var express = require('express');var router = express.Router();var passport =

1. var express = require('express');
2. var router = express.Router();
3. var passport = require('passport')
4. var LocalStrategy = require('passport-local').Strategy;
5. var crypto = require('crypto');
6.  
7. var User = require('../models/user');
8. var sqlite3 = require('sqlite3');
9.  
10. var db = new sqlite3.Database('./database.sqlite3');
11.  
12. //Register
13. router.get('/register', function(req,res) {
14. res.render('register');
15.  
16. });
17.  
18. //Login
19. router.get('/login', function(req,res) {
20. res.render('login');
21.  
22. });
23.  
24. //Register User
25. router.post('/register', function(req,res) {
26. var email = req.body.email;
27. var username = req.body.username;
28. var password = req.body.password;
29. var password2 = req.body.password2;
30.  
31.  
32. //Validation
33. req.checkBody('username', 'Username is required').notEmpty();
34. req.checkBody('email', 'Email is required').notEmpty();
35. req.checkBody('email', 'Email is not valid').isEmail();
36. req.checkBody('password', 'Password is required').notEmpty();
37. req.checkBody('password2', 'Passwords do not match').equals(req.body.password);
38.  
39. var errors = req.validationErrors();
40.  
41. if (errors){
42. res.render('register', {
43. errors:errors
44. });
45.  
46. } else {
47. var stmt = db.prepare("INSERT INTO users ( id, username, email, password, salt ) VALUES (NULL, ?, ?, ?, ?)");
48. stmt.run([ username, email, password[0], 'string' ]).finalize();
49. // GIVE ME A FLASH MESSAGE AND REDIRECT TO LOGIN
50. req.flash('success_msg','You are registered and can now login');
51. res.redirect('/users/login');
52.  
53. }
54. });
55. // LOGIN
56.  
57. function hashPassword(password, salt) {
58. var hash = crypto.createHash('sha256');
59. hash.update(password);
60. hash.update(salt);
61. return hash.digest('hex');
62. }
63.  
64. passport.use(new LocalStrategy(function(username, password, done) {
65. db.get('SELECT * FROM users WHERE username = ?', username, function(err, row) {
66. if (!row) return done(null, false,{message: 'Unknown User'});
67. var hash = hashPassword(password, row.salt);
68. db.get('SELECT * FROM users WHERE username = ? AND password = ?', username, hash, function(err, row) {
69. if (!row) return done(null, false,{message: 'Invalid password'});
70. return done(null, row);
71. });
72. });
73. }));
74.  
75.  
76. // SERIALIZE AND DESERIALIZE USER
77. passport.serializeUser(function(user, done) {
78. return done(null, user.id);
79. });
80.  
81. passport.deserializeUser(function(id, done) {
82. db.get('SELECT id, username FROM users WHERE id = ?', id, function(err, row) {
83. if (!row) return done(null, false);
84. return done(null, row);
85. });
86. });
87.  
88.  
89. router.post('/login', passport.authenticate('local', { successRedirect: '/',
90.  
91. failureRedirect: '/users/login',failureFlash:true }),
92. function(req,res) {
93. res.redirect('/');
94. });
95.  
96. router.get('/logout',function(req,res){
97. req.logout();
98.  
99. req.flash('success_msg','You are logged out');
100.  
101. res.redirect('/users/login');
102. })
103.  
104.  
105. module.exports = router;