There's security issues with this since it's so old.
This is an example of a simple device-agnostic backend that implements login, signup, and logout using JSON Web Tokens. It is based on the jwt-login example, just upgraded to Sails 1.0 and modified to use cookies for web storage and the authorization header for other devices (eg mobile) to use.
This is a multiple page app using the built-in templating system (EJS) in order to demonstrate keeping a "session" by storing the JWT in a cookie. It also has server code (but not frontend code) that handles authorization using a header.
To be clear however, this is not intended as a tutorial on building SPAs, which would normally use a framework like Vue or React.
assets/js/main.jscontains the all of the front-end Javascript that makes the AJAX calls to register new users, login, and logout.api/controllers/UserController.jscontains the back-end code for signing up and logging in users, including creating new JWTs.api/helpers/verify-token.jsis a global helper that does the actual verification of JWTs for every request, as dictated byconfig/policies.js.api/policies/isAuthenticated.jscontains the code for authenticating a user via JWT, and redirecting unauthorized users to the login pageapi/policies/checkForUser.jsis similar toisAuthenticated.js, but allows logged-out users to continue. This is useful for things like the home page, which can display a customized welcome message to logged-in users but should be available to everyone.