Skip to main content

--description--

It's time to set up Passport so you can finally start allowing a user to register or log in to an account. In addition to Passport, you will use Express-session to handle sessions. Express-session has a ton of advanced features you can use, but for now you are just going to use the basics. Using this middleware saves the session id as a cookie in the client, and allows us to access the session data using that id on the server. This way, you keep personal account information out of the cookie used by the client to tell to your server clients are authenticated and keep the key to access the data stored on the server.

passport@~0.4.1 and express-session@~1.17.1 are already installed, and are both listed as dependencies in your package.json file.

You will need to set up the session settings and initialize Passport. First, create the variables session and passport to require express-session and passport respectively.

Then, set up your Express app to use the session by defining the following options:

app.use(session({
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
cookie: { secure: false }
}));

Be sure to add SESSION_SECRET to your .env file, and give it a random value. This is used to compute the hash used to encrypt your cookie!

After you do all that, tell your express app to use passport.initialize() and passport.session().

Submit your page when you think you've got it right. If you're running into errors, you can check out the project completed up to this point.

--hints--

Passport and Express-session should be dependencies.

async (getUserInput) => {
const url = new URL("/_api/package.json", getUserInput("url"));
const res = await fetch(url);
const packJson = await res.json();
assert.property(
packJson.dependencies,
'passport',
'Your project should list "passport" as a dependency'
);
assert.property(
packJson.dependencies,
'express-session',
'Your project should list "express-session" as a dependency'
);
}

Dependencies should be correctly required.

async (getUserInput) => {
const url = new URL("/_api/server.js", getUserInput("url"));
const res = await fetch(url);
const data = await res.text();
assert.match(
data,
/require.*("|')passport("|')/,
'You should have required passport'
);
assert.match(
data,
/require.*("|')express-session("|')/,
'You should have required express-session'
);
}

Express app should use new dependencies.

async (getUserInput) => {
const url = new URL("/_api/server.js", getUserInput("url"));
const res = await fetch(url);
const data = await res.text();
assert.match(data, /passport\.initialize/, 'Your express app should use "passport.initialize()"');
assert.match(data, /passport\.session/, 'Your express app should use "passport.session()"');
}

Session and session secret should be correctly set up.

async (getUserInput) => {
const url = new URL("/_api/server.js", getUserInput("url"));
const res = await fetch(url);
const data = await res.text();
assert.match(
data,
/secret *:\s*process\.env(\.SESSION_SECRET|\[(?<q>"|')SESSION_SECRET\k<q>\])/,
'Your express app should have express-session set up with your secret as process.env.SESSION_SECRET'
);
}