5 files changed, 43 insertions, 38 deletions

diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index 7dac066..cf74ec2 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -384,6 +384,7 @@ var bucky = module.exports = {
     }
     db.getUserByUsername(username).then(function(user){
       if (user) {
+        res.user = user
         next()
       }
       else {
@@ -402,43 +403,24 @@ var bucky = module.exports = {
   updateProfile: function(req, res, next) {
     var user = res.user
     "realname location email phone website twitter".split(" ").forEach( (field) => {
-      res.user.set("field", req.body[field])
+      res.user.set(field, req.body[field])
     })
     next()
   },
-  changePassword: function(req, res, next) {
-    if (! req.body.oldpassword && ! req.body.newpassword) return next()
-    if (req.body.newpassword !== req.body.newpassword2) {
-      return res.send({ error: 'Passwords don\'t match.' })
-    }
-    if (! auth.validPassword(res.user, req.body.oldpassword)) {
-      return res.send({ error: 'Password is incorrect.' })
-    }
-    var newPassword = auth.makePassword(res.user, req.body.newpassword)
-    res.user.set('password', newPassword)
-    next()
-  },
   uploadAvatar: function(req, res, next) {
+    if (! req.file) return next()
+    var dirname = '/bucky/profile/'
     upload.put({
-      file: file,
-      preserveFilename: true,
+      file: req.file,
+      filename: req.user.get('username') + '.jpg',
       dirname: dirname,
       unacceptable: function(err){
-        reject(err)
+        res.sendStatus({ error: 'Problem uploading avatar.' })
       },
       success: function(url){
-        var data = {
-          thread: res.thread.get('id'),
-          username: req.user.get('username'),
-          filename: file.originalname,
-          date: util.now(),
-          size: file.size,
-          private: false,
-          storage: 'i.asdf.us',
-        }
-        db.createFile(data).then(function(file){
-          resolve(file)
-        }).catch( (err) => reject(err) )
+        console.log(">", url)
+        res.user.set('avatar', url)
+        next()
       }
     })
   },
diff --git a/bucky/app/index.js b/bucky/app/index.js
index 248679a..b600935 100644
--- a/bucky/app/index.js
+++ b/bucky/app/index.js
@@ -25,12 +25,16 @@ site.init = function(){
   app.set('port', process.env.PORT || 5000)
   app.use(favicon(__dirname + '../../../public/favicon.ico'))
   app.use(bodyParser.json())
-  app.use(cookieParser());
+  app.use(cookieParser())
   app.use(session({
     secret: 'argonauts',
     proxy: true,
     key: 'bucky.sid',
-    cookie: {secure: true, domain: '.' + process.env.HOST_NAME, maxAge: 43200000000 },
+    cookie: {
+      secure: process.env.NODE_ENV === 'production',
+      domain: '.' + process.env.HOST_NAME,
+      maxAge: 43200000000,
+    },
     store: new MongoStore({
       url: 'mongodb://localhost/buckySessionDb'
 //       type: 'mongodb',
@@ -43,7 +47,11 @@ site.init = function(){
     resave: true,
     saveUninitialized: false,
   }))
-  app.use(csurf({ cookie: true }))
+
+  app.use(csurf({
+    cookie: true,
+    value: (req) => req.headers['csrf-token'],
+  }))
   app.disable('x-powered-by')
 
   app.use(express.query())
diff --git a/bucky/app/router.js b/bucky/app/router.js
index dfec166..7e13cd6 100644
--- a/bucky/app/router.js
+++ b/bucky/app/router.js
@@ -1,3 +1,4 @@
+var multer = require('multer')()
 var auth = require('../util/auth')
 var middleware = require('../util/middleware')
 var fortune = require('../db/fortune')
@@ -5,7 +6,6 @@ var bucky = require('./bucky')
 var db = require('../db')
 var util = require('../util/util')
 var search = require('../search/middleware')
-var multer = require('multer')()
 
 module.exports = function(app){
 	app.all('*', middleware.ensureLocals)
@@ -84,11 +84,11 @@ module.exports = function(app){
     bucky.checkUserPrivacy,
     multer.single("avatar"),
     bucky.updateProfile,
-    bucky.changePassword,
+    auth.changePassword,
     bucky.uploadAvatar,
     bucky.saveUser,
     function(req, res){
-      res.json(res.thread)
+      res.json(util.sanitizeUser(res.user))
     })
 
   /* threads */
diff --git a/bucky/util/auth.js b/bucky/util/auth.js
index 3cc01f0..4556733 100644
--- a/bucky/util/auth.js
+++ b/bucky/util/auth.js
@@ -125,6 +125,20 @@ var auth = module.exports = {
     return user.get('password') === auth.makePassword(user.get('username'), pw);
   },
 
+  changePassword: function(req, res, next) {
+    if (! req.body.oldpassword && ! req.body.newpassword) return next()
+    if (req.body.newpassword !== req.body.newpassword2) {
+      return res.send({ error: 'Passwords don\'t match.' })
+    }
+    if (! auth.validPassword(res.user, req.body.oldpassword)) {
+      return res.send({ error: 'Password is incorrect.' })
+    }
+    var username = req.user.get('username')
+    var newPassword = auth.makePassword(username, req.body.newpassword)
+    res.user.set('password', newPassword)
+    next()
+  },
+
 	verifyLocalUser: function (username, password, done) {
     // handle passwords!!
 		db.getUserByUsername(username).then(function(user){
@@ -143,7 +157,7 @@ var auth = module.exports = {
 	
   checkin: function (req, res) {
     var user = util.sanitizeUser(req.user)
-    res.json(user)
+    res.json({ user: user })
   },
 
 	logout: function (req, res) {
diff --git a/bucky/util/upload.js b/bucky/util/upload.js
index d7bf822..5bc8190 100644
--- a/bucky/util/upload.js
+++ b/bucky/util/upload.js
@@ -35,10 +35,11 @@ module.exports.put = function (opt) {
   var types = opt.types
 	var extension = types && types[file.mimetype]
 	
-	if (opt.preserveFilename) {
+	if (opt.filename) {
+	  filename = opt.filename
+	} else if (opt.preserveFilename) {
 	  filename = file.originalname
-	}
-	else {
+	} else {
     filename = uuid.v1() + "." + extension;
 	}