app.post('/authenticate', function(req, res, next){ middleware.login(req, re

1. app.post('/authenticate', function(req, res, next){
2. middleware.login(req, res, next);
3. });
4.  
5. exports.login = function(req, res, next){
6. var username = req.body.username;
7. var password = req.body.password;
8. User.findByUsername(username,function(err, user){
9. if(err){
10. res.send({ success: false, message: 'Authentication failed.' });
11. }
12. if (!user) {
13. res.send({ success: false, message: 'Authentication failed. User not found.' });
14. }
15. if(user && !user.isuserenabled){
16. res.send({ success: false, message: 'Authentication failed. User not found.' });
17. }
18. if (!UserSchema.comparePassword(password,user.user_password )) {
19. res.send({ success: false, message: 'Authentication failed. User not found.' });
20. }
21. res.cookie('yummyCookie', jwt.sign(
22. //payload, secret, options, [callback]
23. {
24. id: user.user_id,
25. email: user.email,
26. name: user.firstname + " " + user.lastname,
27. role: user.role
28. },
29. config.secret, // DO NOT KEEP YOUR SECRET IN THE CODE
30. {expiresIn: "1h"}, {secure: true, httpOnly: true}));
31. return next();
32. });
33. };