We.js Authentication Plugin

Warnings

• breaking The core We.js framework, which `we-plugin-auth` depends on, has been officially deprecated. The main We.js repository explicitly states 'Deprecated: See @go-catupiri as a direct golang port.' This means `we-plugin-auth` is no longer actively maintained and will not receive updates, bug fixes, or security patches.
  Fix: Migrate to a different, actively maintained Node.js framework and an up-to-date authentication library or consider the recommended Golang port (`@go-catupiri`) if migrating entire ecosystems. Continuing to use `we-plugin-auth` is a security risk due to potential unpatched vulnerabilities.
• gotcha We.js plugins, including `we-plugin-auth`, primarily integrate through the We.js configuration system (e.g., `config/locals.js` or `plugin.js` lifecycle hooks) rather than direct `import` or `require` statements in user-land code. Developers new to We.js might struggle to find traditional module exports for direct programmatic use.
  Fix: Refer to the We.js documentation (if available) or existing We.js plugin examples (like `we-plugin-passport-facebook`) to understand the configuration-driven approach. Most interaction will involve modifying configuration files to enable and customize the plugin's behavior.
• deprecated The dependency `passport-remember-me` (version 0.0.1) is extremely old and likely unmaintained, posing potential security risks for 'remember me' functionality. Its low version number indicates a lack of updates.
  Fix: Given the deprecation of `we-plugin-auth` and `We.js`, there is no direct upgrade path within this ecosystem. If maintaining a legacy We.js application, carefully audit and potentially replace the 'remember me' implementation with a custom solution or alternative library, understanding the inherent risks.

Install

• npm install we-plugin-auth npm
• yarn add we-plugin-auth yarn
• pnpm add we-plugin-auth pnpm

Imports

• Installation

  we i we-plugin-auth

  we-plugin-auth is a We.js plugin and is typically installed using the We.js CLI's `we i` (install) command, not directly imported as a module in application code. Its functionality is exposed through We.js's internal plugin loading and route registration system.
• Configuration

  // In config/locals.js (or similar We.js configuration file)
  module.exports = {
    passport: {
      strategies: {
        local: {
          // Configure local strategy options here, e.g., usernameField, passwordField
          usernameField: 'email',
          passwordField: 'password'
        },
        // Additional strategies like 'facebook' or 'google' would be configured here
        // using respective we-plugin-passport-X plugins.
      },
      // General passport options
      redirectUrlAfterSuccess: '/',
      redirectUrlAfterFailure: '/login'
    },
    // Other We.js configurations...
  };

  Plugin functionality, such as Passport strategies and routes, is enabled and configured via the We.js application's configuration files (e.g., `config/locals.js` or `config/environment/{env}.js`), rather than direct ES module imports. This snippet illustrates typical strategy configuration.

Quickstart

Demonstrates the installation of `we-plugin-auth` via the We.js CLI and shows how to configure a local Passport.js strategy within a typical We.js application's configuration file (e.g., `config/locals.js`). This highlights the plugin's declarative configuration approach.

/*
  This quickstart demonstrates how to install we-plugin-auth into a We.js application
  and conceptually configure a local authentication strategy. We.js plugins
  are integrated via configuration rather than direct code imports.
*/

// 1. Install the plugin using the We.js CLI
// Run this command in your We.js project root:
// we i we-plugin-auth

// 2. Configure authentication strategies in your We.js application
// This typically happens in a file like 'config/locals.js' or
// 'config/environment/development.js' based on your environment.
// Create or update 'config/locals.js' with the following:

// const passport = require('passport'); // You might not directly require passport here
// const LocalStrategy = require('passport-local').Strategy;

module.exports = {
  passport: {
    strategies: {
      local: {
        // Example configuration for a local (username/password) strategy
        usernameField: 'email', // Define which field in your form is the username
        passwordField: 'password', // Define which field in your form is the password
        // The `verify` callback would typically be handled internally by we-plugin-auth
        // based on your user model and its authentication methods.
        // If custom logic is needed, it would usually involve extending We.js services.
      },
      // You would configure other Passport strategies (e.g., Facebook, Google)
      // through their respective 'we-plugin-passport-X' plugins here.
    },
    // Global Passport configuration for We.js
    serializeUser: (user, done) => { done(null, user.id); }, // Example, We.js handles this
    deserializeUser: (id, done) => { /* Lookup user by ID */ done(null, user); }, // We.js handles this

    // Redirect URLs after successful or failed authentication attempts
    redirectUrlAfterSuccess: '/dashboard',
    redirectUrlAfterFailure: '/login',
    loginForm: '/login', // Path to your login form
    registerForm: '/register' // Path to your registration form
  },

  // We.js lifecycle hooks for plugins (illustrative)
  // In a We.js plugin's `plugin.js`, it might register middleware or routes:
  // module.exports = function (we) {
  //   we.routes['post /login'] = { controller: 'auth', action: 'login' };
  //   we.express.use(passport.initialize());
  //   we.express.use(passport.session());
  // };

  // Ensure your We.js application has routes corresponding to these paths
  // and a user model with authentication methods compatible with passport-local.
};

// 3. Start your We.js application
// we s