3 files changed, 62 insertions, 43 deletions

diff --git a/bucky/app/index.js b/bucky/app/index.js
index e2fcd48..0da18c7 100644
--- a/bucky/app/index.js
+++ b/bucky/app/index.js
@@ -21,13 +21,8 @@ var site = module.exports = {}
 site.init = function(){
   app = express()
   app.set('port', 5000)
-  app.set('view engine', 'ejs')
-  app.set('views', path.join(__dirname, '../../views'))
-  app.use(express.static(path.join(__dirname, '../../public')))
-  
   app.use(favicon(__dirname + '../../../public/favicon.ico'))
   app.use(bodyParser.json())
-  app.use(bodyParser.urlencoded({ extended: false }))
   
   app.use(session({
     key: 'bucky.sid',
@@ -45,6 +40,7 @@ site.init = function(){
     saveUninitialized: false,
   }))
   app.use(csurf({ cookie: false }))
+  app.disable('x-powered-by')
 
   app.use(express.query())
 	app.use(passport.initialize())
@@ -61,6 +57,10 @@ site.init = function(){
   })
 
   site.route(app)
+
+  app.set('view engine', 'ejs')
+  app.set('views', path.join(__dirname, '../../views'))
+  app.use(express.static(path.join(__dirname, '../../public')))
 }
 
 site.route = require('./router')
diff --git a/bucky/app/router.js b/bucky/app/router.js
index 007ff6b..eada09b 100644
--- a/bucky/app/router.js
+++ b/bucky/app/router.js
@@ -15,11 +15,6 @@ module.exports = function(app){
   app.get("/", middleware.ensureAuthenticated, function(req, res){
     res.redirect('/index')
   })
-  app.get("/login", function(req, res){
-    res.render("pages/login", {
-      title: "login"
-    })
-  })
   app.get("/index", middleware.ensureAuthenticated, function(req, res){
     res.render("pages/index", {
       title: fortune("titles"),
@@ -49,7 +44,6 @@ module.exports = function(app){
     }
   )
 
-  app.post("/api/login", auth.loggedInLocal)
   app.get("/api/index",
     bucky.ensureLastlog,
     middleware.ensureAuthenticated,
@@ -66,10 +60,10 @@ module.exports = function(app){
       })
     }
   )
+
   app.get("/api/keyword/:keyword",
     bucky.ensureLastlog,
     middleware.ensureAuthenticated,
-    bucky.keyword,
     bucky.ensureThreadsForKeyword,
     bucky.ensureCommentCountsForThreads,
     bucky.ensureFileCountsForThreads,
@@ -223,5 +217,6 @@ module.exports = function(app){
       // send new mail
     }
   )
-
+  
+  auth.route(app)
 }
diff --git a/bucky/util/auth.js b/bucky/util/auth.js
index 436d5e6..6fdd5bd 100644
--- a/bucky/util/auth.js
+++ b/bucky/util/auth.js
@@ -1,17 +1,53 @@
 
-var passport = require('passport'),
-	LocalStrategy = require('passport-local').Strategy,
-	crypto = require('crypto'),
-	db = require('../db');
+var passport = require('passport');
+var LocalStrategy = require('passport-local').Strategy;
+var crypto = require('crypto');
+var db = require('../db');
 
+var middleware = require('./middleware')
 
 var auth = module.exports = {
   
   init: function(){
 		passport.serializeUser(auth.serializeUser)
 		passport.deserializeUser(auth.deserializeUser)
-
 		passport.use(new LocalStrategy(auth.verifyLocalUser))
+  },
+  
+  route: function(app){
+    app.get("/login",
+      function(req, res){
+        res.render("pages/login", {
+          title: "login"
+        })
+      })
+    app.get("/signup", function(req, res){
+      res.render("pages/signup", {
+        title: "signup"
+      })
+    })
+    app.get("/logout", auth.logout)
+    app.put("/api/login",
+      passport.authenticate("local"),
+      function (req, res) {
+        if (req.isAuthenticated()) {
+          var returnTo = req.session.returnTo
+          delete req.session.returnTo
+          console.log("LOGGED IN", req.user.username)
+          return res.json({
+            status: "OK",
+            user: auth.sanitizeUser(req.user),
+            returnTo: returnTo || "/index",
+          })
+        }
+        res.json({
+          error: 'bad credentials',
+        })
+      })
+    app.put("/api/checkin",
+      middleware.ensureAuthenticated,
+      auth.checkin
+    )  
 	},
 	
 	serializeUser: function (user, done) {
@@ -39,35 +75,23 @@ var auth = module.exports = {
 
       return done(null, user)
 
-			if (! user) {
-				return done(null, false, { error: { errors: { username: { message: 'No such username.' } }}})
-			}
-			if (! auth.validPassword(user, password)) {
-				return done(null, false, { error: { errors: { password: { message: 'Incorrect password.' } }}})
+			if (! user || ! auth.validPassword(user, password)) {
+				return done(null, false, { error: { message: 'Bad username/password.' } })
 			}
 			return done(null, user);
 		})
 	},
 	
-	loggedInLocal: function (req, res, next) {
-		passport.authenticate("local", function(err, user, info){
-			if (err) {
-				return res.json({ error: err });
-			}
-			if (! user) {
-				return info ? res.json(info) : res.redirect("/login");
-			}
-			
-			// user.last_seen = new Date ()
-			// user.save(function(err, data){ if (err) console.err('error setting ip for user') })
-
-			req.logIn(user, function(err) {
-				if (err) { return next(err); }
-				var returnTo = req.session.returnTo
-				delete req.session.returnTo
-				return res.json({ status: "OK", returnTo: returnTo || "/index" })
-			});
-		})(req, res, next)
+  sanitizeUser: function (req_user) {
+    // sanitize user object
+    var user = JSON.parse(JSON.stringify(req_user))
+    delete user.password
+    return user
+  },
+  
+  checkin: function (req, res) {
+    var user = auth.sanitizeUser(req.user)
+    res.json(user)
   },
 
 	logout: function (req, res) {
@@ -75,4 +99,4 @@ var auth = module.exports = {
 		res.redirect('/');
 	},
 
-}
\ No newline at end of file
+}