Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var app = require('../app');
- var express = require('express');
- var router = express.Router();
- var mongoose = require('mongoose');
- var async = require('async');
- var jwt = require('jsonwebtoken');
- var User = require("../models/user.js");
- /*------------------------------------------------------------\*
- *
- * ACCOUNT LOGIN
- *
- \*------------------------------------------------------------*/
- router.post('/user/login', function(req, res) {
- User.findOne({
- email: req.body.email
- }, function(err, user) {
- if (err) throw err;
- // if the user doesn't exist yet, create the user
- if (!user) {
- var newUser = new User({
- email: req.body.email,
- password: req.body.password,
- admin: false
- });
- var payload = {
- "user": newUser._id
- }
- // create a new token for the user
- var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
- expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
- });
- // save the new user
- newUser.save(function(err) {
- if (err) throw err;
- console.log('User saved successfully');
- res.json({ success: true, token: token });
- });
- // if the user does exist, authenticate them
- } else if (user) {
- User.getAuthenticated(req.body.email, req.body.password, function(err, user, reason) {
- if (err) throw err;
- // login was successful
- if (user) {
- var payload = {
- "user": user._id
- }
- // create a new token for the user
- var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
- expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
- });
- console.log('login success');
- Item.find({owner: user._id})
- .sort({dateCreated: 1})
- .exec(function(err, items) {
- if (err) throw err;
- res.json({
- ...YOUR_STUFF_HERE
- token: token
- });
- });
- }
- });
- }
- });
- });
- /*------------------------------------------------------------\*
- *
- * ALL OTHER REQUESTS MUST BE VERIFIED WITH A TOKEN
- *
- \*------------------------------------------------------------*/
- router.use(function(req, res, next) {
- // check header or url parameters or post parameters for token
- var token = req.body.token || req.query.token || req.headers['x-access-token'];
- // decode token
- if (token) {
- // verifies secret and checks exp
- jwt.verify(token, app.get('YOUR_SECRET_HERE'), function(err, decoded) {
- if (err) {
- return res.json({ success: false, message: 'Failed to authenticate token.' });
- } else {
- // if everything is good, save to request for use in other routes
- req.decoded = decoded;
- next();
- }
- });
- } else {
- // if there is no token
- // return an error
- return res.status(403).send({
- success: false,
- message: 'No token provided.'
- });
- }
- });
- module.exports = router
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement