aboutsummaryrefslogblamecommitdiffstatshomepage
path: root/router.js
blob: ee285a16427c3b155878bcc57d19df4604a5e8a5 (plain) (tree)
1
2
3
4
5
6
7
8
9
10

                                                      
                                                            




                                  

                                                             






















































                                                                                       
  






                                                                                      
    























                                                                                
                                    
                                          
                              


                                                 





                                                                   






                                                                               
                                                                   











                                                                                         
    
 



















                                                                                  
 

                                              
                                                    








                                                               










                                    
                                               

       






                                         



                            

       






                                         





                                            

      




                    
                                              
                                                
                                 


                                                       




       





                                          
                                                       


       

              






                                                                  
             




                                                  

       




















                                                                                                                             






                 
                                           
                     
                              




       





                       


                                                                    


 

 
      









                                                         




















                                            
 
      
             

       
             
                                     
                                                                       

       



                                                                                           

 
  
var passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy
  , FacebookStrategy = require('passport-facebook').Strategy
  , mongodb = require('mongodb')
  , mongoose = require('mongoose')
  , bcrypt = require('bcrypt')
  , SALT_WORK_FACTOR = 15;

var FACEBOOK_APP_ID = "504825706245603";
var FACEBOOK_APP_SECRET = "e5ea0faed85d8749cafd38732530ef35";

// connects to mongodb
mongoose.connect('localhost', 'test');
var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function callback(){
    console.log('Connected to MongoDB');
});

// user scheme
var userSchema = mongoose.Schema({
    username:   { type: String, required: true, unique: true },
    email:      { type: String, required: true, unique: true },
    password:   { type: String, required: true }, //passwords doesn't need to be unique
    accessToken:{ type: String } // used for Remember Me
});

// bcrypt middleware
userSchema.pre('save', function(next) {
    var user = this;

    if (!user.isModified('password')) return next();

    bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) {
        if(err) return next(err);

        bcrypt.hash(user.password, salt, function(err, hash) {
            user.password = hash;
            next();
        });
    });
});

// password verification
userSchema.methods.comparePassword = function(candidatePassword, cb) {
    bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
        if (err) return cb(err);
        cb(null, isMatch);
    });
};

// remember me implementation
userSchema.methods.generateRandomToken = function () {
    var user = this,
        chars = "_!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        token = new Date().getTime() + '_';
    for (var x = 0; x < SALT_WORK_FACTOR; x++) {
        var i = Math.floor(Math.random() * 94);
        token += chars.charAt(i);
    }
    return token;
};

// seed a test user
var User = mongoose.model('User', userSchema);
/*
var usr = new User({ username: 'bob', email: 'bob@example.com', password: 'secret' });
usr.save(function(err) {
    if (err) {
        console.log(err);
    } else {
        console.log('user: ' + usr.username + + 'saved.');
    }
})*/

// Passport session setup.
//   To support persistent login sessions, Passport needs to be able to
//   serialize users into and deserialize users out of the session.  Typically,
//   this will be as simple as storing the user ID when serializing, and finding
//   the user by ID when deserializing.
//
//   Both serializer and deserializer edited for Remember Me functionality
passport.serializeUser( function(user, done) {
    var createAccessToken = function() {
        var token = user.generateRandomToken();
        User.findOne( { accessToken: token }, function (err, existingUser) {
            if (err) return done(err);
            if (existingUser) {
                createAccessToken(); //run it again. has to be unique
            } else {
                user.set('accessToken', token);
                user.save( function(err) {
                    if (err) return done(err);
                    return done(null, user.get('accessToken'));
                });
            }
        });
    }
    console.log('serializing user');
    if (user._id) { createAccessToken(); }
    else { done(null, user); }
});

passport.deserializeUser( function(token, done) {
    console.log('deserializing ' + token.provider);
    if (token.provider === undefined) {
        User.findOne( { accessToken: token }, function(err, user) {
            done(err, user);
        });
    } else { done(null, token); }
});

// Use the LocalStrategy within Passport.
//   Strategies in passport require a `verify` function, which accept
//   credentials (in this case, a username and password), and invoke a callback
//   with a user object.  In the real world, this would query a database;
//   however, in this example we are using a baked-in set of users.
passport.use(new LocalStrategy(function(username, password, done) {
    User.findOne({ username: username }, function(err, user) {
        if (err) return done(err);
        if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
        user.comparePassword(password, function(err, isMatch) {
            if (err) return done(err);
            if (isMatch) {
                return done(null, user);
            } else {
                return done(null, false, { message: 'Invalid password' });
            }
        });
    });
}));

