1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
import passport from 'passport'
import { Strategy as LocalStrategy } from 'passport-local'
import crypto from 'crypto'
import db from '../db'
const { user: userModel } = db.models
export function route(app, serve_index){
passport.serializeUser(serializeUser)
passport.deserializeUser(deserializeUser)
passport.use(new LocalStrategy(verifyLocalUser))
app.get("/login", serve_index)
app.get("/signup", serve_index)
app.get("/logout", logout)
app.put("/api/signup",
checkIfUserExists,
createUser,
passport.authenticate("local"),
login)
app.put("/api/login",
passport.authenticate("local"),
login)
app.put("/api/checkin",
ensureAuthenticated,
checkin
)
}
export function ensureAuthenticated(req, res, next) {
if (!req.isAuthenticated()) {
req.session.returnTo = req.path
return res.redirect('/login')
}
next()
}
export function checkIfUserExists(req, res, next) {
userModel.show(sanitizeName(req.body.username), 'username').then((user) => {
console.log('gotta user?', !!user);
user ? res.json({ error: "user exists" }) : next()
}).catch(err => {
console.error('error', err)
})
}
export function sanitizeName(s) { return (s || "").replace(new RegExp('[^-_a-zA-Z0-9]', 'g'), "") }
export function sanitizeUser(req_user) {
// sanitize user object
let user = JSON.parse(JSON.stringify(req_user))
delete user.password
return user
}
export function createUser(req, res, next) {
const { username, password, password2 } = req.body
if (password !== password2) {
return res.json({ error: "passwords don't match" })
}
let data = {
username: sanitizeName(username),
realname: sanitizeName(username),
password: makePassword(username, password),
lastseen: new Date(),
level: 0,
profile: {},
}
userModel.create(data)
.then(user => next(user))
.catch(err => res.json({ error }))
}
export function login(req, res) {
if (req.isAuthenticated()) {
let returnTo = req.session.returnTo
delete req.session.returnTo
console.log(">> logged in", req.user.get('username'))
return res.json({
status: "OK",
user: sanitizeUser(req.user),
returnTo: returnTo || "/index",
})
}
res.json({
error: 'bad credentials',
})
}
export function serializeUser(user, done) {
done(null, user.id)
}
export function deserializeUser(id, done) {
db.getUser(id).then(function(user){
done(! user, user)
})
}
export function makePassword(password) {
let shasum = crypto.createHash('sha1')
shasum.update(password)
return shasum.digest('hex')
}
export function validPassword(user, password) {
return user.get('password') === makePassword(password)
}
export function changePassword(req, res, next) {
if (!req.body.oldpassword && !req.body.newpassword) return next()
if (req.body.newpassword !== req.body.newpassword2) {
return res.send({ error: 'Passwords don\'t match.' })
}
if (!validPassword(res.user, req.body.oldpassword)) {
return res.send({ error: 'Password is incorrect.' })
}
let username = req.user.get('username')
let newPassword = makePassword(username, req.body.newpassword)
res.user.set('password', newPassword)
res.user.save().then(() => next()).catch(err => res.send({ error: err }))
}
export function verifyLocalUser(username, password, done) {
// handle passwords!!
db.getUserByUsername(username).then(function(user){
// if (err) { return done(err) }
if (! user) { return done("no user") }
// return done(null, user)
if (! user || ! validPassword(user, password)) {
return done(null, false, { error: { message: 'Bad username/password.' } })
}
return done(null, user)
})
}
export function checkin(req, res) {
res.json({ user: sanitizeUser(req.user) })
}
export const logout = (req, res) => {
req.logout()
res.redirect('/')
}
|
