var app = require('../app');var express = require('express');var router = expr

1. var app = require('../app');
2. var express = require('express');
3. var router = express.Router();
4. var mongoose = require('mongoose');
5. var async = require('async');
6. var jwt = require('jsonwebtoken');
7. var User = require("../models/user.js");
8.  
9. /*------------------------------------------------------------\*
10. *
11. * ACCOUNT LOGIN
12. *
13. \*------------------------------------------------------------*/
14. router.post('/user/login', function(req, res) {
15. User.findOne({
16. email: req.body.email
17. }, function(err, user) {
18.  
19. if (err) throw err;
20.  
21. // if the user doesn't exist yet, create the user
22. if (!user) {
23. var newUser = new User({
24. email: req.body.email,
25. password: req.body.password,
26. admin: false
27. });
28.  
29. var payload = {
30. "user": newUser._id
31. }
32.  
33. // create a new token for the user
34. var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
35. expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
36. });
37.  
38. // save the new user
39. newUser.save(function(err) {
40. if (err) throw err;
41.  
42. console.log('User saved successfully');
43. res.json({ success: true, token: token });
44. });
45.  
46. // if the user does exist, authenticate them
47. } else if (user) {
48.  
49. User.getAuthenticated(req.body.email, req.body.password, function(err, user, reason) {
50. if (err) throw err;
51.  
52. // login was successful
53. if (user) {
54.  
55. var payload = {
56. "user": user._id
57. }
58. // create a new token for the user
59. var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
60. expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
61. });
62.  
63. console.log('login success');
64. Item.find({owner: user._id})
65. .sort({dateCreated: 1})
66. .exec(function(err, items) {
67. if (err) throw err;
68. res.json({
69. ...YOUR_STUFF_HERE
70. token: token
71. });
72. });
73. }
74. });
75. }
76. });
77. });
78.  
79.  
80. /*------------------------------------------------------------\*
81. *
82. * ALL OTHER REQUESTS MUST BE VERIFIED WITH A TOKEN
83. *
84. \*------------------------------------------------------------*/
85. router.use(function(req, res, next) {
86.  
87. // check header or url parameters or post parameters for token
88. var token = req.body.token || req.query.token || req.headers['x-access-token'];
89.  
90. // decode token
91. if (token) {
92.  
93. // verifies secret and checks exp
94. jwt.verify(token, app.get('YOUR_SECRET_HERE'), function(err, decoded) {
95. if (err) {
96. return res.json({ success: false, message: 'Failed to authenticate token.' });
97. } else {
98. // if everything is good, save to request for use in other routes
99. req.decoded = decoded;
100. next();
101. }
102. });
103.  
104. } else {
105.  
106. // if there is no token
107. // return an error
108. return res.status(403).send({
109. success: false,
110. message: 'No token provided.'
111. });
112.  
113. }
114. });
115.  
116. module.exports = router