diff options
| -rw-r--r-- | bucky/app/bucky.js | 2 | ||||
| -rw-r--r-- | bucky/util/auth.js | 139 | ||||
| -rw-r--r-- | bucky/util/upload.js | 4 |
3 files changed, 85 insertions, 60 deletions
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js index b331688..c85ef45 100644 --- a/bucky/app/bucky.js +++ b/bucky/app/bucky.js @@ -526,7 +526,7 @@ var bucky = module.exports = { next() }, checkThreadPrivacy: function(req, res, next) { - if (! res.thread.checkPrivacy(req.user)) { + if (res.thread.get('id') !== 1 && ! res.thread.checkPrivacy(req.user)) { return res.sendStatus(500) } next() diff --git a/bucky/util/auth.js b/bucky/util/auth.js index 4556733..061983d 100644 --- a/bucky/util/auth.js +++ b/bucky/util/auth.js @@ -1,21 +1,23 @@ -var passport = require('passport'); -var LocalStrategy = require('passport-local').Strategy; -var crypto = require('crypto'); -var db = require('../db'); -var util = require('./util'); +var passport = require('passport') +var LocalStrategy = require('passport-local').Strategy +var crypto = require('crypto') var crypt = require('unix-crypt-td-js') +var fs = require('fs') +var db = require('../db') +var util = require('./util') +var upload = require('./upload') var middleware = require('./middleware') var auth = module.exports = { - + init: function(){ passport.serializeUser(auth.serializeUser) passport.deserializeUser(auth.deserializeUser) passport.use(new LocalStrategy(auth.verifyLocalUser)) }, - + route: function(app){ app.get("/login", function(req, res){ @@ -31,52 +33,11 @@ var auth = module.exports = { app.get("/logout", auth.logout) app.put("/api/signup", - function (req, res, next) { - var username = util.sanitizeName(req.body.username) - db.getUserByUsername(username).then((user) => { - if (user) { - return res.json({ error: "user exists" }) - } - next() - }) - }, - function (req, res, next) { - if (req.body.password !== req.body.password2) { - return res.json({ error: "passwords don't match" }) - } - var username = util.sanitizeName(req.body.username) - var data = { - username: username, - realname: util.sanitize(req.body.realname), - password: auth.makePassword(username, req.body.password), - grass: util.sanitizeName(req.body.grass), - firstseen: util.now(), - lastseen: util.now(), - // lastsession: util.now(), - } - db.createUser(data).then(() => next()) - }, + auth.checkIfUserExists, + auth.createUser, passport.authenticate("local"), - function (req, res, next) { - var username = req.user.get('username') - Promise.all([ - db.createMailbox({ - mbox: username + '.inbox', - owner: username, - editable: 0, - }), - db.createMailbox({ - mbox: username + '.outbox', - owner: username, - editable: 0, - }), - db.createMailbox({ - mbox: username + '.drafts', - owner: username, - editable: 1, - }), - ]).then(() => next()) - }, + auth.createMailboxes, + auth.uploadDefaultAvatar, auth.login) app.put("/api/login", passport.authenticate("local"), @@ -84,8 +45,72 @@ var auth = module.exports = { app.put("/api/checkin", middleware.ensureAuthenticated, auth.checkin - ) + ) }, + checkIfUserExists: function (req, res, next) { + var username = util.sanitizeName(req.body.username) + db.getUserByUsername(username).then((user) => { + if (user) { + return res.json({ error: "user exists" }) + } + next() + }) + }, + createUser: function (req, res, next) { + if (req.body.password !== req.body.password2) { + return res.json({ error: "passwords don't match" }) + } + var username = util.sanitizeName(req.body.username) + var data = { + username: username, + realname: util.sanitize(req.body.realname), + password: auth.makePassword(username, req.body.password), + grass: util.sanitizeName(req.body.grass), + firstseen: util.now(), + lastseen: util.now(), + // lastsession: util.now(), + } + db.createUser(data).then(() => next()) + }, + createMailboxes: function (req, res, next) { + var username = req.user.get('username') + Promise.all([ + db.createMailbox({ + mbox: username + '.inbox', + owner: username, + editable: 0, + }), + db.createMailbox({ + mbox: username + '.outbox', + owner: username, + editable: 0, + }), + db.createMailbox({ + mbox: username + '.drafts', + owner: username, + editable: 1, + }), + ]).then(() => next()) + }, + uploadDefaultAvatar: function(req, res, next){ + fs.readFile('public/assets/img/profile.jpg', (err, buf) => { + if (err) throw err; + var username = req.user.get('username') + upload.put({ + file: { + buffer: buf, + size: buf.length, + mimetype: 'image/jpeg', + }, + dirname: '/bucky/profile/', + filename: username + '.jpg', + preserveFilename: true, + success: (url) => { + next() + }, + }) + }); + }, login: function (req, res) { if (req.isAuthenticated()) { @@ -102,7 +127,7 @@ var auth = module.exports = { error: 'bad credentials', }) }, - + serializeUser: function (user, done) { done(null, user.id); }, @@ -112,7 +137,7 @@ var auth = module.exports = { done(! user, user) }) }, - + makePassword: function(username, pw) { var salt = username.substr(0, 2) // lol return crypt(pw, salt) @@ -120,7 +145,7 @@ var auth = module.exports = { // shasum.update(pw) // return shasum.digest('hex'); }, - + validPassword: function(user, pw){ return user.get('password') === auth.makePassword(user.get('username'), pw); }, @@ -154,7 +179,7 @@ var auth = module.exports = { return done(null, user); }) }, - + checkin: function (req, res) { var user = util.sanitizeUser(req.user) res.json({ user: user }) diff --git a/bucky/util/upload.js b/bucky/util/upload.js index 5bc8190..8975458 100644 --- a/bucky/util/upload.js +++ b/bucky/util/upload.js @@ -34,7 +34,7 @@ module.exports.put = function (opt) { var types = opt.types var extension = types && types[file.mimetype] - + if (opt.filename) { filename = opt.filename } else if (opt.preserveFilename) { @@ -74,7 +74,7 @@ module.exports.put = function (opt) { return; } - var file_url = s3res.url || s3res.req.url + var file_url = s3res.url || s3res.req.url opt.success && opt.success(file_url) }).on('error', function(err, s3res){ |