Feathers: Best approach of logging user login/logout events to DB

I don't know that there's a single best approach to the architecture of this, but there are a few general guidelines that will universally apply.

1. Choose a db/adapter (say, feathers-mongodb) http://docs.feathersjs.com/databases/readme.html
2. Create a service for logging with the selected adapter. This can be a general event log for the entire app with a type attribute and data attribute, or a specific table just for auth event logging.
3. Create a hook on either the auth/local service (for username/password auth) or the users service (for OAuth-type logins). Inside this hook you'll simply do a create on your logging service. http://docs.feathersjs.com/hooks/readme.html
4. Disable external access to the logging service to prevent sensitive data from leaking. http://docs.feathersjs.com/hooks/bundled.html#disable

I agree with @marshallswain 💯 . Basically you'll probably need middleware (at least for logout) in order to log when a user logs in and out. As @marshallswain suggested you can use an after hook on the auth service (whichever ones you are using) and do your logging. Which might look like this:

app.service('auth/local').after({
  create: function(hook) {
    return hook.app.service('logs')
       .create({ event: 'user logged in', user: hook.params.user.id });
       .then(() => hook);
  }
});

Something to that effect.

An update that we have some stuff coming in a new auth release that allows you to just do app.on('login', function(data){...} and app.on('logout', function(data){...})

Amazing, when is the update coming?

@patrickpereira end of this week most likely. We just have to fix some of the broken tests and update docs/examples.

would the app.on('logout', function(data){...}) also consider 'dirty' logout cases (where the client just end connection without calling some 'logout' function)?

@ramsestom yes it handles when a socket just disconnects as well.

Any updated ETA on the update?

@patrickpereira Most of the refactoring is done. We are rewriting tests.

When is the update coming? Is it going to be implemented at all?

Thanks for asking.

We are putting many hours into it. Permissions and a rewrite of the docs remain to be finalized.

You can already use it by installing feathers-authentication@pre. See the docs from here and the migration guide.

are the app.on('login','logout' events supposed to be used only for logging?

My usecase is more about check if user is disabled and disallow login?

I feel like the authentication login/register/forgot pass etc hooks are either not documented or do not exist?

It can also be used for marking a user as online (by patching them) or to assign the real-time connection to channels. Disallowing login would be done through a custom verifier or throwing an error a hook on the user service (e.g. after if context.result.disabled).

If you need forgot password and similar functionality you can find one approach in the feathers-authentication-management module.

Thank you sir I will check if the module suits my needs!

It does do kinda what i want but i want to do it in a different way e.g. storing reset & verify tokens in a seperate table.

Anyone else who's reading this might find this useful:
https://docs.feathersjs.com/faq/readme.html#how-do-i-create-custom-methods

It has a great example of how you could handle reset password.

i'm implementing my own register user/reset password application logic.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue with a link to this issue for related bugs.