shimapan/app/routes/auth.js

var fs = require('fs');
var path = require('path');

var express = require('express');
var router = express.Router();
var async = require('async');

var User = require('../models/User.js');
var Invite = require('../models/Invite.js');

var passport = require('passport');

var striptags = require('striptags');

function checkUsername(username, callback) {
    if (username.length > 30) return callback(null, false);
    if (striptags(username) !== username) return callback(null, false);

    User.find({username: username}).limit(1).count(function (err, count) {
        if (err) return callback(err);
        (count === 0) ? callback(null, true) : callback(null, false);
    });
}

function checkInvite(code, callback) {
    Invite.findOne({code: code}, function (err, invite) {
        if (err) return callback(err);
        if (!invite || invite.used || invite.exp < new Date())
            callback(null, false);
        else
            callback(null, true, invite);
    });
}

function useInvite(code, username) {
    Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function (err, res) {
        if (err) throw err;
    });
}

router.post('/register', function (req, res) {
    // Validate the parameters
    async.parallel({
        userCheck: function (callback) {
            checkUsername(req.body.username, function (err, valid) {
                callback(err, valid);
            });
        },
        inviteCheck: function (callback) {
            checkInvite(req.body.invite, function (err, valid, invite) {
                callback(err, {valid: valid, invite: invite});
            });
        }
    }, function (err, result) {
        if (!result.userCheck) {
            res.status(401).json({'message': 'Invalid username.'});
        } else if (!result.inviteCheck.valid) {
            res.status(401).json({'message': 'Invalid invite code.'});
        } else {
            useInvite(req.body.invite, req.body.username);
            var user = new User();
            user.username = req.body.username;
            user.scope = result.inviteCheck.invite.scope;
            user.date = new Date();
            user.setPassword(req.body.password);

            user.save(function (err) {
                if (err) {
                    res.status(500).json({'message': 'Internal server error.'});
                } else {
                    res.status(200)
                        .cookie('shimapan-token', user.genJwt(), {
                            expires: new Date(Date.now() + 604800000),
                            httpOnly: true
                        })
                        .json({'token': user.genJwt()});
                }
            });
        }
    });
});

router.post('/login', function (req, res) {
    passport.authenticate('local', function (err, user, info) {
        if (err) {
            res.status(500).json(err);
        } else if (user) {
            res.status(200)
                .cookie('shimapan-token', user.genJwt(), {
                    expires: new Date(Date.now() + 604800000),
                    httpOnly: true
                })
                .json({'token': user.genJwt()});
        } else {
            res.status(401).json(info);
        }

    })(req, res);
});

router.get('/logout', function(req, res) {
    res.clearCookie('shimapan-token');
    res.status(200).json({'message': 'Successfully logged out.'});
});


module.exports = router;
Work on stuff... 2017-10-11 10:15:19 -04:00			`var fs = require('fs');`
			`var path = require('path');`

			`var express = require('express');`
			`var router = express.Router();`
Fix auth code 2017-10-12 17:25:34 -04:00			`var async = require('async');`
Work on stuff... 2017-10-11 10:15:19 -04:00
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`var User = require('../models/User.js');`
			`var Invite = require('../models/Invite.js');`
Work on stuff... 2017-10-11 10:15:19 -04:00
			`var passport = require('passport');`

Strip tags from usernames and update tests 2017-10-14 15:15:27 -04:00			`var striptags = require('striptags');`

Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`function checkUsername(username, callback) {`
Strip tags from usernames and update tests 2017-10-14 15:15:27 -04:00			`if (username.length > 30) return callback(null, false);`
			`if (striptags(username) !== username) return callback(null, false);`

Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`User.find({username: username}).limit(1).count(function (err, count) {`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`if (err) return callback(err);`
Strip tags from usernames and update tests 2017-10-14 15:15:27 -04:00			`(count === 0) ? callback(null, true) : callback(null, false);`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`});`
			`}`

Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`function checkInvite(code, callback) {`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`Invite.findOne({code: code}, function (err, invite) {`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`if (err) return callback(err);`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`if (!invite \|\| invite.used \|\| invite.exp < new Date())`
			`callback(null, false);`
			`else`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`callback(null, true, invite);`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`});`
			`}`

			`function useInvite(code, username) {`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function (err, res) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`if (err) throw err;`
			`});`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`}`

Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`router.post('/register', function (req, res) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`// Validate the parameters`
			`async.parallel({`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`userCheck: function (callback) {`
			`checkUsername(req.body.username, function (err, valid) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`callback(err, valid);`
			`});`
			`},`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`inviteCheck: function (callback) {`
			`checkInvite(req.body.invite, function (err, valid, invite) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`callback(err, {valid: valid, invite: invite});`
			`});`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`}`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`}, function (err, result) {`
Fix bug where user scope wouldn't be set in the JWT 2017-10-13 16:16:26 -04:00			`if (!result.userCheck) {`
Strip tags from usernames and update tests 2017-10-14 15:15:27 -04:00			`res.status(401).json({'message': 'Invalid username.'});`
Fix bug where user scope wouldn't be set in the JWT 2017-10-13 16:16:26 -04:00			`} else if (!result.inviteCheck.valid) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`res.status(401).json({'message': 'Invalid invite code.'});`
			`} else {`
Fix auth code 2017-10-12 17:25:34 -04:00			`useInvite(req.body.invite, req.body.username);`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`var user = new User();`
			`user.username = req.body.username;`
Fix bug where user scope wouldn't be set in the JWT 2017-10-13 16:16:26 -04:00			`user.scope = result.inviteCheck.invite.scope;`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`user.date = new Date();`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`user.setPassword(req.body.password);`
Work on stuff... 2017-10-11 10:15:19 -04:00
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`user.save(function (err) {`
			`if (err) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`res.status(500).json({'message': 'Internal server error.'});`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`} else {`
			`res.status(200)`
			`.cookie('shimapan-token', user.genJwt(), {`
			`expires: new Date(Date.now() + 604800000),`
			`httpOnly: true`
			`})`
			`.json({'token': user.genJwt()});`
			`}`
			`});`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`}`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`});`
Work on stuff... 2017-10-11 10:15:19 -04:00			`});`

Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`router.post('/login', function (req, res) {`
			`passport.authenticate('local', function (err, user, info) {`
			`if (err) {`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`res.status(500).json(err);`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`} else if (user) {`
			`res.status(200)`
			`.cookie('shimapan-token', user.genJwt(), {`
			`expires: new Date(Date.now() + 604800000),`
			`httpOnly: true`
			`})`
			`.json({'token': user.genJwt()});`
			`} else {`
Work on stuff... 2017-10-11 10:15:19 -04:00			`res.status(401).json(info);`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`}`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00
Work on stuff... 2017-10-11 10:15:19 -04:00			`})(req, res);`
			`});`

Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`router.get('/logout', function(req, res) {`
			`res.clearCookie('shimapan-token');`
			`res.status(200).json({'message': 'Successfully logged out.'});`
			`});`

Work on stuff... 2017-10-11 10:15:19 -04:00
			`module.exports = router;`