Keystone-classic: User Login/Logout System (not for Admin UI)

Created on 6 Nov 2015 · 8Comments · Source: keystonejs/keystone-classic

I figure this would be the right place to post this...I looked around and the Keystone community is rather small.

I am new to Keystone, but not to Node or MVC structure. Does Keystone support a user account system, with session management (for the site, not just Admin UI)?
How I intend to set it up:

Custom User model
User controller
Connect Login methods/pages with app.get statements in Routes/index.js
Middleware functions like 'RequireLogin" (ex. only users could see this page)

My first problem: can I add a salt attribute of type "Buffer" to the user model? I'd be using Crypto functions like PBKDF2 to derive keys. Would I even need to do that?
Model: http://pastebin.com/2zVLkLxV

And my second problem, is that I don't understand the setup of Keystone controllers. Attached, for example, is the User (well, it's called "Account") controller I have in my current project. You can see that I use CSurf tokens to manage things. How would this look as a controller in routes/views?
Controller: http://pastebin.com/H8T8rVsG
Thanks in advance for anyone that took the time to look at this.

Source

Milhau5

All 8 comments

It's certainly something that many would find useful. There's probably a way to make it work with the same account management stuff we have for the adminUI.

morenoh149 on 9 Nov 2015

Well I've been plugging away at it for the past two days, and I'll link to what I have. Quick reminder, what I want to do:

Have users register, then login/logout
They go to a members only page
Members can post on a bulletin board of sorts
There is session-based authentication for users

User model: https://github.com/Milhau5/dreamspace/blob/master/models/User.js
This only has a findByUsername function added, the rest I planned seemed unnecessary in Keystone

"Controller" (has session auth methods): https://github.com/Milhau5/dreamspace/blob/master/routes/api/session-auth.js
Inspired by this link right here: https://gist.github.com/JedWatson/f88b60e9d6b33b6c47c4

Routes/index.js: https://github.com/Milhau5/dreamspace/blob/master/routes/index.js
What I tried to do:

import routes/api
add api endpoints for signing in before protected routes
Attach middleware to some pages. In a previous project I could do "app.get('/link', middleware.function, controller.model.method). Adding a middleware function in the middle of that statement just crashed my site here.

Middleware for handling logout and "requireUser": https://github.com/Milhau5/dreamspace/blob/master/routes/middleware.js

Does any of this make sense, @morenoh149 ? Maybe @JedWatson might know something on the matter?

Milhau5 on 11 Nov 2015

So it turns out I had a bit of a typo. Middleware does work as expected. Say I want only authorized users to view the gallery: then the binding would be app.get('/gallery', middleware.requireUser, routes.views.gallery). I mispelled it at "requiresUser".

But, I still want people to register on the site and make accounts, instead of just adding people by myself in the Admin UI. There HAS to be a way to do this with Keystone. Is there anyone I can find that would know how?

Milhau5 on 12 Nov 2015

Can't you expose input fields on your site that hit the same endpoints the adminUI login exposes? Registration would be similar.

morenoh149 on 13 Nov 2015

😕2 😄1

I eventually got the system working, using a much different method. I followed an old example from Keystone's official web page.

Milhau5 on 1 Dec 2015

@Milhau5 can you give us some hints on how you did it?