Back to Details

authentication

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Authentication

认证

The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.
The Boring JavaScript Stack 采用基于会话的认证,支持多种登录方式。Ascent模板提供了生产就绪的实现,包括密码认证、魔法链接、通行密钥、双因素认证、密码重置以及OAuth——所有功能均基于Sails.js的actions、helpers和policies构建。

When to Use

使用场景

Use this skill when:
  • Implementing signup and login flows (password or magic link)
  • Adding passkey (WebAuthn) support with 
    @simplewebauthn
  • Setting up two-factor authentication (TOTP, email codes, backup codes)
  • Building password reset flows with secure token handling
  • Integrating OAuth providers (Google, GitHub) via 
    sails-hook-wish
  • Configuring authentication policies (
    is-authenticated
    , 
    is-guest
    , 
    has-partially-logged-in
    )
  • Understanding the 
    req.me
    / 
    req.session.userId
    pattern and return URL handling
  • Working with the User model's auth-related attributes and lifecycle callbacks
在以下场景中使用此技能:
  • 实现注册和登录流程(密码或魔法链接)
  • 通过
    @simplewebauthn
    添加通行密钥(WebAuthn)支持
  • 设置双因素认证(TOTP、邮件验证码、备份码)
  • 构建带有安全令牌处理的密码重置流程
  • 通过
    sails-hook-wish
    集成OAuth提供商(Google、GitHub)
  • 配置认证策略(
    is-authenticated
    is-guest
    has-partially-logged-in
  • 理解
    req.me
    / 
    req.session.userId
    模式以及返回URL处理
  • 处理User模型中与认证相关的属性和生命周期回调

Rules

规则

Read individual rule files for detailed explanations and code examples:
  • rules/getting-started.md - Auth architecture, User model overview, policies, req.me, return URL
  • rules/password-auth.md - Signup and login flows, password hashing, remember me, validation
  • rules/magic-links.md - Token generation/hashing, request/verify actions, auto-signup, security
  • rules/passkeys.md - WebAuthn with @simplewebauthn, registration and authentication flows
  • rules/two-factor.md - TOTP, email 2FA, backup codes, partial login state, verify-2fa action
  • rules/password-reset.md - Forgot/reset flow, token lifecycle, email integration, security
  • rules/oauth.md - Wish library, Google/GitHub OAuth, redirect/callback, findOrCreate pattern
阅读单个规则文件获取详细说明和代码示例:
  • rules/getting-started.md - 认证架构、User模型概述、策略、req.me、返回URL
  • rules/password-auth.md - 注册和登录流程、密码哈希、记住我、验证
  • rules/magic-links.md - 令牌生成/哈希、请求/验证actions、自动注册、安全
  • rules/passkeys.md - 基于@simplewebauthn的WebAuthn、注册和认证流程
  • rules/two-factor.md - TOTP、邮件双因素认证、备份码、部分登录状态、verify-2fa action
  • rules/password-reset.md - 找回/重置流程、令牌生命周期、邮件集成、安全
  • rules/oauth.md - Wish库、Google/GitHub OAuth、重定向/回调、findOrCreate模式