Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // load dependencies
- import express from 'express';
- import bodyParser from 'body-parser';
- import multer from 'multer';
- import cookieParser from 'cookie-parser';
- import expressSession from 'express-session';
- import Sequelize from 'sequelize';
- let Store = require('express-sequelize-session')(expressSession.Store);
- // use in-memory SQLite3 database
- let sequelize = new Sequelize('itest', 'sa', 'secret', {dialect: 'sqlite', logging: false});
- let store = new Store(sequelize);
- // define user table
- let User = sequelize.define('user', {
- login: {
- type: Sequelize.STRING,
- allowNull: false,
- unique: true
- },
- password: {
- type: Sequelize.STRING,
- allowNull: false
- }
- }
- );
- // associate session user
- User.belongsTo(store.Session, {foreignKeyConstraint: true});
- // process a login request, reference the session and yield the user
- let login = (req, done) =>
- User.findOne({
- where: {
- login: req.body.login,
- password: req.body.password
- }}).then(function(user) {
- if (!user) {
- throw new Error('login failed');
- } else {
- return store.Session.findOne({
- where: {
- sid: req.sessionID
- }}).then(function(session) {
- if (!session) { // login without session
- return user;
- } else { // reference session
- return user.setSession(session);
- }
- });
- }}).then(user => done(null, user)).catch(err => done(err, null))
- ;
- // process a logout request
- let logout = (req, done) =>
- User.findOne({
- where: {
- login: req.session.user
- }}).then(function(user) {
- if (!user) {
- throw new Error('logout failed');
- } else {
- return user.setSession(null);
- }}).then(user => done(null, user)).catch(err => done(err, null))
- ;
- // create and configure express app
- let app = express();
- app.use(bodyParser.json()); // for parsing application/json
- app.use(bodyParser.urlencoded({extended: true})); // for parsing application/x-www-form-urlencoded
- app.use(multer()); // for parsing multipart/form-data
- app.use(cookieParser());
- app.use(expressSession({
- name: 'sid',
- secret: 'MyAwesomeAppSessionSecret',
- store,
- resave: false,
- saveUninitialized: true
- })
- );
- // restrict all requests
- app.all('*', function(req, res, next) {
- if (['/', '/login', '/logout'].includes(req.path)) {
- return next(); // always allow access of these resources
- } else { // check user session
- if (req.session.user) {
- return next(); // authenticated request
- } else {
- return res.sendStatus(401);
- }
- }
- }); // unauthorized
- // public index page with login form
- app.get('/', (req, res) =>
- res.send(`\
- <html><head><title>restricted area</title></head><body>
- <form action="/login" method="POST">
- <label>Login <input type="text" name="login"/></label>
- <label>Password <input type="password" name="password"/></label>
- <button type="submit">Login</button>
- </form></body></html>\
- `
- )
- );
- // validate login and redirect
- app.post('/login', (req, res, next) =>
- login(req, function(err, user) {
- if (err != null) { return next(err); } else { // re-ref user login
- req.session.user = user.login;
- return res.redirect('/private');
- }
- })
- );
- // logout and redirect
- app.get('/logout', (req, res, next) =>
- logout(req, function(err) {
- if (err != null) { return next(err); } else {
- delete req.session.user; // de-ref user for safety
- return req.session.destroy(() => res.redirect('/'));
- }
- })
- );
- // private content page
- app.get('/private', (req, res) =>
- res.send(`\
- <html><head><title>private space</title></head><body>
- <h1>Welcome ${req.session.user}</h1>
- <p>nice 2 cu</p>
- <a href="/logout">Logout</a>
- </body></html>\
- `
- )
- );
- // export database and express app
- export default function(done) {
- return sequelize.sync({
- force: true})
- .then(() =>
- done(null, app, {
- Session: store.Session,
- User
- }
- )).catch(err => done(err));
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement