AgentSkillsCN

authentication

针对“枯燥的 JavaScript 技术栈”的认证模式——基于会话的密码认证、魔法链接、通行密钥(WebAuthn)、双因素认证(TOTP/电子邮件/备份代码)、密码重置以及 OAuth。在 Sails.js 应用程序中实施或修改任何认证流程时,可使用此技能。

SKILL.md
--- frontmatter
name: authentication
description: >
  Authentication patterns for The Boring JavaScript Stack — session-based auth with password, magic links,
  passkeys (WebAuthn), two-factor authentication (TOTP/email/backup codes), password reset, and OAuth.
  Use this skill when implementing or modifying any authentication flow in a Sails.js application.
metadata:
  author: sailscastshq
  version: '1.0.0'
  tags: authentication, auth, login, signup, password, magic-link, passkey, webauthn, 2fa, totp, oauth, boring-stack

Authentication

The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.

When to Use

Use this skill when:

  • Implementing signup and login flows (password or magic link)
  • Adding passkey (WebAuthn) support with @simplewebauthn
  • Setting up two-factor authentication (TOTP, email codes, backup codes)
  • Building password reset flows with secure token handling
  • Integrating OAuth providers (Google, GitHub) via sails-hook-wish
  • Configuring authentication policies (is-authenticated, is-guest, has-partially-logged-in)
  • Understanding the req.me / req.session.userId pattern and return URL handling
  • Working with the User model's auth-related attributes and lifecycle callbacks

Rules

Read individual rule files for detailed explanations and code examples: