Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Satellizer Node.js Example
- * (c) 2015 Sahat Yalkabov
- * License: MIT
- */
- var formidable = require('formidable');
- var fs = require('fs');
- var mv = require('mv');
- var path = require('path');
- var qs = require('querystring');
- var async = require('async');
- var bcrypt = require('bcryptjs');
- var bodyParser = require('body-parser');
- var colors = require('colors');
- var cors = require('cors');
- var express = require('express');
- var logger = require('morgan');
- var jwt = require('jwt-simple');
- var moment = require('moment');
- var mongoose = require('mongoose');
- var request = require('request');
- var config = require('./config');
- var userSchema = new mongoose.Schema({
- email: { type: String, unique: true, lowercase: true },
- password: { type: String, select: false },
- displayName: String,
- level: Number,
- picture: String,
- facebook: String,
- google: String,
- twitter: String
- });
- var fileSchema = new mongoose.Schema({
- nomefile: String,
- directory: String,
- dataupload: {type: Date, default: Date.now},
- size: String,
- type: String,
- }, {collection:'file'});
- var File = mongoose.model('File',fileSchema);
- userSchema.pre('save', function(next) {
- var user = this;
- if (!user.isModified('password')) {
- return next();
- }
- bcrypt.genSalt(10, function(err, salt) {
- bcrypt.hash(user.password, salt, function(err, hash) {
- user.password = hash;
- next();
- });
- });
- });
- userSchema.methods.comparePassword = function(password, done) {
- bcrypt.compare(password, this.password, function(err, isMatch) {
- done(err, isMatch);
- });
- };
- var User = mongoose.model('User', userSchema);
- mongoose.connect(config.MONGO_URI);
- mongoose.connection.on('error', function(err) {
- console.log('Error: Could not connect to MongoDB. Did you forget to run `mongod`?'.red);
- });
- var app = express();
- /* INCLUSIONE SOCKET.IO */
- var server = require('http').createServer(app);
- var io = require('socket.io')(server);
- app.set('port', process.env.PORT || 3000);
- app.use(cors());
- app.use(logger('dev'));
- app.use(bodyParser.json());
- app.use(bodyParser.urlencoded({ extended: true }));
- // Force HTTPS on Heroku
- if (app.get('env') === 'production') {
- app.use(function(req, res, next) {
- var protocol = req.get('x-forwarded-proto');
- protocol == 'https' ? next() : res.redirect('https://' + req.hostname + req.url);
- });
- }
- app.use(express.static(path.join(__dirname, '../client')));
- /*
- |--------------------------------------------------------------------------
- | Login Required Middleware
- |--------------------------------------------------------------------------
- */
- function ensureAuthenticated(req, res, next) {
- if (!req.header('Authorization')) {
- return res.status(401).send({ message: 'Please make sure your request has an Authorization header' });
- }
- var token = req.header('Authorization').split(' ')[1];
- var payload = null;
- try {
- payload = jwt.decode(token, config.TOKEN_SECRET);
- }
- catch (err) {
- return res.status(402).send({ message: err.message });
- }
- if (payload.exp <= moment().unix()) {
- return res.status(402).send({ message: 'Token has expired' });
- }
- req.user = payload.sub;
- next();
- }
- /*
- |--------------------------------------------------------------------------
- | Generate JSON Web Token
- |--------------------------------------------------------------------------
- */
- function createJWT(user) {
- var payload = {
- sub: user._id,
- iat: moment().unix(),
- exp: moment().add(14, 'days').unix(),
- lev: user.level
- };
- return jwt.encode(payload, config.TOKEN_SECRET);
- }
- /* SEZIONE SOCKET IO */
- io.on('connection', function(socket){
- socket.emit('news',{hello: 'world'});
- socket.on('my other event',function(data){
- console.log(data);
- });
- });
- /*
- |--------------------------------------------------------------------------
- | GET /api/me
- |--------------------------------------------------------------------------
- */
- app.get('/api/me', ensureAuthenticated, function(req, res) {
- User.findById(req.user, function(err, user) {
- res.send(user);
- });
- });
- app.get('/api/contactlist', ensureAuthenticated,
- function(req,res){
- User.find(function(err,user){
- res.send(user);
- });
- });
- app.delete('/api/removecontact/:id', ensureAuthenticated,
- function(req,res){
- var id = req.params.id;
- User.remove({_id: id},function(err,user){
