API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 23rd, 2016
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.64 KB | None | 0 0
raw download clone embed print report
  1. var express = require('express');
  2. var router = express.Router();
  3. var passport = require('passport');
  4. var pg = require('pg').native; // var pg = require)'pg') for Local database users:
  5. var bcrypt = require('bcryptjs');
  6.  
  7. /* GET users listing. */
  8. router.get('/', function(req, res, next) {
  9. res.render('examLogin', {error: req.flash('error')});
  10. });
  11.  
  12. router.post('/',
  13. // depends on the field "isAdmin", redirect to the different path: admin or notAdmin
  14. passport.authenticate('local', { failureRedirect: '/exam', failureFlash:true }),
  15. function(req, res,next) {
  16. // res.json(req.user);
  17. // res.redirect('/users/profile')
  18. console.log(req.user);
  19. if (req.user.isadmin == 'admin'){
  20. res.redirect('/exam/admin');
  21. }
  22. else {
  23. res.redirect('/exam/notAdmin');
  24. }
  25. });
  26.  
  27. router.get('/logout', function(req, res){
  28. req.logout();
  29. res.redirect('/exam'); // Successful. redirect to localhost:3000/exam
  30. });
  31.  
  32.  
  33. router.get('/changePassword', function(req, res){
  34. res.render('changePassword',{user: req.user});
  35. });
  36.  
  37. function connectDB_changePWD(req, res, next) {
  38. return function(err, client, done) {
  39. if (err){ // connection failed
  40. console.log("Unable to connect to database");
  41. return next(err);
  42. }
  43. var pwd = encryptPWD(req.body.new1);
  44. client.query('UPDATE examUsers set password = $1 where username=$2', [pwd, req.user.username], function(err, result) {
  45. done(); // done all queries
  46. if (err) {
  47. console.log("unable to query INSERT");
  48. return next(err); // throw error to error.hbs. only for test purpose
  49. }
  50. console.log("Password change is successful");
  51. res.render('changePassword', {user: req.user , success: "true" });
  52. });
  53. };
  54. }
  55. router.post('/changePassword', function(req, res,next){
  56. pg.connect(process.env.DATABASE_URL + "?ssl=true", connectDB_changePWD(req,res,next));
  57.  
  58. });
  59.  
  60. function loggedIn(req, res, next) {
  61. if (req.user) {
  62. next(); // req.user exist so go to the next function (right after loggedIn)
  63. } else {
  64. res.redirect('/exam'); // user doesn't exisit
  65. }
  66. }
  67.  
  68. ///////////////////////////////////////////////////////////
  69.  
  70. function runQuery_notAdmin(req, res, client, done, next) {
  71. return function(err, result){
  72. if (err) {
  73. console.log("unable to query SELECT ");
  74. next(err); // throw error to error.hbs. only for test purpose
  75. }
  76. else {
  77. console.log(result);
  78. res.render('notAdmin', {rows: result.rows, user: req.user} );
  79. }
  80. };
  81. } // client.query
  82.  
  83. function connectDB_notAdmin(req, res, next) {
  84. return function(err, client, done) {
  85. if (err){ // connection failed
  86. console.log("Unable to connect to database");
  87. return next(err);
  88. }
  89. client.query('SELECT * FROM assignment WHERE username=$1',[req.user.username], runQuery_notAdmin(req, res, client, done, next));
  90. };
  91. }
  92.  
  93. router.get('/notAdmin',loggedIn,function(req, res, next){
  94. // connect DB and read table assignments
  95. pg.connect(process.env.DATABASE_URL + "?ssl=true", connectDB_notAdmin(req,res,next));
  96.  
  97.  
  98. });
  99.  
  100. ///////////////////////////////////////////////////////////
  101.  
  102. router.get('/admin',loggedIn,function(req, res){
  103. // connect DB and read table assignments
  104. res.render('admin', { user: req.user }); //
  105. });
  106.  
  107.  
  108. function connectDB_addAssignment(req, res, next) {
  109. return function(err, client, done) {
  110. if (err){ // connection failed
  111. console.log("Unable to connect to database");
  112. return next(err);
  113. }
  114. client.query('INSERT INTO assignment (username, description, due) VALUES($1, $2, $3)', [req.body.username, req.body.description,req.body.due], function(err, result) {
  115. done(); // done all queries
  116. if (err) {
  117. console.log("unable to query INSERT");
  118. return next(err); // throw error to error.hbs. only for test purpose
  119. }
  120. console.log("Assignment creation is successful");
  121. res.render('addAssignment', {user: req.user , success: "true" });
  122. });
  123. };
  124. }
  125.  
  126. router.get('/addAssignment',function(req, res, next) {
  127. res.render('addAssignment', {user: req.user});
  128. });
  129.  
  130. router.post('/addAssignment',function(req, res, next) {
  131. pg.connect(process.env.DATABASE_URL + "?ssl=true", connectDB_addAssignment(req,res,next));
  132. });
  133.  
  134. ///////////////////////////////////////////////////////////
  135.  
  136. router.get('/signup',function(req, res) {
  137. res.render('examSignup', { user: req.user }); // signup.hbs
  138. });
  139. // check if username has spaces, DB will whine about that
  140. function validUsername(username) {
  141. var login = username.trim(); // remove spaces
  142. return login !== '' && login.search(/ /) < 0;
  143. }
  144.  
  145. function encryptPWD(password){
  146. var salt = bcrypt.genSaltSync(10);
  147. //console.log("hash passwords");
  148. return bcrypt.hashSync(password, salt);
  149. }
  150.  
  151. ///////////////////////////////////////////////////////////
  152. function createUser(req, res, client, done, next){
  153. console.log("create account");
  154. var pwd = encryptPWD(req.body.password);
  155. var status = (req.body.stuAd);
  156. client.query('INSERT INTO examusers (username, password,isadmin) VALUES($1, $2, $3)', [req.body.username, pwd, status], function(err, result) {
  157. done(); // done all queries
  158. if (err) {
  159. console.log("unable to query INSERT");
  160. return next(err); // throw error to error.hbs. only for test purpose
  161. }
  162. else{
  163. console.log("User creation is successful");
  164. res.render('examSignup', { success: "true" });
  165. }
  166. });
  167. }
  168.  
  169. function runQuery(req, res, client, done, next) {
  170. return function(err, result){
  171. if (err) {
  172. console.log("unable to query SELECT ");
  173. next(err); // throw error to error.hbs. only for test purpose
  174. }
  175. else if (result.rows.length > 0) {
  176. console.log("user exists");
  177. res.render('examSignup', { exist: "true" });
  178. }
  179. else {
  180. console.log("no user with that name");
  181. createUser(req, res, client, done, next);
  182. }
  183. };
  184. } // client.query
  185.  
  186. function connectDB(req, res, next) {
  187. return function(err, client, done) {
  188. if (err){ // connection failed
  189. console.log("Unable to connect to database");
  190. return next(err);
  191. }
  192. client.query('SELECT * FROM examusers WHERE username=$1',[req.body.username], runQuery(req, res, client, done, next));
  193. };
  194. }
  195.  
  196. router.post('/signup', function(req, res, next) {
  197. if (!validUsername(req.body.username)) {
  198. return res.render('examSignup', { invalid: "true" });
  199. }
  200. // Local database users:
  201. // pg.connect(process.env.DATABASE_URL, connectDB(req,res,next));
  202. pg.connect(process.env.DATABASE_URL + "?ssl=true", connectDB(req,res,next));
  203. });
  204.  
  205. module.exports = router;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!