Pass variable from Middleware to Passport in Express.js

Question

I am trying to pass a variable a middleware and be usable following successful authentication using facebook-passport.

// route for facebook authentication and login
router.get('/connect/facebook', rentalinfo, passport.authenticate('facebook', { scope : 'email' }));

// handle the callback after facebook has authenticated the user
router.get('/connect/facebook/callback', passport.authenticate('facebook', {
    //successRedirect : '../../../protected',
    failureRedirect : '/'
}),
function(req, res) {
    // successful auth, user is set at req.user.  redirect as necessary.
    //Get the redirect location from the response
    //console.log(req.body);
    console.log(req.bookingarray);
    res.redirect('/protected'); 
});

My Middleware:

//Rent item middleware - carries rental info through signup/login process
function rentalinfo(req, res, next){
    //console.log('MIDDLEWARE VARIABLE: '+ bookingarray);
    req.bookingarray = 'SOMETHING';
    //return bookingarray;
    //if (something(res)) redirect('http://google.com'); // no access to your site
    next(); // go to routes
};

I then attempt to access it in my facebook passport strategy.

passport.use(new FacebookStrategy({
    // pull in our app id and secret from our auth.js file
    clientID        : configAuth.facebookAuth.clientID,
    clientSecret    : configAuth.facebookAuth.clientSecret,
    callbackURL     : configAuth.facebookAuth.callbackURL,
    profileFields   : ["emails", "displayName"],
    // this allows us to pass in the req from our route (lets us check if a user is logged in or not)
    passReqToCallback : true
},
// facebook will send back the token and profile
function(req, token, refreshToken, profile, done) {
    console.log(req.bookingarray);

    // asynchronous
    process.nextTick(function() {
        // check if the user is already logged in
        if (!req.user) {
            ...
        }
    }
}));

However it just returns as undefined. I have tried, what am I missing? The purpose is to keep the state of the user before and after authentication.

Answer 1

You'll want to store this in the user session not the request which has a one request lifetime. Your 2nd route is the FB callback which is called by Facebook so the rentalinfo middleware does not get called and therefore does not have your variable.

If you do not want to use sessions (i.e. a stateless REST api thingy) then you would need to modify your middleware to check if the user is authed and go from there. Whether that works for you will depend on your scenario.