{"id":16933,"library":"we-plugin-auth","title":"We.js Authentication Plugin","description":"we-plugin-auth is an authentication plugin for the We.js Node.js MVC framework, providing integration with Passport.js for various authentication strategies, including local username/password, and remembering user sessions. It handles core authentication routes and mechanisms within a We.js application. The current stable version is 2.3.4. However, the core We.js framework is officially deprecated, with a recommendation to use a Golang port (`@go-catupiri`). Consequently, `we-plugin-auth` and its ecosystem are no longer actively maintained and should be considered deprecated for new projects or ongoing development. Its release cadence has ceased with the deprecation of We.js. Key differentiators included its deep integration with the We.js configuration system and opinionated approach to authentication within that framework.","status":"deprecated","version":"2.3.4","language":"javascript","source_language":"en","source_url":"https://github.com/wejs/we-plugin-auth","tags":["javascript","authentication","wejs-plugin"],"install":[{"cmd":"npm install we-plugin-auth","lang":"bash","label":"npm"},{"cmd":"yarn add we-plugin-auth","lang":"bash","label":"yarn"},{"cmd":"pnpm add we-plugin-auth","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core authentication middleware for Node.js, required for all strategies.","package":"passport"},{"reason":"Passport strategy for authenticating with a username and password.","package":"passport-local"},{"reason":"Passport strategy for remembering authenticated users via a persistent token.","package":"passport-remember-me"},{"reason":"The core We.js framework library, which this plugin extends and integrates with.","package":"we-core"}],"imports":[{"note":"we-plugin-auth is a We.js plugin and is typically installed using the We.js CLI's `we i` (install) command, not directly imported as a module in application code. Its functionality is exposed through We.js's internal plugin loading and route registration system.","symbol":"Installation","correct":"we i we-plugin-auth"},{"note":"Plugin functionality, such as Passport strategies and routes, is enabled and configured via the We.js application's configuration files (e.g., `config/locals.js` or `config/environment/{env}.js`), rather than direct ES module imports. This snippet illustrates typical strategy configuration.","symbol":"Configuration","correct":"// In config/locals.js (or similar We.js configuration file)\nmodule.exports = {\n  passport: {\n    strategies: {\n      local: {\n        // Configure local strategy options here, e.g., usernameField, passwordField\n        usernameField: 'email',\n        passwordField: 'password'\n      },\n      // Additional strategies like 'facebook' or 'google' would be configured here\n      // using respective we-plugin-passport-X plugins.\n    },\n    // General passport options\n    redirectUrlAfterSuccess: '/',\n    redirectUrlAfterFailure: '/login'\n  },\n  // Other We.js configurations...\n};"}],"quickstart":{"code":"/*\n  This quickstart demonstrates how to install we-plugin-auth into a We.js application\n  and conceptually configure a local authentication strategy. We.js plugins\n  are integrated via configuration rather than direct code imports.\n*/\n\n// 1. Install the plugin using the We.js CLI\n// Run this command in your We.js project root:\n// we i we-plugin-auth\n\n// 2. Configure authentication strategies in your We.js application\n// This typically happens in a file like 'config/locals.js' or\n// 'config/environment/development.js' based on your environment.\n// Create or update 'config/locals.js' with the following:\n\n// const passport = require('passport'); // You might not directly require passport here\n// const LocalStrategy = require('passport-local').Strategy;\n\nmodule.exports = {\n  passport: {\n    strategies: {\n      local: {\n        // Example configuration for a local (username/password) strategy\n        usernameField: 'email', // Define which field in your form is the username\n        passwordField: 'password', // Define which field in your form is the password\n        // The `verify` callback would typically be handled internally by we-plugin-auth\n        // based on your user model and its authentication methods.\n        // If custom logic is needed, it would usually involve extending We.js services.\n      },\n      // You would configure other Passport strategies (e.g., Facebook, Google)\n      // through their respective 'we-plugin-passport-X' plugins here.\n    },\n    // Global Passport configuration for We.js\n    serializeUser: (user, done) => { done(null, user.id); }, // Example, We.js handles this\n    deserializeUser: (id, done) => { /* Lookup user by ID */ done(null, user); }, // We.js handles this\n\n    // Redirect URLs after successful or failed authentication attempts\n    redirectUrlAfterSuccess: '/dashboard',\n    redirectUrlAfterFailure: '/login',\n    loginForm: '/login', // Path to your login form\n    registerForm: '/register' // Path to your registration form\n  },\n\n  // We.js lifecycle hooks for plugins (illustrative)\n  // In a We.js plugin's `plugin.js`, it might register middleware or routes:\n  // module.exports = function (we) {\n  //   we.routes['post /login'] = { controller: 'auth', action: 'login' };\n  //   we.express.use(passport.initialize());\n  //   we.express.use(passport.session());\n  // };\n\n  // Ensure your We.js application has routes corresponding to these paths\n  // and a user model with authentication methods compatible with passport-local.\n};\n\n// 3. Start your We.js application\n// we s\n","lang":"javascript","description":"Demonstrates the installation of `we-plugin-auth` via the We.js CLI and shows how to configure a local Passport.js strategy within a typical We.js application's configuration file (e.g., `config/locals.js`). This highlights the plugin's declarative configuration approach."},"warnings":[{"fix":"Migrate to a different, actively maintained Node.js framework and an up-to-date authentication library or consider the recommended Golang port (`@go-catupiri`) if migrating entire ecosystems. Continuing to use `we-plugin-auth` is a security risk due to potential unpatched vulnerabilities.","message":"The core We.js framework, which `we-plugin-auth` depends on, has been officially deprecated. The main We.js repository explicitly states 'Deprecated: See @go-catupiri as a direct golang port.' This means `we-plugin-auth` is no longer actively maintained and will not receive updates, bug fixes, or security patches.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Refer to the We.js documentation (if available) or existing We.js plugin examples (like `we-plugin-passport-facebook`) to understand the configuration-driven approach. Most interaction will involve modifying configuration files to enable and customize the plugin's behavior.","message":"We.js plugins, including `we-plugin-auth`, primarily integrate through the We.js configuration system (e.g., `config/locals.js` or `plugin.js` lifecycle hooks) rather than direct `import` or `require` statements in user-land code. Developers new to We.js might struggle to find traditional module exports for direct programmatic use.","severity":"gotcha","affected_versions":">=2.0.0"},{"fix":"Given the deprecation of `we-plugin-auth` and `We.js`, there is no direct upgrade path within this ecosystem. If maintaining a legacy We.js application, carefully audit and potentially replace the 'remember me' implementation with a custom solution or alternative library, understanding the inherent risks.","message":"The dependency `passport-remember-me` (version 0.0.1) is extremely old and likely unmaintained, posing potential security risks for 'remember me' functionality. Its low version number indicates a lack of updates.","severity":"deprecated","affected_versions":">=2.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[],"ecosystem":"npm","meta_description":null}