models_user.js

const mongoose = require("mongoose");
var passportLocalMongoose = require("passport-local-mongoose");
var uniqueValidator = require('mongoose-unique-validator');
var md5 = require('blueimp-md5');
var jwt = require('jsonwebtoken');
var session = require("express-session");
var crypto = require("crypto");

const UserSchema = new mongoose.Schema({
    username: {
    	type: String,
		unique: true,
		required: true,
		match: [/^[a-zA-Z0-9_\- ]+$/, 'is invalid'],
		index: true
    },
    email: {
    	type: String,
		lowercase: true,
		unique: true,
		required: [true, "can't be blank"],
		match: [/\S+\@\S+\.\S+/, 'is invalid'],
		index: true
    },
    password: {
        type: String,
        required: true
    },
	emailIsVerified: {
    	type: Boolean,
		default: false
	},
    createdAt: {
        type: Date,
        default: Date.now()
    },
	isAuthor: {
		type: Boolean,
		default: false
	},
	biffnoWins: {
    	type: Array,
		default: []
	},
	bio: {
    	type: String,
		default: ""
	}
	,
	isAdmin: {
        type: Boolean,
        default: false
    },
	isModerator: {
    	type: Boolean,
		default: false
	},
    isBanned: {
        type: Boolean,
        default: false
	}
}, {timestamps: true/*, collection: "users" */});
UserSchema.plugin(passportLocalMongoose);

UserSchema.plugin(uniqueValidator, {message: ' is already in use.'});

UserSchema.methods.setPassword = function (password, cb) {
	if (!password) {
		return cb(new BadRequestError(options.missingPasswordError));
	}
	
	var self = this;
	
	crypto.randomBytes(options.saltlen, function(err, buf) {
		if (err) {
			return cb(err);
		}
		
		var salt = buf.toString('hex');
		
		crypto.pbkdf2(password, salt, options.iterations, options.keylen, function(err, hashRaw) {
			if (err) {
				return cb(err);
			}
			self.set(options.hashField, new Buffer(hashRaw, 'binary').toString('hex'));
			self.set(options.saltField, salt);
			
			cb(null, self);
		});
	});
};
UserSchema.methods.cryptpass = function(pass) {
	// console.log(md5(pass));
	md5(pass);
};
UserSchema.methods.validPassword = function(password) {
	var isvalid = md5(password);
	return isvalid == this
};



// UserSchema.methods.generateJWT = function() {
// 	var today = new Date();
// 	var exp = new Date(today);
// 	exp.setDate(today.getDate() + 60);
// 	return jwt.sign({
// 		id: this._id,
// 		username: this.username,
// 		exp: parseInt(exp.getTime() / 1000),
// 	}, secret);
// };

// export model user with UserSchema
module.exports = mongoose.model("User", UserSchema, "users");

passport.js

var bodyParser = require("body-parser");
const LocalStrategy = require('passport-local').Strategy;
const User = require('../models/user');

module.exports = function (passport) {

// ======================SIGNUP ===========================
	passport.use('localsignup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
			usernameField : 'username',
			passwordField : 'password',
			passReqToCallback : true /* allows us to pass back the entire request to the callback */
		},
		function(req, username, email, password, done) {
			// User.findOne won't fire unless data is sent back
			process.nextTick(() => {
				// find a user whose email is the same as the forms email
				User.findOne({$or: [
						{username: username},
						{email: email}]}, function(err, user) {
						if (err)
							{return done(err)}
						if (user) {
							return done(null, false, console.log('That email/username is already taken.'));
						} else {
							// if there is no user with that email -create the user
							const newUser = new User();
							// set the user's local credentials
							newUser.username = username;
							newUser.email    = email;
							newUser.password = newUser.cryptpass(password);
							// save the user
							newUser.save(function(err) {
								if (err) {
									throw err;
								} else {
									return done(null, newUser);
								}
							});
						}
					});
				
			});
			
		}));

// =================LOCAL LOGIN ======================================
	
	passport.use('localogin', new LocalStrategy({
			usernameField: 'username',
			passwordField: 'password',
			passReqToCallback: true
		},
		function (req, username, password, done) {
			User.findOne({username: username}, function (err, user) {
				if (err)
					return done(err);
				if (!user)
					return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
				if (!user.validPassword(password))
					return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
				return done(null, user);
			});
		}));
	
};

routes.js

const express = require('express');
const app = express();
const router = express.Router();
let ejs = require('ejs');
let https = require('https'),
	fs = require('fs');
var mongoose = require('mongoose'),
	passport = require('passport'),
	passportLocalMongoose = require('passport-local-mongoose'),
	bodyParser = require('body-parser'),
	cookieParser = require("cookie-parser"),
	md5 = require('md5'),
	session = require('express-session');
const MongoStore = require("connect-mongo")(session);
require("./srrv/passport")(passport);
const User = require('./models/user');
// makes sure a user is logged in

module.exports = function (app, passport) {
	var bands = JSON.parse(fs.readFileSync('stories/characters.json'));
	
	/* ===================== login ======================= */
	function isLoggedIn(req, res, next){
		
		if (req.isAuthenticated()) {
			return next();
		} else {
			res.redirect('/login')
		}
	}
	app.get('/login', function (req, res) {
		res.render('login', {title: "Log In"})
	});
	app.get('/register', function (req, res) {
		res.render("register", {title: "Create New Account"})
	});
	app.post("/register", passport.authenticate("localsignup", {
		successRedirect: '/login',
		failureRedirect: '/register',
		failureFlash : false // allow flash messages
	}));
	app.post("/login", passport.authenticate("localogin", {
		successRedirect: '/my-stuff',
		failureRedirect: '/login',
		failureFlash : false
	}));
	app.get("/logout", (req, res) => {
		req.logout();
		res.redirect("/");
	});
	
// --------------------------- get ---------------------------- //
	
	app.get('/', function (req, res) {
		console.log(".");
		res.render('index', {title: "Home"});
	});
	app.get('/my-stuff', function (req, res) {
		res.render('mystuff', {title: "Your Stuff"});
	});
	app.get('/bands', function (req, res) {
		res.render('bands', {title: "Bands", bandList: Object.keys(bands)})
	});
	app.get('/stories', function (req, res) {
		res.render('stories', {title: "Fiction"})
	});
	app.get('/stories/new', isLoggedIn, function (req, res, next) {
		res.render('newstory/index', {title: "Post a new Fic!", bandList: Object.keys(bands)})
	});

// ======================================================= //
	
	app.post('/stories/new', function (req, res) {
		const newficband = req.body.bands;
		// console.log(newficband);
		if (req.query.s == 2) {
			res.render('newstory/step2.ejs', {title: "Select Relationships", charass: bands, selectedBands: newficband})
		}
		if (req.query.s == 3) {
			res.render('newstory/step3.ejs', {title: "Select Characters", charass: bands, selectedBands: newficband})
		}
	});
	
};