able to log in

5 files changed, 166 insertions, 17 deletions

diff --git a/lib/auth.js b/lib/auth.js
new file mode 100644
index 0000000..0fb757c
--- /dev/null
+++ b/lib/auth.js
@@ -0,0 +1,72 @@
+
+var passport = require('passport'),
+	LocalStrategy = require('passport-local').Strategy,
+	crypto = require('crypto'),
+	db = require('./db');
+
+
+var auth = module.exports = {
+  
+  init: function(){
+		passport.serializeUser(auth.serializeUser)
+		passport.deserializeUser(auth.deserializeUser)
+
+		passport.use(new LocalStrategy(auth.verifyLocalUser))
+	},
+	
+	serializeUser: function (user, done) {
+		done(null, user.id);
+	},
+
+	deserializeUser: function (id, done) {
+    db.getUser(id).then(function(user){
+      done(! user, user)
+    })
+	},
+	
+	validPassword: function(user, pw){
+    var shasum = crypto.createHash('sha1')
+    shasum.update(pw)
+    return user.get('password') === shasum.digest('hex');
+  },
+
+	verifyLocalUser: function (username, password, done) {
+    // handle passwords!!
+		db.getUserByUsername(username).then(function(user){
+
+			// if (err) { return done(err); }
+			if (! user) { return done("no user") }
+
+      return done(null, user)
+
+			if (! user) {
+				return done(null, false, { error: { errors: { username: { message: 'No such username.' } }}})
+			}
+			if (! auth.validPassword(user, password)) {
+				return done(null, false, { error: { errors: { password: { message: 'Incorrect password.' } }}})
+			}
+			return done(null, user);
+		})
+	},
+	
+	loggedInLocal: function (req, res, next) {
+		passport.authenticate("local", function(err, user, info){
+			if (err) {
+				return res.json({ error: err });
+			}
+			if (! user) {
+				return info ? res.json(info) : res.redirect("/login");
+			}
+			
+			// user.last_seen = new Date ()
+			// user.save(function(err, data){ if (err) console.err('error setting ip for user') })
+
+			req.logIn(user, function(err) {
+				if (err) { return next(err); }
+				var returnTo = req.session.returnTo
+				delete req.session.returnTo
+				return res.json({ status: "OK", returnTo: returnTo || "/index" })
+			});
+		})(req, res, next)
+  },
+}
\ No newline at end of file
diff --git a/lib/db/index.js b/lib/db/index.js
index e820758..f539b90 100644
--- a/lib/db/index.js
+++ b/lib/db/index.js
@@ -8,31 +8,31 @@ var knex = connection.knex
 
 var User = db.User = bookshelf.Model.extend({
   tableName: 'users',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var Thread = db.Thread = bookshelf.Model.extend({
   tableName: 'threads',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var Comment = db.Comment = bookshelf.Model.extend({
   tableName: 'comments',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var File = db.File = bookshelf.Model.extend({
   tableName: 'files',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var Keyword = db.Keyword = bookshelf.Model.extend({
   tableName: 'keywords',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var Mailbox = db.Mailbox = bookshelf.Model.extend({
   tableName: 'boxes',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 var Message = db.Message = bookshelf.Model.extend({
   tableName: 'messages',
-  hasTimestamps: true,
+  hasTimestamps: false,
 })
 
