Add fallback cookie auth method

app/routes.js

@@ -12,7 +12,19 @@ var path = require('path');
 var jwt = require('express-jwt');
 var jwtauth = jwt({
     secret: fs.readFileSync(path.join(__dirname, '../jwt.pem'), 'utf8'),
-    userProperty: 'payload'
+    userProperty: 'payload',
+    getToken: function(req) {
+        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+            // First check Authorization header
+            return req.headers.authorization.split(' ')[1];
+        } else if (req.cookies && req.cookies['shimapan-token']) {
+            // Get from cookies as fallback
+            return req.cookies['shimapan-token'];
+        }
+
+        // no token received
+        return null;
+    }
 });
 
 module.exports = function(app) {
@@ -23,8 +35,8 @@ module.exports = function(app) {
     app.use('/api/auth', auth);
     app.use('/register', register);
     app.use('/login', login);
-    app.use('/panel', panel);
+    app.use('/panel', jwtauth, panel);
-    app.use('/panel*', panel);
+    app.use('/panel*', jwtauth, panel);
 
     app.use(function(err, req, res, next) {
         if (err.name === 'UnauthorizedError') {

app/routes/auth.js

@@ -65,26 +65,43 @@ router.post('/register', function(req, res) {
             user.setPassword(req.body.password);
 
             user.save(function (err) {
-                if (err)
+                if (err) {
                     res.status(500).json({'message': 'Internal server error.'});
-                else
+                } else {
-                    res.status(200).json({'token': user.genJwt()});
+                    res.status(200)
+                        .cookie('shimapan-token', user.genJwt(), {
+                            expires: new Date(Date.now() + 604800000),
+                            httpOnly: true
                         })
+                        .json({'token': user.genJwt()});
+                }
+            });
         }
     });
 });
 
 router.post('/login', function (req, res) {
     passport.authenticate('local', function (err, user, info) {
-        if (err)
+        if (err) {
             res.status(500).json(err);
-        else if (user)
+        } else if (user) {
-            res.status(200).json({'token': user.genJwt() });
+            res.status(200)
-        else
+                .cookie('shimapan-token', user.genJwt(), {
+                    expires: new Date(Date.now() + 604800000),
+                    httpOnly: true
+                })
+                .json({'token': user.genJwt()});
+        } else {
             res.status(401).json(info);
+        }
 
     })(req, res);
 });
 
+router.get('/logout', function(req, res) {
+    res.clearCookie('shimapan-token');
+    res.status(200).json({'message': 'Successfully logged out.'});
+});
+
 
 module.exports = router;

public/js/services/AuthSvc.js

@@ -42,7 +42,12 @@ angular.module('AuthSvc', []).service('AuthService', ['$http', '$window', functi
     };
     this.logout = function() {
         $window.localStorage.removeItem('shimapan-token');
+        $http({
+            method: 'GET',
+            url: '/api/auth/logout'
+        }).then(function(res) {
             $window.location.href = '/';
+        });
     };
     this.isLoggedIn = function() {
         var payload = decodeToken(getToken());

server.js

@@ -4,6 +4,7 @@ var methodOverride = require('method-override');
 var mongoose = require('mongoose');
 var morgan = require('morgan');
 var passport = require('passport');
+var cookieParser = require('cookie-parser');
 
 var app = express();
 
@@ -21,6 +22,7 @@ db.on('error', function(err) {
 
 require('./config/passport.js');
 
+app.use(cookieParser());
 app.use(bodyParser.json());
 app.use(bodyParser.json({ type: 'application/json' }));
 app.use(bodyParser.urlencoded({ extended: true }));