- if (err){
- console.log('Errore' + err);
- }
- res.send(user);
- });
- });
- app.post('/api/upload', function(req,res){
- var form = new formidable.IncomingForm();
- var token = req.headers.authorization.split(' ')[1];
- var payload = jwt.decode(token, config.TOKEN_SECRET);
- var iduser = payload.sub;
- form.parse(req,function(err,fields,files){
- if (!err){
- var file = files.file;
- var tempPath=file.path;
- var targetPath=path.resolve('./file/'+iduser+'/'+file.name);
- var filedb = new File({
- nomefile: file.name,
- directory: iduser,
- size: file.size,
- type: file.type
- });
- filedb.save(function(err,data){
- if (err){
- console.log(err);
- }
- });
- mv(tempPath,targetPath, {mkdirp: true}, function(err){
- if (err) {
- throw err;
- }
- return res.status(200).send('ok');
- });
- }
- else {
- console.log('there is an error in upload');
- }
- });
- });
- app.get('/api/readdir', function(req,res){
- var basedir = './file/';
- var token = req.headers.authorization.split(' ')[1];
- var payload = jwt.decode(token, config.TOKEN_SECRET);
- var iduser = payload.sub;
- File.find({directory: iduser}, function(err,docs){
- if (err){
- console.log(err);
- }
- else {
- return res.status(200).send(docs);
- }
- });
- });
- app.post('/api/downfile',function(req,res){
- var id = req.body.id;
- File.find({_id: id}, function(err,docs){
- if (err){
- console.log(err);
- }
- else {
- var query=docs[0];
- var path='./file/'+query.directory+'/'+query.nomefile;
- var file = fs.readFileSync(path,'binary');
- res.setHeader('Content-Length', file.length);
- res.setHeader('Content-Disposition', 'attachment; filename="'+query.nomefile+'"');
- res.setHeader('Content-Type', query.type);
- res.write(file,'binary');
- res.end();
- }
- });
- });
- /*
- |--------------------------------------------------------------------------
- | PUT /api/me
- |--------------------------------------------------------------------------
- */
- app.put('/api/me', ensureAuthenticated, function(req, res) {
- User.findById(req.user, function(err, user) {
- if (!user) {
- return res.status(400).send({ message: 'User not found' });
- }
- user.displayName = req.body.displayName || user.displayName;
- user.email = req.body.email || user.email;
- user.save(function(err) {
- res.status(200).end();
- });
- });
- });
- app.put('/api/updatelevel',ensureAuthenticated,function(req,res){
- User.findById(req.body.id,function(err,user){
- if (!user){
- return res.status(400).send({message: 'User not found'});
- }
- user.level = req.body.level;
- user.save(function(err){
- res.status(200).end();
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Log in with Email
- |--------------------------------------------------------------------------
- */
- app.post('/auth/login', function(req, res) {
- User.findOne({ email: req.body.email }, '+password', function(err, user) {
- if (!user) {
- return res.status(401).send({ message: 'Invalid email and/or password' });
- }
- user.comparePassword(req.body.password, function(err, isMatch) {
- if (!isMatch) {
- return res.status(401).send({ message: 'Invalid email and/or password' });
- }
- res.send({ token: createJWT(user) });
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Create Email and Password Account
- |--------------------------------------------------------------------------
- */
- app.post('/auth/signup', function(req, res) {
- User.findOne({ email: req.body.email }, function(err, existingUser) {
- if (existingUser) {
- return res.status(409).send({ message: 'Email is already taken' });
- }
- var user = new User({
- displayName: req.body.displayName,
- email: req.body.email,
- password: req.body.password,
- level: '0'
- });
- user.save(function(err, result) {
- if (err) {
- res.status(500).send({ message: err.message });
- }
- res.send({ token: createJWT(result) });
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Login with Google
- |--------------------------------------------------------------------------
- */
- app.post('/auth/google', function(req, res) {
- var accessTokenUrl = 'https://accounts.google.com/o/oauth2/token';
- var peopleApiUrl = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect';
- var params = {
- code: req.body.code,
- client_id: req.body.clientId,
- client_secret: config.GOOGLE_SECRET,
- redirect_uri: req.body.redirectUri,
- grant_type: 'authorization_code'
- };
- // Step 1. Exchange authorization code for access token.
