PassportJS - possible to us local strategy without a database?

Question

I'm building a small NodeJS server which connects to ElasticSearch. I'm in need of user authentication and elasticsearch doesn't seem like a good fit for storing user info.

Rather than take on the additional overhead of using e.g. MongoDB to store user accounts, is it possible to use the PassportJS local strategy with either a json file of user accounts, or an array of user accounts in memory?

Users will be provisioned manually - manually editing a json file of users would be easy, and there will be very few users.

EDIT If possible, can you point me to an example?

Thanks

Answer 1

You can refer this excellent blog post to understand passportJS authentication - Passport authentication. I have also added comments wherever necessary. You just need to change the logic where user data is fetched from DB to the logic where you are getting it from JSON file.

    // config/passport.js

    // load all the things we need
    var LocalStrategy   = require('passport-local').Strategy;

    // load up the users json data
    var User            = require('../app/data/users');

    // expose this function to our app using module.exports
    module.exports = function(passport) {

        // =========================================================================
        // passport session setup ==================================================
        // =========================================================================
        // required for persistent login sessions
        // passport needs ability to serialize and unserialize users out of session

        // used to serialize the user for the session
        passport.serializeUser(function(user, done) {
            done(null, user.id);
        });

        // used to deserialize the user
        passport.deserializeUser(function(id, done) {
            // Write a logic to find this particular user from the json data using userID


            // If not found return done({});

            // else return done(null, userObject);
        });

        // =========================================================================
        // we are using named strategies since we have one for login and one for signup
        // by default, if there was no name, it would just be called 'local'

        passport.use('local-login', new LocalStrategy({
            // by default, local strategy uses username and password, we will override with email
            usernameField : 'email',
            passwordField : 'password',
            passReqToCallback : true // allows us to pass back the entire request to the callback
        },
        function(req, email, password, done) { // callback with email and password from our form

            // Write a logic to find this particular user from the json data using email

            // validate for password


            // If not found or password incorrect return done({});

            // else return done(null, userObject);

        }));

    };