false,
failureFlash: true
}),
(req, res) => {
console.log('autenticado ->', req.username);
res.json({validado: 'ok'})
});

Thanks a lot!

cookie stays valid, even after logout

I have 2 tabs. I log in on both tabs and go to profil with profil Jack. Then I logout at tab1.
If I do a refresh on tab2 the session seems invalid en it goes correctly to the login page.

If I then login on TAB 1 again, en switch then to TAB2 and do backspace. The profile is
loaded again. I would expect the cookie to be invalid because I started a new session on Tab1.

The express4.x-local-example doesnt seems to look at the session.

I tried to destroy the session with no luck

req.session.destroy(function(err) {
req.logout();
res.redirect('/');
})

Could this be a security problem to? If someone stole my cookie, but I generate a new login. This stolen cookie is working again as soon the new session/cookie logins.

http://localhost:3000/login/password Not found

my code:
`
router.get('/login', (req, res, next) => {
res.render('login')
})

router.post('/login/password', passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login'
}));

router.post('/logout', function (req, res, next) {
req.logout(function (err) {
if (err) { return next(err); }
res.redirect('/');
});
});`

deserializeUser always called

I have: passport.deserializeUser(function(id, cb) {
console.log('deserialize')

when User is logged in succesfully the get('/') and get('/profile'), every request issues an deserialze. I thought the whole point of having sessions the deserialze is only called on a login request.

// from server.js: querying the user record by ID from the database when deserializing.

I'am replacing an older mysql/passport system. The problem was that for every request an deserialize/query request to mysql was issued. Starting from scratch with this (great) example,
this is still an issue.

"ER_BAD_FIELD_ERROR: Unknown column 'NaN' in 'field list'" upon trying to sign up

Hi all,

I have programmed an app that uses local verification with passport and passport-local modules. I have implemented all the steps following a tutorial on the internet but I'm stuck in the error "ER_BAD_FIELD_ERROR: Unknown column 'NaN' in 'field list" that happens every time the code reaches a done method in my defined LocalStrategy. I use MySQL session to store the session in the database and connect-flash module to store data in global variables (I have read that connect-flash is no longer needed since passport already does the process and I have tried by using the notation {type: smth, message: smth}, but still doesn't work!). Then I use ejs as a view engine with express to render session messages in the views, but when the error prompts, the req.flash() doesn't work at all and global variables don't update. Before submitting the issue, I checked all DATABASE queries are working and checked that the request body is arriving well to routers, so any of these things cannot be the problem. Thank you in advance for your help and hope the fix of this issue helps somebody out there.

Main app js

// Good practice to know my process pid
console.log(`Serving with pid ${process.pid}`);

// External module 
const http = require('http');
const url = require('url');
const express = require('express');
const morgan = require('morgan'); 
const cors = require('cors');
const WebSocketServer = require('websocket').server;
const path = require('path');
const session = require('express-session'); 
const passport = require('passport');
const validator = require('express-validator');
const MySQLSession = require('express-mysql-session')(session);
const ejs = require('ejs'); 
const flash = require('connect-flash');

// Our modules
const SERVER = require("./server.js");
const CREDENTIALS = require("./database/credentials.js");
require('./utils/passport');

// Init server services
SERVER.init();

/***************** EXPRESS JS *****************/

// Create ExpressJS app
const app = express(); // We use ExpressJS to deal with requests, since it allows us to manage request in a simpler way and easily serve files to the client

// App settings
app.set('appName', 'Jabbon');
app.set('port', process.env.PORT || 9014);

// Define session properties
var session_properties = {
  secret: 'JabbonSession',
  resave: false, // avoids overwritting the session
  saveUninitialized: false,
  store: new MySQLSession(CREDENTIALS) // Persistent session
}

// View Engine
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// Middleware
app.use(morgan('short')); // To see the request specs
app.use(cors()); // To process cors restrictions
app.use(session(session_properties)); // Initialize session
app.use(flash()); // Allows to easily store data in the session
app.use(passport.initialize());  // Processes signup and login requests
app.use(passport.session()); // Let passport know we are using a session context
app.use(express.urlencoded({extended: false})); // Parses encoded data send with post method through a form
app.use(express.json()); // Parses json data directly to objects


// Global session variables
app.use((req, res, next) =>{
  app.locals.signup_username_error = req.flash('signup_username_error');
  app.locals.signup_password_error = req.flash('signup_password_error');
  app.locals.signup_error = req.flash('signup_error');
  app.locals.login_error = req.flash('login_user_error');
  app.locals.login_error = req.flash('login_error');
  next();
});