 /* PICTURES */
@@ -40,8 +40,21 @@ var Message = db.Message = bookshelf.Model.extend({
 db.createUser = function(data){
   return new db.User(data).save()
 }
-db.getUsers = function (callback) {
+db.getUsers = function () {
   return User.query(function(qb){
     qb.orderBy("id", "desc")
   }).fetchAll()
 }
+db.getUser = function(id) {
+  var model = new User({'id': id})
+  return model.fetch()
+}
+db.getUserByUsername = function(username) {
+  var model = new User({'username': username})
+  return model.fetch()
+}
+db.getThreads = function () {
+  return User.query(function(qb){
+    qb.orderBy("id", "desc")
+  }).fetchAll()
+}
\ No newline at end of file
diff --git a/lib/index.js b/lib/index.js
index d91a47d..f4d0c9a 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -3,33 +3,78 @@ var fs = require('fs')
 var app, express = require('express');
 var http = require('http');
 var https = require('https');
+var bodyParser = require('body-parser')
 var cookieParser = require('cookie-parser')
 var csurf = require('csurf')
-var db = require('./db')
+var path = require('path')
 var multiparty = require('multiparty')
 var ejs = require('ejs')
+var passport = require('passport')
+var sessionstore = require('sessionstore')
+var session = require('express-session')
+var multer = require('multer')
+
+var db = require('./db')
+var auth = require('./auth')
+var middleware = require('./middleware')
 
+var app, server
 
-var site = {}
+var site = module.exports = {}
 site.init = function(){
+  app = express()
   app.set('port', 5000)
   app.set('view engine', 'ejs')
   app.set('views', path.join(__dirname, '../views'))
   app.use(express.static(path.join(__dirname, '../public')))
-  app.use(require('morgan')("combined", {}))
-  app.use(require("express-json")())
-  app.use(require('cookie-parser')())
-  app.use(csurf({ cookie: true }))
-  app.use(require('multer'))
+  app.use(bodyParser.json())
+  app.use(bodyParser.urlencoded({ extended: false }))
+  app.use( multer({ dest:'./uploads/' }).single("file") )
+  
+  app.use(session({
+    key: 'bucky.sid',
+    secret: 'argonauts',
+    cookie: { domain: '.' + process.env.HOST_NAME, maxAge: 43200000000 },
+    store: sessionstore.createSessionStore(),
+    resave: true,
+    saveUninitialized: false,
+  }))
+  app.use(csurf({ cookie: false }))
+
   app.use(express.query())
+	app.use(passport.initialize())
+	app.use(passport.session())
+
+	app.all('*', middleware.ensureLocals)
+	
+  server = http.createServer(app).listen(5000, function () {
+    console.log('Bucky listening at https://lvh.me:%s', server.address().port)
+  })
 
   site.route()
 }
 
 site.route = function(){
 
-  app.get("/", function(req, res){
+  auth.init()
+
+  app.get("/", middleware.ensureAuthenticated, function(req, res){
+    res.redirect('/index')
+  })
+  app.get("/login", function(req, res){
     res.render("pages/login", {})
   })
-
+  app.get("/index", middleware.ensureAuthenticated, function(req, res){
+    res.render("pages/index", {})
+  })
+  
+  app.post("/api/login", auth.loggedInLocal)
+  app.get("/api/index", function(req, res){
+  })
+  app.get("/api/thread", function(req, res){
+  })
+  app.post("/api/thread", function(req, res){
+  })
+  app.post("/api/thread/:id", function(req, res){
+  })
 }
diff --git a/lib/middleware.js b/lib/middleware.js
new file mode 100644
index 0000000..840718e
--- /dev/null
+++ b/lib/middleware.js
@@ -0,0 +1,16 @@
+var middleware = module.exports = {
+
+	ensureAuthenticated: function (req, res, next) {
+		if (! req.isAuthenticated()) {
+			req.session.returnTo = req.path
+			return res.redirect('/login')
+		}
+		next()
+	},
+	
+	ensureLocals: function (req, res, next) {
+		res.locals.csrfToken = req.csrfToken()
+		next()
+	},
+	
+}
\ No newline at end of file
diff --git a/lib/util.js b/lib/util.js
new file mode 100644
index 0000000..11c0cac
--- /dev/null
+++ b/lib/util.js
@@ -0,0 +1,3 @@
+var util = module.exports = {}
+
+util.sanitizeName = function (s){ return (s || "").replace(new RegExp("[^-_a-zA-Z0-9]", 'g'), "") }