Object: User


CabloyJS manages the current login status of the frontend through the Vuex mechanism, so that other places can directly reference the user information

const op = this.$store.state.auth.user.op;
const agent = this.$store.state.auth.user.agent;
const loggedIn = this.$store.state.auth.loggedIn;
Name Description
auth.user.op the current user as operator
auth.user.agent the current user as login
auth.loggedIn logged in or not

If user agent is not used, then op === agent


CabloyJS injects object user into ctx through the global middleware auth, which facilitates direct access to the user information

const op = this.ctx.user.op;
const agent = this.ctx.user.agent;
const loggedIn = this.ctx.isAuthenticated()
名称 说明
ctx.user.op the current user as operator
ctx.user.agent the current user as login
ctx.isAuthenticated() logged in or not

First Visit Mechanism

When a user open the frontpage page for the first time, the frontend will first perform the backend API route /a/base/auth/echo, check whether the current user has logged in through the returned user information, and store the user information in the Vuex system


// get auth first
this.$api.post('/a/base/auth/echo').then(data => {
  // Vuex
  this.$store.commit('auth/login', {
    loggedIn: data.user.agent.anonymous === 0,
    user: data.user,

Login Page

CabloyJS provides a unified configuration mechanism of login page, which can freely combine user/password authentication and the third-party authentication such as GitHub, etc.

For details, please refer to authentication: login page

User Authentication

CabloyJS provides a global middleware auth, which is used to authenticate users in backend API route. If the verification fails, an exception will be thrown automatically, and subsequent logic will be interrupted

The global middleware auth is provided by the module a-base. Its source code is as follows:

module.exports = options => {
  return async function auth(ctx, next) {
    if (!ctx.isAuthenticated() || !ctx.user.op || !ctx.user.agent) {
      // anonymous
      await ctx.meta.user.loginAsAnonymous();
    } else {
      // check if deleted,disabled,agent
      await ctx.meta.user.check();

    // if user
    if (options.user && ctx.user.op.anonymous) ctx.throw(401);

    // next
    await next();

Disable auth

auth is a global middleware, so it will be automatically attached to all API routes. If you want to disable middleware auth, the configuration is as follows:


{ method: 'post', path: 'party/create', controller: party, middlewares: 'inner', meta: { auth: { enable: false } } },

Configure auth

The middleware auth can also pass in the parameter user, which is used to specify that the current user must be an authenticated user. If the current user is an anonymous user, it will be rejected


{ method: 'post', path: 'auth/check', controller: auth, 
  meta: { auth: { user: true } }