- request.post(accessTokenUrl, { json: true, form: params }, function(err, response, token) {
- var accessToken = token.access_token;
- var headers = { Authorization: 'Bearer ' + accessToken };
- // Step 2. Retrieve profile information about the current user.
- request.get({ url: peopleApiUrl, headers: headers, json: true }, function(err, response, profile) {
- if (profile.error) {
- return res.status(500).send({message: profile.error.message});
- }
- // Step 3a. Link user accounts.
- if (req.header('Authorization')) {
- User.findOne({ google: profile.sub }, function(err, existingUser) {
- if (existingUser) {
- return res.status(409).send({ message: 'There is already a Google account that belongs to you' });
- }
- var token = req.header('Authorization').split(' ')[1];
- var payload = jwt.decode(token, config.TOKEN_SECRET);
- User.findById(payload.sub, function(err, user) {
- if (!user) {
- return res.status(400).send({ message: 'User not found' });
- }
- user.google = profile.sub;
- user.picture = user.picture || profile.picture.replace('sz=50', 'sz=200');
- user.displayName = user.displayName || profile.name;
- user.save(function() {
- var token = createJWT(user);
- res.send({ token: token });
- });
- });
- });
- } else {
- // Step 3b. Create a new user account or return an existing one.
- User.findOne({ google: profile.sub }, function(err, existingUser) {
- if (existingUser) {
- return res.send({ token: createJWT(existingUser) });
- }
- var user = new User();
- user.google = profile.sub;
- user.picture = profile.picture.replace('sz=50', 'sz=200');
- user.displayName = profile.name;
- user.save(function(err) {
- var token = createJWT(user);
- res.send({ token: token });
- });
- });
- }
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Login with Facebook
- |--------------------------------------------------------------------------
- */
- app.post('/auth/facebook', function(req, res) {
- var fields = ['id', 'email', 'first_name', 'last_name', 'link', 'name'];
- var accessTokenUrl = 'https://graph.facebook.com/v2.5/oauth/access_token';
- var graphApiUrl = 'https://graph.facebook.com/v2.5/me?fields=' + fields.join(',');
- var params = {
- code: req.body.code,
- client_id: req.body.clientId,
- client_secret: config.FACEBOOK_SECRET,
- redirect_uri: req.body.redirectUri
- };
- // Step 1. Exchange authorization code for access token.
- request.get({ url: accessTokenUrl, qs: params, json: true }, function(err, response, accessToken) {
- if (response.statusCode !== 200) {
- return res.status(500).send({ message: accessToken.error.message });
- }
- // Step 2. Retrieve profile information about the current user.
- request.get({ url: graphApiUrl, qs: accessToken, json: true }, function(err, response, profile) {
- if (response.statusCode !== 200) {
- return res.status(500).send({ message: profile.error.message });
- }
- if (req.header('Authorization')) {
- User.findOne({ facebook: profile.id }, function(err, existingUser) {
- if (existingUser) {
- return res.status(409).send({ message: 'There is already a Facebook account that belongs to you' });
- }
- var token = req.header('Authorization').split(' ')[1];
- var payload = jwt.decode(token, config.TOKEN_SECRET);
- User.findById(payload.sub, function(err, user) {
- if (!user) {
- return res.status(400).send({ message: 'User not found' });
- }
- user.facebook = profile.id;
- user.picture = user.picture || 'https://graph.facebook.com/v2.3/' + profile.id + '/picture?type=large';
- user.displayName = user.displayName || profile.name;
- user.save(function() {
- var token = createJWT(user);
- res.send({ token: token });
- });
- });
- });
- } else {
- // Step 3. Create a new user account or return an existing one.
