I am using koa-passport for authentication and credentials are stored on a mySQL server. Each username has a unique ID in the database table. I am using a very simple scheme where I just use IDs for both serialization and deserialization instead of having a whole user object.
For authentication, there is a stored procedure defined in the database which returns either null or the userID if found in the database for the credentials supplied (the stored procedure looks at both username and password so no need to handle on nodeJS. Please assume that the code snippet below directly gives us the values without formatting the results from the mySQL database for sake of simplicity)
const localStrategy = require('passport-local').Strategy;
passport.serializeUser((ctx, ID, done) => {
done(null, ID);
});
passport.deserializeUser(async (ctx, ID, done) => {
mySQLPool.getConnection(function (err, thisConnection) {
let sqlQuery = "select * from table where userID = " + ID + "";
thisConnection.query(sqlQuery, function (error, results) {
thisConnection.release();
console.log("De-serializing User");
done(error, results.userID);
})
})
});
passport.use(new localStrategy({
usernameField: 'username',
passwordField: 'password',
passReqToCallback: true
}, (async function (ctx, username, password, done) {
mySQLPool.getConnection(function (err, thisConnection) {
let sqlQuery = "CALL " + leadingSQLStoredProc + username + "', '" + password + trailingSQLStoredProc;
console.log("Authenticating user....")
thisConnection.query(sqlQuery, function (error, results) {
thisConnection.release();
if (error)
return done(error);
if (results.userID !== null)
return done(null, results.userID);
else
return done(null, false);
})
})
})))
Is there a way to avoid accessing the database on each deserialization?
Yes, you can serialize and store entire user object instead of its id.
But I don't recommend you doing so because data in the session can become obsolete. It is much better to fetch it from the database on every request.