shimapan/app/routes/auth.js

var express = require('express');
var router = express.Router();

var User = require('../models/User.js');
var Invite = require('../models/Invite.js');

var passport = require('passport');

function checkInvite(code, callback) {
    Invite.findOne({code: code}, function (err, invite) {
        if (err) return callback(err);
        if (!invite || invite.used || invite.exp < new Date())
            callback(null, false);
        else
            callback(null, true, invite);
    });
}

function useInvite(code, username) {
    Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function (err) {
        if (err) throw err;
    });
}

router.post('/register', function (req, res, next) {
    // Validate the invite code, then hand off to passport
    checkInvite(req.body.invite, function (err, valid, invite) {
        if (valid) {
            User.register(
                new User({username: req.body.username, scope: invite.scope, date: Date.now()}),
                req.body.password,
                function (err) {
                    if (err) return res.status(403).json({'message': err.message});
                    passport.authenticate('local')(req, res, function () {
                        req.session.save(function(err) {
                            if (err) return next(err);
                            useInvite(req.body.invite, req.body.username);
                            req.session.username = req.body.username;
                            res.status(200).json({'message': 'Registered.'});
                        });
                    });
                }
            );
        } else {
            res.status(401).json({'message': 'Invalid invite code.'});
        }
    });
});

router.post('/login', function (req, res, next) {
    passport.authenticate('local', function(err, user, info) {
        if (err) return next(err);
        if (!user) return res.status(401).json({'message': info});
        req.logIn(user, function(err) {
            if (err) return next(err);
            req.session.username = user;
            res.status(200).json({'message': 'Logged in.'});
        });
    })(req, res, next);
});

router.get('/logout', function (req, res) {
    req.logout();
    res.status(200).json({'message': 'Logged out.'});
});

router.get('/session', function(req, res) {
   if (req.session.passport.user) {
       User.findOne({username: req.session.passport.user}, function(err, user) {
           res.status(200).json({
               user: user.username,
               scope: user.scope
           });
       });
   } else {
       res.status(401).json({'message': 'Unauthorized.'});
   }
});

module.exports = router;