Untitled

// load dependencies
import express from 'express';
import bodyParser from 'body-parser';
import multer from 'multer';
import cookieParser from 'cookie-parser';
import expressSession from 'express-session';
import Sequelize from 'sequelize';
let Store = require('express-sequelize-session')(expressSession.Store);

// use in-memory SQLite3 database
let sequelize = new Sequelize('itest', 'sa', 'secret', {dialect: 'sqlite', logging: false});
let store = new Store(sequelize);

// define user table
let User = sequelize.define('user', {
  login: {
    type: Sequelize.STRING,
    allowNull: false,
    unique: true
  },
  password: {
    type: Sequelize.STRING,
    allowNull: false
  }
}
);

// associate session user
User.belongsTo(store.Session, {foreignKeyConstraint: true});

// process a login request, reference the session and yield the user
let login = (req, done) =>
  User.findOne({
    where: {
      login: req.body.login,
      password: req.body.password
    }}).then(function(user) {
    if (!user) {
      throw new Error('login failed');
    } else {
      return store.Session.findOne({
        where: {
          sid: req.sessionID
        }}).then(function(session) {
        if (!session) { // login without session
          return user;
        } else { // reference session
          return user.setSession(session);
        }
      });
    }}).then(user => done(null, user)).catch(err => done(err, null))
;

// process a logout request
let logout = (req, done) =>
  User.findOne({
    where: {
      login: req.session.user
    }}).then(function(user) {
    if (!user) {
      throw new Error('logout failed');
    } else {
      return user.setSession(null);
    }}).then(user => done(null, user)).catch(err => done(err, null))
;

// create and configure express app
let app = express();
app.use(bodyParser.json()); // for parsing application/json
app.use(bodyParser.urlencoded({extended: true})); // for parsing application/x-www-form-urlencoded
app.use(multer()); // for parsing multipart/form-data
app.use(cookieParser());
app.use(expressSession({
  name: 'sid',
  secret: 'MyAwesomeAppSessionSecret',
  store,
  resave: false,
  saveUninitialized: true
})
);

// restrict all requests
app.all('*', function(req, res, next) {
  if (['/', '/login', '/logout'].includes(req.path)) {
    return next(); // always allow access of these resources
  } else { // check user session
    if (req.session.user) {
      return next(); // authenticated request
    } else {
      return res.sendStatus(401);
    }
  }
}); // unauthorized

// public index page with login form
app.get('/', (req, res) =>
  res.send(`\
<html><head><title>restricted area</title></head><body>
<form action="/login" method="POST">
  <label>Login <input type="text" name="login"/></label>
  <label>Password <input type="password" name="password"/></label>
  <button type="submit">Login</button>
</form></body></html>\
`
  )
);

// validate login and redirect
app.post('/login', (req, res, next) =>
  login(req, function(err, user) {
    if (err != null) { return next(err); } else { // re-ref user login
      req.session.user = user.login;
      return res.redirect('/private');
    }
  })
);

// logout and redirect
app.get('/logout', (req, res, next) =>
  logout(req, function(err) {
    if (err != null) { return next(err); } else {
      delete req.session.user; // de-ref user for safety
      return req.session.destroy(() => res.redirect('/'));
    }
  })
);

// private content page
app.get('/private', (req, res) =>
  res.send(`\
<html><head><title>private space</title></head><body>
<h1>Welcome ${req.session.user}</h1>
<p>nice 2 cu</p>
<a href="/logout">Logout</a>
</body></html>\
`
  )
);

// export database and express app
export default function(done) {
  return sequelize.sync({
    force: true})
  .then(() =>
    done(null, app, {
      Session: store.Session,
      User
    }
    )).catch(err => done(err));
};