- User.findOne({ facebook: profile.id }, function(err, existingUser) {
- if (existingUser) {
- var token = createJWT(existingUser);
- return res.send({ token: token });
- }
- var user = new User();
- user.facebook = profile.id;
- user.picture = 'https://graph.facebook.com/' + profile.id + '/picture?type=large';
- user.displayName = profile.name;
- user.save(function() {
- var token = createJWT(user);
- res.send({ token: token });
- });
- });
- }
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Login with Twitter
- |--------------------------------------------------------------------------
- */
- app.post('/auth/twitter', function(req, res) {
- var requestTokenUrl = 'https://api.twitter.com/oauth/request_token';
- var accessTokenUrl = 'https://api.twitter.com/oauth/access_token';
- var profileUrl = 'https://api.twitter.com/1.1/users/show.json?screen_name=';
- // Part 1 of 2: Initial request from Satellizer.
- if (!req.body.oauth_token || !req.body.oauth_verifier) {
- var requestTokenOauth = {
- consumer_key: config.TWITTER_KEY,
- consumer_secret: config.TWITTER_SECRET,
- callback: req.body.redirectUri
- };
- // Step 1. Obtain request token for the authorization popup.
- request.post({ url: requestTokenUrl, oauth: requestTokenOauth }, function(err, response, body) {
- var oauthToken = qs.parse(body);
- // Step 2. Send OAuth token back to open the authorization screen.
- res.send(oauthToken);
- });
- } else {
- // Part 2 of 2: Second request after Authorize app is clicked.
- var accessTokenOauth = {
- consumer_key: config.TWITTER_KEY,
- consumer_secret: config.TWITTER_SECRET,
- token: req.body.oauth_token,
- verifier: req.body.oauth_verifier
- };
- // Step 3. Exchange oauth token and oauth verifier for access token.
- request.post({ url: accessTokenUrl, oauth: accessTokenOauth }, function(err, response, accessToken) {
- accessToken = qs.parse(accessToken);
- var profileOauth = {
- consumer_key: config.TWITTER_KEY,
- consumer_secret: config.TWITTER_SECRET,
- oauth_token: accessToken.oauth_token
- };
- // Step 4. Retrieve profile information about the current user.
- request.get({
- url: profileUrl + accessToken.screen_name,
- oauth: profileOauth,
- json: true
- }, function(err, response, profile) {
- // Step 5a. Link user accounts.
- if (req.header('Authorization')) {
- User.findOne({ twitter: profile.id }, function(err, existingUser) {
- if (existingUser) {
- return res.status(409).send({ message: 'There is already a Twitter account that belongs to you' });
- }
- var token = req.header('Authorization').split(' ')[1];
- var payload = jwt.decode(token, config.TOKEN_SECRET);
- User.findById(payload.sub, function(err, user) {
- if (!user) {
- return res.status(400).send({ message: 'User not found' });
- }
- user.twitter = profile.id;
- user.displayName = user.displayName || profile.name;
- user.picture = user.picture || profile.profile_image_url.replace('_normal', '');
- user.save(function(err) {
- res.send({ token: createJWT(user) });
- });
- });
- });
- } else {
- // Step 5b. Create a new user account or return an existing one.
- User.findOne({ twitter: profile.id }, function(err, existingUser) {
- if (existingUser) {
- return res.send({ token: createJWT(existingUser) });
- }
- var user = new User();
- user.twitter = profile.id;
- user.displayName = profile.name;
- user.picture = profile.profile_image_url.replace('_normal', '');
- user.save(function() {
- res.send({ token: createJWT(user) });
- });
- });
- }
- });
- });
- }
- });
- /*
- |--------------------------------------------------------------------------
- | Unlink Provider
- |--------------------------------------------------------------------------
- */
- app.post('/auth/unlink', ensureAuthenticated, function(req, res) {
- var provider = req.body.provider;
- var providers = ['facebook', 'google', 'twitter'];
- if (providers.indexOf(provider) === -1) {
- return res.status(400).send({ message: 'Unknown OAuth Provider' });
- }
- User.findById(req.user, function(err, user) {
- if (!user) {
- return res.status(400).send({ message: 'User Not Found' });
- }
- user[provider] = undefined;
- user.save(function() {
- res.status(200).end();
- });
- });
- });
- /*
- |--------------------------------------------------------------------------
- | Start the Server
- |--------------------------------------------------------------------------
- */
- app.listen(app.get('port'), function() {
- console.log('Express server listening on port ' + app.get('port'));
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement