1 files changed, 59 insertions, 20 deletions

diff --git a/bucky/util/auth.js b/bucky/util/auth.js
index 32d77e8..548ffcc 100644
--- a/bucky/util/auth.js
+++ b/bucky/util/auth.js
@@ -3,6 +3,8 @@ var passport = require('passport');
 var LocalStrategy = require('passport-local').Strategy;
 var crypto = require('crypto');
 var db = require('../db');
+var util = require('./util');
+var crypt = require('unix-crypt-td-js')
 
 var middleware = require('./middleware')
 
@@ -27,29 +29,60 @@ var auth = module.exports = {
       })
     })
     app.get("/logout", auth.logout)
+
+    app.put("/api/signup",
+      function (req, res, next) {
+        var username = util.sanitizeName(req.body.username)
+        db.getUserByUsername(username).then((user) => {
+          if (user) {
+            return res.json({ error: "user exists" })
+          }
+          next()
+        })
+      },
+      function (req, res, next) {
+        if (req.body.password !== req.body.password2) {
+          return res.json({ error: "passwords don't match" })
+        }
+        var username = util.sanitizeName(req.body.username)
+        var data = {
+          username: username,
+          realname: util.sanitizeName(req.body.realname),
+          password: auth.makePassword(username, req.body.password),
+          grass: util.sanitizeName(req.body.grass),
+          firstseen: util.now(),
+          lastseen: util.now(),
+          lastsession: util.now(),
+        }
+        db.createUser(data).then(() => next())
+      },
+      passport.authenticate("local"),
+      auth.login)
     app.put("/api/login",
       passport.authenticate("local"),
-      function (req, res) {
-        if (req.isAuthenticated()) {
-          var returnTo = req.session.returnTo
-          delete req.session.returnTo
-          console.log(">> logged in", req.user.get('username'))
-          return res.json({
-            status: "OK",
-            user: auth.sanitizeUser(req.user),
-            returnTo: returnTo || "/index",
-          })
-        }
-        res.json({
-          error: 'bad credentials',
-        })
-      })
+      auth.login)
     app.put("/api/checkin",
       middleware.ensureAuthenticated,
       auth.checkin
     )  
 	},
-	
+
+  login: function (req, res) {
+    if (req.isAuthenticated()) {
+      var returnTo = req.session.returnTo
+      delete req.session.returnTo
+      console.log(">> logged in", req.user.get('username'))
+      return res.json({
+        status: "OK",
+        user: util.sanitizeUser(req.user),
+        returnTo: returnTo || "/index",
+      })
+    }
+    res.json({
+      error: 'bad credentials',
+    })
+  },
+  
 	serializeUser: function (user, done) {
 		done(null, user.id);
 	},
@@ -60,10 +93,16 @@ var auth = module.exports = {
     })
 	},
 	
+	makePassword: function(username, pw) {
+	  var salt = username.substr(0, 2) // lol
+	  return crypt(pw, salt)
+    // var shasum = crypto.createHash('sha1')
+    // shasum.update(pw)
+    // return shasum.digest('hex');
+	},
+	
 	validPassword: function(user, pw){
-    var shasum = crypto.createHash('sha1')
-    shasum.update(pw)
-    return user.get('password') === shasum.digest('hex');
+    return user.get('password') === auth.makePassword(user.get('username'), pw);
   },
 
 	verifyLocalUser: function (username, password, done) {
@@ -83,7 +122,7 @@ var auth = module.exports = {
 	},
 	
   checkin: function (req, res) {
-    var user = auth.sanitizeUser(req.user)
+    var user = util.sanitizeUser(req.user)
     res.json(user)
   },