// Use the FacebookStrategy within Passport.
//   Strategies in Passport require a `verify` function, which accept
//   credentials (in this case, an accessToken, refreshToken, and Facebook
//   profile), and invoke a callback with a user object.
passport.use(new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "https://divid.no/auth/facebook/callback"
}, function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function() {

        // To keep the example simple, the user's Facebook profile is returned to
        // represent the logged-in user.  In a typical application, you would want
        // to associate the Facebook account with a user record in your database,
        // and return that user instead.
        return done(null, profile);
    });
  }
));

// to ensure that users are logged in
function ensureAuthenticated(req, res, next) {
    console.log('checking to see if authenticated');
    if (req.isAuthenticated()) return next();
    res.redirect('/login');
}

/*
 * ============================================================
 * Routes
 *
 */



module.exports = function(app) {
    /*
     * GET home page.
     *
     * '/'
     */

    app.get('/', function(req, res){
        res.render('index', { title: 'DERS' });
    });

    /*
     * GET TEST PAGE
     *
     * '/test'
     */

    app.get('/test', function(req, res) {
        res.render('test', {
            title: 'test',
            loggedin: false
        });
    });

    app.get('/home', function(req, res) {
        res.render('home', {
            title: 'home',
            loggedin: false
        });
    });

	app.get('/faq', function(req, res) {
        res.render('faq', {
            title: 'faq',
            loggedin: false
        });
    });

    /*
     * GET dashboard
     *
     * '/dashboard'
     */

    app.get('/dashboard', function(req, res) {
        console.log('/dashboard - ' + req.user);
        res.render('dashboard', {
                                        title: 'kanin',
                                        loggedin: true
                                    });
    });



    /*
     * GET login page
     *
     * '/login'
     */

    app.get('/login', function(req, res) {
            res.render('login', { title: 'Logg inn' });
    });


    /* POST */

    app.post('/login', function(req, res, next) {
        passport.authenticate('local', function(err, user, info) {
            if (err) return next(err);
            if (!user) {
                console.log(info.message);
                req.session.messages = [info.message];
                return res.redirect('/login');
            }
            req.logIn(user, function(err) {
                if (err) return next(err);
                return res.redirect('/dashboard');
            })
        })(req, res, next);
    });

    // GET /auth/facebook
    //   Use passport.authenticate() as route middleware to authenticate the
    //   request.  The first step in Facebook authentication will involve
    //   redirecting the user to facebook.com.  After authorization, Facebook will
    //   redirect the user back to this application at /auth/facebook/callback
    app.get('/auth/facebook', passport.authenticate('facebook'), function(req, res){
        // The request will be redirected to Facebook for authentication, so this
        // function will not be called.
    });

    // GET /auth/facebook/callback
    //   Use passport.authenticate() as route middleware to authenticate the
    //   request.  If authentication fails, the user will be redirected back to the
    //   login page.  Otherwise, the primary route function function will be called,
    //   which, in this example, will redirect the user to the home page.
    app.get('/auth/facebook/callback', passport.authenticate('facebook', { failureRedirect: '/login' }), function(req, res) {
        console.log('/auth/facebook/callback --- ' + req.user.username);
        res.redirect('/dashboard');
    });




    /*
     * GET logout
     *
     * '/logout'
     */
    app.get('/logout', function(req, res) {
        req.logout();
        res.redirect('/test');
    });




    /*
     * GET project page
     *
     * '/project'
    */

    app.get('/project', function(req, res) {
        res.render('project', { title: 'Harepus', loggedin: true });
    })





    /*
     * GET signup page
     *
     * '/signup'
     */

    app.get('/signup', function(req, res) {
        res.render('signup', { title: 'Registrer deg' });
    });


    /* POST */

    app.post('/signup', function(req, res) {
        AM.addNewAccount({
            name    : req.param('name'),
            email   : req.param('email'),
            user    : req.param('user'),
            pass    : req.param('pass'),
            country : req.param('country')
        }, function(e) {
            if (e) {
                res.send(e, 400);
            } else {
                res.send('ok', 200);
            }
        });
    });





    /*
     * ERRORS
     */

    /* 404 */
    app.get('*', function(req, res) {
        res.render('error', { title: '404', text: 'Fant ikke siden' });
    });

    /* 403 on POST */
    app.post('*', function(req, res) {
        res.render('error', { title: '403', text: 'Du har ikke tilgang til denne siden' });
    });


};