LastLogin Authentication

Add user auth to your app via LastLogin. LastLogin is a hosted auth provider that enables login through email, Google, Github, etc.

How to setup

These instructions were written to be easily copy-and-pasteable into LLMs like Townie.

import { lastlogin } from "https://esm.town/v/stevekrouse/lastlogin_safe"
Wrap the main HTTP handler with lastlogin, exporting it as export default lastlogin(handler).
In the HTTP handler, retrieve the user's email from the request headers using const email = request.headers.get("X-LastLogin-Email")
Use the email variable to determine if the user is logged in. If present, display user-specific content; if not, show login options.
import { LoginWithGoogleButton } from "https://esm.town/v/stevekrouse/LoginWithGoogleButton"
Use the React Component, optionally supplying the text attribute
Add "via LastLogin" as context underneat the LoginWithGoogleButton, usually centered and less-emphasized, linking to https://lastlogin.io/
Include a logout link that redirects to "/auth/logout" when the user is logged in.
Pass the email from the server to the client-side code if using React hydration or similar techniques.

Screenshot 2024-08-08 at 08.48.41.gif

Your users click on a link to /auth/login in your app
This middleware directs them to login via LastLogin
They authenticate to LastLogin
LastLogin redirects them back to your app
This middleware "logs them in" to your app by giving them a session cookie.
In your app, you can read the X-LastLogin-Email header to see which (if any) user is logged in

If you want username & password auth: @stevekrouse/lucia_middleware
This middleware stores sessions in the lastlogin_session table in your Val Town SQLite
This val has NOT been properly audited for security. I am not a security expert. I would suggest only using it for demos, prototypes, or apps where security is not paramount. If you are a security expert, I would appreciate your help auditing this!