Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //routes.js
- module.exports = function(app, passport) {
- // =====================================
- // HOME PAGE (with login links) ========
- // =====================================
- app.get('/', function(req, res) {
- res.render('index.ejs', {
- user : req.user
- });
- console.log(req.user);
- });
- // =====================================
- // LOGIN ===============================
- // =====================================
- // show the login form
- app.get('/login', function(req, res) {
- // render the page and pass in any flash data if it exists
- res.render('login.ejs', { message: req.flash('loginMessage'), user : req.user });
- });
- // process the login form
- // app.post('/login', do all our passport stuff here);
- // =====================================
- // SIGNUP ==============================
- // =====================================
- // show the signup form
- app.get('/signup', function(req, res) {
- // render the page and pass in any flash data if it exists
- res.render('signup.ejs', { message: req.flash('signupMessage'), user : req.user });
- });
- // process the signup form
- app.post('/signup', passport.authenticate('local-signup', {
- successRedirect : '/profile', // redirect to the secure profile section
- failureRedirect : '/signup', // redirect back to the signup page if there is an error
- failureFlash : true // allow flash messages
- })
- );
- // process the login form
- //v1. Authentication as a user with session and redirect
- app.post('/login',
- passport.authenticate('local-login', {
- successRedirect : '/profile', // redirect to the secure profile section
- failureRedirect : '/login', // redirect back to the signup page if there is an error
- failureFlash : true // allow flash messages
- })
- );
- /*
- //v2. Authentication as an api user without session
- app.post('/login',
- passport.authenticate('local-login',{
- session: false
- }),
- function (req, res) {
- res.json(req.user);
- });
- */
- // =====================================
- // PROFILE SECTION =====================
- // =====================================
- // we will want this protected so you have to be logged in to visit
- // we will use route middleware to verify this (the isLoggedIn function)
- app.get('/profile', isLoggedIn, function(req, res) {
- res.render('profile.ejs', {
- user : req.user, // get the user out of session and pass to template
- message: req.flash('newPassMessage')
- });
- });
- app.post('/changePass', isLoggedIn, function (req, res) {
- if(!req.user.validPassword(req.body.current_pass)){
- req.flash('newPassMessage', 'wrong password');
- res.redirect('/profile');
- return;
- }
- if(!req.body.new_pass1 || req.body.new_pass1!==req.body.new_pass2){
- req.flash('newPassMessage', 'passwords are different');
- res.redirect('/profile');
- return;
- }
- req.user.local.password = req.user.generateHash(req.body.new_pass1);
- req.user.save().then(() => {
- console.log('changed');
- req.flash('newPassMessage', 'password has been changed');
- res.redirect('/profile');
- });
- });
- // =====================================
- // LOGOUT ==============================
- // =====================================
- app.get('/logout', function(req, res) {
- req.logout();
- res.redirect('/');
- });
- };
- // route middleware to make sure a user is logged in
- function isLoggedIn(req, res, next) {
- // if user is authenticated in the session, carry on
- if (req.isAuthenticated())
- return next();
- // if they aren't redirect them to the home page
- res.redirect('/');
- }
- //passport.js
- // load all the things we need
- var LocalStrategy = require('passport-local').Strategy;
- // load up the user model
- var User = require('../app/models/user');
- // expose this function to our app using module.exports
- module.exports = function(passport) {
- // =========================================================================
- // passport session setup ==================================================
- // =========================================================================
- // required for persistent login sessions
- // passport needs ability to serialize and unserialize users out of session
- // used to serialize the user for the session
- passport.serializeUser(function(user, done) {
- done(null, user.id);
- });
- // used to deserialize the user
- passport.deserializeUser(function(id, done) {
- User.findById(id, function(err, user) {
- done(err, user);
- });
- });
- // =========================================================================
- // LOCAL SIGNUP ============================================================
- // =========================================================================
- // we are using named strategies since we have one for login and one for signup
- // by default, if there was no name, it would just be called 'local'
- passport.use('local-signup', new LocalStrategy({
- // by default, local strategy uses username and password, we will override with email
- usernameField : 'email',
- passwordField : 'password',
- passReqToCallback : true // allows us to pass back the entire request to the callback
- },
- function(req, email, password, done) {
- // asynchronous
- // User.findOne wont fire unless data is sent back
- process.nextTick(function() {
- // find a user whose email is the same as the forms email
- // we are checking to see if the user trying to login already exists
- User.findOne({ 'local.email' : email }, function(err, user) {
- // if there are any errors, return the error
- if (err)
- return done(err);
- // check to see if theres already a user with that email
- if (user) {
- return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
- } else {
- // if there is no user with that email
- // create the user
- var newUser = new User();
- // set the user's local credentials
- newUser.local.email = email;
- newUser.local.password = newUser.generateHash(password);
- // save the user
- newUser.save(function(err) {
- if (err)
- throw err;
- return done(null, newUser);
- });
- }
- });
- });
- }));
- passport.use('local-login', new LocalStrategy({
- // by default, local strategy uses username and password, we will override with email
- usernameField : 'email',
- passwordField : 'password',
- passReqToCallback : true // allows us to pass back the entire request to the callback
- },
- function(req, email, password, done) { // callback with email and password from our form
- // find a user whose email is the same as the forms email
- // we are checking to see if the user trying to login already exists
- User.findOne({ 'local.email' : email }, function(err, user) {
- // if there are any errors, return the error before anything else
- if (err)
- return done(err);
- // if no user is found, return the message
- if (!user)
- return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
- // if the user is found but the password is wrong
- if (!user.validPassword(password))
- return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
- // all is well, return successful user
- return done(null, user);
- });
- }));
- };
- //user.js
- // load the things we need
- var mongoose = require('mongoose');
- var bcrypt = require('bcrypt-nodejs');
- // define the schema for our user model
- var userSchema = mongoose.Schema({
- name: String,
- local : {
- email : String,
- password : String,
- },
- facebook : {
- id : String,
- token : String,
- name : String,
- email : String
- },
- twitter : {
- id : String,
- token : String,
- displayName : String,
- username : String
- },
- google : {
- id : String,
- token : String,
- email : String,
- name : String
- }
- }, { collection: 'myUsers' });
- // methods ======================
- // generating a hash
- userSchema.methods.generateHash = function(password) {
- return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
- };
- // checking if password is valid
- userSchema.methods.validPassword = function(password) {
- return bcrypt.compareSync(password, this.local.password);
- };
- // create the model for users and expose it to our app
- module.exports = mongoose.model('User', userSchema);
Add Comment
Please, Sign In to add comment