'use strict';const Hapi = require('hapi');let uuid = 1; // Use seq

1. 'use strict';
2.  
3. const Hapi = require('hapi');
4.  
5. let uuid = 1;       // Use seq instead of proper unique identifiers for demo only
6.  
7. const users = {
8.     john: {
9.         id: 'john',
10.         password: 'password',
11.         name: 'John Doe'
12.     }
13. };
14.  
15. const home = function (request, reply) {
16.  
17.     reply('<html><head><title>Login page</title></head><body><h3>Welcome ' +
18.       '!</h3><br/><form method="get" action="/logout">' +
19.       '<input type="submit" value="Logout">' +
20.       '</form></body></html>');
21. };
22.  
23. const login = function (request, reply) {
24.  
25.     if (request.auth.isAuthenticated) {
26.         return reply.redirect('/');
27.     }
28.  
29.     let message = '';
30.     let account = null;
31.  
32.     if (request.method === 'post') {
33.  
34.         if (!request.payload.username ||
35.             !request.payload.password) {
36.  
37.             message = 'Missing username or password';
38.         }
39.         else {
40.             account = users[request.payload.username];
41.             if (!account ||
42.                 account.password !== request.payload.password) {
43.  
44.                 message = 'Invalid username or password';
45.             }
46.         }
47.     }
48.  
49.     if (request.method === 'get' ||
50.         message) {
51.  
52.         return reply('<html><head><title>Login page</title></head><body>' +
53.             (message ? '<h3>' + message + '</h3><br/>' : '') +
54.             '<form method="post" action="/login">' +
55.             'Username: <input type="text" name="username"><br>' +
56.             'Password: <input type="password" name="password"><br/>' +
57.             '<input type="submit" value="Login"></form></body></html>');
58.     }
59.  
60.     const sid = String(++uuid);
61.     request.server.app.cache.set(sid, { account: account }, 0, (err) => {
62.  
63.         if (err) {
64.             reply(err);
65.         }
66.  
67.         request.cookieAuth.set({ sid: sid });
68.         return reply.redirect('/');
69.     });
70. };
71.  
72. const logout = function (request, reply) {
73.  
74.     request.cookieAuth.clear();
75.     return reply.redirect('/');
76. };
77.  
78. const server = new Hapi.Server();
79. server.connection({ port: 8000 });
80.  
81. server.register(require('hapi-auth-cookie'), (err) => {
82.  
83.     if (err) {
84.         throw err;
85.     }
86.  
87.     const cache = server.cache({ segment: 'sessions', expiresIn: 3 * 24 * 60 * 60 * 1000 });
88.     server.app.cache = cache;
89.  
90.     server.auth.strategy('session', 'cookie', true, {
91.         password: 'password-should-be-32-characters',
92.         cookie: 'sid-example',
93.         redirectTo: '/login',
94.         isSecure: false,
95.         validateFunc: function (request, session, callback) {
96.  
97.             cache.get(session.sid, (err, cached) => {
98.  
99.                 if (err) {
100.                     return callback(err, false);
101.                 }
102.  
103.                 if (!cached) {
104.                     return callback(null, false);
105.                 }
106.  
107.                 return callback(null, true, cached.account);
108.             });
109.         }
110.     });
111.  
112.     server.route([
113.         { method: 'GET', path: '/', config: { handler: home, auth: { mode: 'optional' }, plugins: { 'hapi-auth-cookie': { redirectTo: false } } } },
114.         { method: ['GET', 'POST'], path: '/login', config: { handler: login, auth: { mode: 'try' }, plugins: { 'hapi-auth-cookie': { redirectTo: false } } } },
115.         { method: 'GET', path: '/logout', config: { handler: logout } }
116.     ]);
117.  
118.     server.start(() => {
119.  
120.         console.log('Server ready');
121.     });
122. });