/** * Passport initialization. * * Intializes Passport for incoming requests, allowing authentication strategies * to be applied. * * If sessions are being utilized, applications must set up Passport with * functions to serialize a user into and out of a session. For example, a * common pattern is to serialize just the user ID into the session (due to the * fact that it is desirable to store the minimum amount of data in a session). * When a subsequent request arrives for the session, the full User object can * be loaded from the database by ID. * * Note that additional middleware is required to persist login state, so we * must use the `connect.session()` middleware _before_ `passport.initialize()`. * * If sessions are being used, this middleware must be in use by the * Connect/Express application for Passport to operate. If the application is * entirely stateless (not using sessions), this middleware is not necessary, * but its use will not have any adverse impact. * * Examples: * * app.configure(function() { * app.use(connect.cookieParser()); * app.use(connect.session({ secret: 'keyboard cat' })); * app.use(passport.initialize()); * app.use(passport.session()); * }); * * passport.serializeUser(function(user, done) { * done(null, user.id); * }); * * passport.deserializeUser(function(id, done) { * User.findById(id, function (err, user) { * done(err, user); * }); * }); * * @return {Function} * @api public */ module.exports = function initialize(passport) { return function initialize(req, res, next) { req._passport = {}; req._passport.instance = passport; if (req.session && req.session[passport._key]) { // load data from existing session req._passport.session = req.session[passport._key]; } else if (req.session) { // initialize new session req.session[passport._key] = {}; req._passport.session = req.session[passport._key]; } else { // no session is available req._passport.session = {}; } next(); }; };