General

All accounts are handled with express sessions and passport.js.

API

Login

To get the login page, send a GET request to /account/login. To actually login, send a POST request to /account/login with a username and a password string.

Logout

To logout, send a GET request to /account/logout.

Register

To get the register page, send a GET request to /account/register. To register a user, send a POST request to /account/register with a username and a password string. This route is protected and only accessible if the client is logged in to the designated ADMIN_USERNAME account. The name of that account is saved as an environment variable when the server is run (On Heroku, set a Config Var ADMIN_USERNAME to the desired account name, if run locally, add the username when calling the server to run: ADMIN_USERNAME=admin node server.js).

How to Protect a Route

To protect a route, add the function ensureAuthenticated to the route definition before the function to handle the request. Example: router.post('/register', ensureAuthenticated, function(req, res){...});