1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var crypto = require('crypto');
var db = require('../db');
var middleware = require('./middleware')
var auth = module.exports = {
init: function(){
passport.serializeUser(auth.serializeUser)
passport.deserializeUser(auth.deserializeUser)
passport.use(new LocalStrategy(auth.verifyLocalUser))
},
route: function(app){
app.get("/login",
function(req, res){
res.render("pages/login", {
title: "login"
})
})
app.get("/signup", function(req, res){
res.render("pages/signup", {
title: "signup"
})
})
app.get("/logout", auth.logout)
app.put("/api/login",
passport.authenticate("local"),
function (req, res) {
if (req.isAuthenticated()) {
var returnTo = req.session.returnTo
delete req.session.returnTo
console.log("LOGGED IN", req.user.username)
return res.json({
status: "OK",
user: auth.sanitizeUser(req.user),
returnTo: returnTo || "/index",
})
}
res.json({
error: 'bad credentials',
})
})
app.put("/api/checkin",
middleware.ensureAuthenticated,
auth.checkin
)
},
serializeUser: function (user, done) {
done(null, user.id);
},
deserializeUser: function (id, done) {
db.getUser(id).then(function(user){
done(! user, user)
})
},
validPassword: function(user, pw){
var shasum = crypto.createHash('sha1')
shasum.update(pw)
return user.get('password') === shasum.digest('hex');
},
verifyLocalUser: function (username, password, done) {
// handle passwords!!
db.getUserByUsername(username).then(function(user){
// if (err) { return done(err); }
if (! user) { return done("no user") }
return done(null, user)
if (! user || ! auth.validPassword(user, password)) {
return done(null, false, { error: { message: 'Bad username/password.' } })
}
return done(null, user);
})
},
sanitizeUser: function (req_user) {
// sanitize user object
var user = JSON.parse(JSON.stringify(req_user))
delete user.password
return user
},
checkin: function (req, res) {
var user = auth.sanitizeUser(req.user)
res.json(user)
},
logout: function (req, res) {
req.logout();
res.redirect('/');
},
}
|
