A solution for applications that use PJSON to gain profile capabilities and user management

It provides the following routes for authentication purposes:

• GET /profile/user - Gets all users.
• PUT /profile/user - Updates all users at the same time. The body of the request will be merged into the database.
• GET /profile/user/:userId - Gets a user by their id.
• POST /profile/user/:userId - Creates a new user with userId. The body of the request will be the json that is stored for that user.
• PUT /profile/user/:userId - Updates a new user with userId. The body of the request will be the json that is stored for that user.
• DELETE /profile/user/:userId - Deletes a new user with userId.
• PUT /profile/user/:userId/role/:roleId - Adds a role named roleId to a user with userId
• DELETE /profile/user/:userId/role/:roleId - Deletes a role named roleId from a user with userId

Opensesame Profile options are passed directly to OpenSesame so all OpenSesame options can be used here as well.

• secret - A string which is used by the JWT library to crpytographically sign and verify JWTs.

checkUser, registerUser, and refreshUser are implemented by OpenSesame Profile so they are not required here.

Opensesame Profile has the same optional options as Opensesame with one addition:

• middleware - A function or an array of functions that is express middleware that will be run after opensesame middleware but before opensesame-profile middleware. This can be used to provide authorization to the /profile routes by using the req.user object that opensesame provides for example.

Check the example folder for a running example of how to use opensesame.

var opensesameProfile = require('opensesame-profile');
//you can give opensesame-profile an express app object
opensesameProfile({
    secret: 'testSecret',
    middleware: function (req, res, next) {
        //also can check which route this is accessing
        if(req.user.roles.indexOf('admin') !== -1) {
            next();
        } else {
            res.status(401).end();
        }
    },
    httpsOnly: false
}, app);

//or have it generate one for you
var app = opensesameProfile({
    secret: 'testSecret',
    middleware: function (req, res, next) {
        //also can check which route this is accessing
        if(req.user.roles.indexOf('admin') !== -1) {
            next();
        } else {
            res.status(401).end();
        }
    },
    httpsOnly: false
});

Note: OpenSesame Profile uses OpenSesame and it uses the bodyParser.json() middleware.