// Using express as a serverconst express = require('express');const morgan =

1. // Using express as a server
2. const express = require('express');
3. const morgan = require('morgan'); // JUST FOR LOGS
4. const session = require('express-session') // for sessions
5. const bodyParser = require('body-parser') // for req.body
6. const passport = require('passport');
7. const LocalStrategy = require('passport-local').Strategy;
8.  
9. const User = require('<relative path to User.js eg ./User>') // Use relative path to the User file
10.  
11. const app = express();
12.  
13. app.use(morgan('combined'));
14. app.use(bodyParser.json()); // body-parser MW
15. app.use(bodyParser.urlencoded({ extended: false })) // See doc of it for ref
16.  
17. app.use(session({ // Session MW
18. secret: 'keyboard cat', // Use a more secure secret LOL
19. resave: true,
20. saveUninitialized: true,
21. cookie: { maxAge: 100 * 60 * 60 * 24 * 30} // = 30 days
22. }))
23.  
24. // Passport intialization
25. app.use(passport.initialize());
26. app.use(passport.session());
27.  
28. // Our passport stategy
29. passport.use(new LocalStrategy(
30. function(username, password, done) {
31. User.findOne({ // Using sequelize model function
32. where: { // Take an object with options where self explanatory
33. 'username': username
34. }
35. }).then(function (user) { // Sequelize return a promise with user in callback
36. if (user == null) { // Checking if user exsists
37. return done(null, false) // Standerd Passport callback
38. }
39.  
40. if (password == user.password) { // use your password hash comparing logic here for security
41. return done(null, user) // Standerd Passport callback
42. }
43. return done(null, false) // Standerd Passport callback
44. })
45. }
46. ))
47.  
48. // for maintaining session
49. passport.serializeUser(function(user, done) { // Standered Serialize for session
50. done(null, user.id)
51. })
52.  
53. passport.deserializeUser(function(id, done) {
54. User.findOne({ // Using sequelize model functoin
55. where: {
56. 'id': id
57. }
58. }).then(function (user) {
59. if (user == null) {
60. done(new Error('Wrong user id.'))
61. }
62.  
63. done(null, user) // Standerd deserailize callback
64. })
65. })
66.  
67. // Post request handling route for login
68. app.post('/login', passport.authenticate('local', { successRedirect: '/testGuard',
69. failureRedirect: '/testGuard'}))
70.  
71.  
72. // Standerd middleware taking req, res and next as parameters
73. function loggedIn(req, res, next) {
74. if (req.user) { // if request contains the user
75. next(); // call next
76. } else {
77. res.status(403).send("Unauthorized") // throwing unauthorized
78. }
79. }
80.  
81. // Protected route
82. app.get('/testGuard',loggedIn, (req,res)=>{
83. res.send("YOU ARE AUTHENTICATED");
84. })
85.  
86. // Handle logout
87. app.get('/logout',(req,res)=>{
88. req.logout();
89. res.send("YOU ARE NOW LOGGED OUT")
90. })
91.  
92. // start the app
93. app.listen(3000,()=>{
94. console.log("magical number is 3000")
95. })
96. Raw