Add user auth to your app via LastLogin. LastLogin is a hosted auth provider that enables login through email, Google, Github, etc.
These instructions were written to be easily copy-and-pasteable into LLMs like Townie.
import { lastlogin } from "https://esm.town/v/stevekrouse/lastlogin_safe";- Wrap your HTTP handler in it, ie
export default lastLogin(handler) - In your handler, redirect to
/auth/loginor/auth/logoutto trigger those flows. - In your HTTP handler, read the
X-LastLogin-Emailheader, ieconst email = req.headers.get("X-LastLogin-Email") - If the user is logged in, you now have a email you can work with. If not, it will be empty
- Your users click on a link to
/auth/loginin your app - This middleware directs them to login via LastLogin
- They authenticate to LastLogin
- LastLogin redirects them back to your app
- This middleware "logs them in" to your app by giving them a session cookie.
- In your app, you can read the
X-LastLogin-Emailheader to see which (if any) user is logged in
- If you want username & password auth: @stevekrouse/lucia_middleware
- This middleware stores sessions in the
lastlogin_sessiontable in your Val Town SQLite - This val has NOT been properly audited for security. I am not a security expert. I would suggest only using it for demos, prototypes, or apps where security is not paramount. If you are a security expert, I would appreciate your help auditing this!
- Let the user customize the name of the SQLite table
- Get a proper security audit for this