Hello,
I have extensive experience in developing SSO solutions and extending WebServers (Apache based, MS IIS, Oracle OTD and NodeJS) to enforce Authentication/Authorization policies.
If you are willing, we can have a simple solution(with no development work) in which we can use Apache WebServer proxy(that supports OpenID and OAuth ) in front of your NodeJS server. I have deployed such solution for top organizations who don't want to maintain own code and rely on Open Source third-party solutions. We can discuss more if you like the alternate solution.
Thanks,
Karan