// Routers
app.use(require("./routes/routes"));

// Default request folder
app.use(express.static(path.join(__dirname, '../public')));

/***************** HTTP SERVER *****************/

// Create HTTP server
const server = http.createServer(app); // Instead of passing a custom function to manage requests, we pass the express app and let it process the requests for us

// Launch the server
server.listen(app.get('port'), () => SERVER.onReady(app.get('port')));

Routers js

// External modules
const express = require('express');
const passport = require("passport");
const router = express.Router();

// Get routes
router.get('/', (req, res) => {
    res.render("../views/login");
});

router.get('/login', (req, res) => {
    res.render("../views/login");
});

router.get('/signup',  (req, res) => {
    res.render("../views/signup");
});

router.get('/canvas', (req, res) => {
    res.render("../views/canvas");
});

// Post routes
router.post('/signup', passport.authenticate("signup", {
    successRedirect: "/canvas",
    failureRedirect: "/signup",
    failureFlash: true
}));

router.post('/login', passport.authenticate("login", {
    successRedirect: "/canvas",
    failureRedirect: "/login",
    failureFlash: true
}));

// Export module
module.exports = router;

Passport js

// External modules
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;

// Our modules
const SERVER = require("../server.js");
const DATABASE = require("../database/database.js");
const CRYPTO = require("./crypto.js");

// Define signup strategy
passport.use('signup', new LocalStrategy(
{
    usernameField: 'name',
    passwordField: 'password',
    passReqToCallback: true
}, 
async (req, name, password, done) => {

    // Check username
    let [status, result] = await DATABASE.validateUsername(name);

    if (status == "ERROR")
    {
        console.log(result);
        return done(null, false, req.flash('signup_error', 'Something wrong happened. Try again.'));
    }

    console.log("here");
        
    if (result[0].length != 0) return done(null, false, req.flash('signup_username_error', `The username ${name} already exists.`));

    // Check password
    const [check, error] = CRYPTO.check(password);
    if (check == "ERROR") return done(null, false, req.flash('signup_password_error', error));

    // Hash password
    const hashed_password = await CRYPTO.encrypt(password);

    // Push user info into the database
    let user_obj =
    {
        name : name,
        password: hashed_password,
        avatar : "media/images/char1.png",
        room : 1,
        position: 0
    };

    [status, result] = await DATABASE.pushUser(user_obj);

    if (status == "ERROR")
    {
        console.log(result);
        return done(null, false, req.flash('signup_error', 'Something wrong happened. Try again'));
    }

    // Set push query user ID to object and delete password from it
    user_obj.id = result[0].insertId;
    delete user_obj.password;

    // Create new user into the WORLD
    const user = SERVER.world.createUser(user_obj);

    // Pass user id to the serializer
    return done(null, user.id);
}));

// Define signup strategy
passport.use('login', new LocalStrategy(
{
    usernameField: 'name',
    passwordField: 'password',
    passReqToCallback: true
}, 
async (req, name, password, done) => {

    // Hash password
    const hashed_password = await CRYPTO.encrypt(password);  

    // Check user credentials
    let [status, result] = await DATABASE.validateUsername(name, hashed_password);

    if (status == "ERROR")
    {
        console.log(result);
        return done(null, false, req.flash('login_error', 'Something wrong happened. Try again.'));
    }
        
    if (result[0].length != 0) return done(null, false, req.flash('login_user_error', 'Wrong user or password.'));

    // Pass user id to the serializer
    return done(null, user.id);
}));

// Store user id into the express session
passport.serializeUser((user_id,done) => {
    console.log(user_id);
    done(null, user_id);
});

// Get user id from session
passport.deserializeUser(async (user_id, done) => {
    console.log(user_id);
    const [status, result] = await DATABASE.validateUserID(user_id);
    
    if(status == "ERROR") return done(result);
    if(result[0].length == 0) return done("ID not valid");

    done(null, result[0].id);
});

