Clone this repo & have a look at the files you already have.
-
Install
hapi-auth-basic
and add register this plugin on your server. -
Inside
lib/validate.js
, write a function calledbasicValidate
, which validates the password of the users in your "database" (database/users.js
), using Bcrypt.
Note: we are just using a JavaScript object for the purposes of this exercise -
Replace the comment in
server.js
with an authentication strategy that useshapi-auth-basic
. Remember, always use the hapi docs to find out how to use a new method, or what parameters a method takes ๐.
If a website / wiki's docs aren't comprehensive enough, your next port of call should always be to go directly to the relevant github repo! (Some examples: the hapi framework, inert, vision)
Hint:server.auth.strategy
-
Add your new authorisation strategy to all your routes.
Where do you think you will need to look in the docs for how to do this? -
Add a scope to your "secret" route, in order to restrict anyone who doesn't have
admin
privileges (inuser.js
) i.e. stop them from seeing thesecret.hbs
view.