Error

::1 - POST /signup HTTP/1.1 302 29 - 25.131 ms
Error: ER_BAD_FIELD_ERROR: Unknown column 'NaN' in 'field list'
    at Sequence._packetToError (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\sequences\Sequence.js:47:14)
    at Query.ErrorPacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\sequences\Query.js:79:18)
    at Protocol._parsePacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Protocol.js:291:23)
    at Parser._parsePacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Parser.js:433:10)
    at Parser.write (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Parser.js:43:10)
    at Protocol.write (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Protocol.js:38:16)
    at Socket.<anonymous> (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Connection.js:88:28)
    at Socket.<anonymous> (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Connection.js:526:10)
    at Socket.emit (node:events:513:28)
    at addChunk (node:internal/streams/readable:324:12)
    --------------------
    at Pool.query (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Pool.js:199:23)
    at MySQLStore.query (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-mysql-session\index.js:439:33)
    at MySQLStore.set (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-mysql-session\index.js:240:8)
    at Session.save (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\session\session.js:72:25)
    at Session.save (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\index.js:406:15)
    at ServerResponse.end (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\index.js:335:21)
    at ServerResponse.redirect (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express\lib\response.js:978:10)
    at allFailed (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\passport\lib\middleware\authenticate.js:148:20)
    at attempt (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\passport\lib\middleware\authenticate.js:183:28)
    at strategy.fail (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\passport\lib\middleware\authenticate.js:305:9)
::1 - GET /signup HTTP/1.1 200 1596 - 7.588 ms
Error: ER_BAD_FIELD_ERROR: Unknown column 'NaN' in 'field list'
    at Sequence._packetToError (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\sequences\Sequence.js:47:14)
    at Query.ErrorPacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\sequences\Query.js:79:18)
    at Protocol._parsePacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Protocol.js:291:23)
    at Parser._parsePacket (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Parser.js:433:10)
    at Parser.write (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Parser.js:43:10)
    at Protocol.write (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\protocol\Protocol.js:38:16)
    at Socket.<anonymous> (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Connection.js:88:28)
    at Socket.<anonymous> (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Connection.js:526:10)
    at Socket.emit (node:events:513:28)
    at addChunk (node:internal/streams/readable:324:12)
    --------------------
    at Pool.query (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\mysql\lib\Pool.js:199:23)
    at MySQLStore.query (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-mysql-session\index.js:439:33)
    at MySQLStore.set (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-mysql-session\index.js:240:8)
    at Session.save (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\session\session.js:72:25)
    at Session.save (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\index.js:406:15)
    at ServerResponse.end (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express-session\index.js:335:21)
    at ServerResponse.send (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express\lib\response.js:232:10)
    at done (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\express\lib\response.js:1035:10)
    at tryHandleCache (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\ejs\lib\ejs.js:280:5)
    at exports.renderFile [as engine] (C:\University\FOURTH YEAR\ECV\Jabbon\node_modules\ejs\lib\ejs.js:491:10)

More info about the error

--> (82) ComQueryPacket {
  command: 3,
  sql: 'INSERT INTO `sessions` (`session_id`, `expires`, `data`) VALUES (\'Iib0P8GpNyf0OZF39dnx2jTaJtelf4UM\', NaN, \'{\\"cookie\\":{\\"originalMaxAge\\":null,\\"expires\\":null,\\"httpOnly\\":true,\\"path\\":\\"/\\"},\\"flash\\":{}}\') ON DUPLICATE KEY UPDATE `expires` = VALUES(`expires`), `data` = VALUES(`data`)'
}

<-- (82) ErrorPacket {
  fieldCount: 255,
  errno: 1054,
  sqlStateMarker: '#',
  sqlState: '42S22',
  message: "Unknown column 'NaN' in 'field list'"
}
}

Got error when run npm install

i got error message when run npm install.
I check package.json but can't find where is error occur.
Pls check!

$ npm install
npm ERR! Unexpected end of JSON input while parsing near '..."jake":"^8.0.0","jsdo'

Every connection log

Hello.... testing this simple login app i notice that every client connection fires a log in server terminal like this:
::1 - - [19/Mar/2020:20:57:44 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80
and I'm wondering where this command is... searching the string "log" in the project none found.

Alice

Can you tell me the password of Alice? xD

README.md Sponser image is missing

It seems Sponsor image from README.md is missing.

how to send custom response for auth failure

I've got my app set up with passport-http and it authenticates requests as expected. Thanks for the app and docs.

My issue is that this project I'm working on is communicating with an XML driven API service sending me requests. All my responses need to be XML formatted. And they are, except for passport generated auth errors. There are no sessions, so every HTTP request will have auth data.

I've been poking around the code looking to see if there's a way to control the unauthorized response but it appears not. Did I miss something?

Is passport.initialize() not needed?

Hi everyone,

I can't see passport.initialize() middleware being used in any part of the code. Could you help me understand if it's not needed to use anymore?

Whats the meaning of cb?

I would like to understand the meaning of cb
in this code

passport.use(new LocalStrategy(function verify(username, password, cb) {
  db.get('SELECT * FROM users WHERE username = ?', [ username ], function(err, row) {
    if (err) { return cb(err); }
    if (!row) { return cb(null, false, { message: 'Incorrect username or password.' }); }
}));