Thingyiot · May 7, 2015 02:06
diff --git a/Passport.js b/Passport.js
 var express = require('express')
  , passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy
  , mongodb = require('mongodb')
  , mongoose = require('mongoose')
  , bcrypt = require('bcrypt')
  , SALT_WORK_FACTOR = 10;
  
 mongoose.connect('localhost', 'test');
 var db = mongoose.connection;
 db.on('error', console.error.bind(console, 'connection error:'));
 db.once('open', function callback() {
  console.log('Connected to DB');
 });

 // User Schema
 var userSchema = mongoose.Schema({
  username: { type: String, required: true, unique: true },
  email: { type: String, required: true, unique: true },
  password: { type: String, required: true},
 });

 // Bcrypt middleware
 userSchema.pre('save', function(next) {
 	var user = this;

 	if(!user.isModified('password')) return next();

 	bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) {
 		if(err) return next(err);

 		bcrypt.hash(user.password, salt, function(err, hash) {
 			if(err) return next(err);
 			user.password = hash;
 			next();
 		});
 	});
 });

 // Password verification
 userSchema.methods.comparePassword = function(candidatePassword, cb) {
 	bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
 		if(err) return cb(err);
 		cb(null, isMatch);
 	});
 };

 // Seed a user
 var User = mongoose.model('User', userSchema);
 var user = new User({ username: 'bob', email: '[email protected]', password: 'secret' });
 user.save(function(err) {
  if(err) {
    console.log(err);
  } else {
    console.log('user: ' + user.username + " saved.");
  }
 });


 // Passport session setup.
 //   To support persistent login sessions, Passport needs to be able to
 //   serialize users into and deserialize users out of the session.  Typically,
 //   this will be as simple as storing the user ID when serializing, and finding
 //   the user by ID when deserializing.
 passport.serializeUser(function(user, done) {
  done(null, user.id);
 });

 passport.deserializeUser(function(id, done) {
  User.findById(id, function (err, user) {
    done(err, user);
  });
 });


 // Use the LocalStrategy within Passport.
 //   Strategies in passport require a `verify` function, which accept
 //   credentials (in this case, a username and password), and invoke a callback
 //   with a user object.  In the real world, this would query a database;
 //   however, in this example we are using a baked-in set of users.
 passport.use(new LocalStrategy(function(username, password, done) {
  User.findOne({ username: username }, function(err, user) {
    if (err) { return done(err); }
    if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
    user.comparePassword(password, function(err, isMatch) {
      if (err) return done(err);
      if(isMatch) {
        return done(null, user);
      } else {
        return done(null, false, { message: 'Invalid password' });
      }
    });
  });
 }));


 var app = express();

 // configure Express
 app.configure(function() {
  app.set('views', __dirname + '/views');
  app.set('view engine', 'ejs');
  app.engine('ejs', require('ejs-locals'));
  app.use(express.logger());
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.session({ secret: 'keyboard cat' }));
  // Initialize Passport!  Also use passport.session() middleware, to support
  // persistent login sessions (recommended).
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(app.router);
  app.use(express.static(__dirname + '/../../public'));
 });


 app.get('/', function(req, res){
  res.render('index', { user: req.user });
 });

 app.get('/account', ensureAuthenticated, function(req, res){
  res.render('account', { user: req.user });
 });

 app.get('/login', function(req, res){
  res.render('login', { user: req.user, message: req.session.messages });
 });

 // POST /login
 //   Use passport.authenticate() as route middleware to authenticate the
 //   request.  If authentication fails, the user will be redirected back to the
 //   login page.  Otherwise, the primary route function function will be called,
 //   which, in this example, will redirect the user to the home page.
 //
 //   curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login
 //   
 /***** This version has a problem with flash messages
 app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
  function(req, res) {
    res.redirect('/');
  });
 */
  
 // POST /login
 //   This is an alternative implementation that uses a custom callback to
 //   acheive the same functionality.
 app.post('/login', function(req, res, next) {
  passport.authenticate('local', function(err, user, info) {
    if (err) { return next(err) }
    if (!user) {
      req.session.messages =  [info.message];
      return res.redirect('/login')
    }
    req.logIn(user, function(err) {
      if (err) { return next(err); }
      return res.redirect('/');
    });
  })(req, res, next);
 });

 app.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
 });

 app.listen(3000, function() {
  console.log('Express server listening on port 3000');
 });


 // Simple route middleware to ensure user is authenticated.
 //   Use this route middleware on any resource that needs to be protected.  If
 //   the request is authenticated (typically via a persistent login session),
 //   the request will proceed.  Otherwise, the user will be redirected to the
 //   login page.
 function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { return next(); }
  res.redirect('/login')
 }
	var express = require('express')
	, passport = require('passport')
	, LocalStrategy = require('passport-local').Strategy
	, mongodb = require('mongodb')
	, mongoose = require('mongoose')
	, bcrypt = require('bcrypt')
	, SALT_WORK_FACTOR = 10;

	mongoose.connect('localhost', 'test');
	var db = mongoose.connection;
	db.on('error', console.error.bind(console, 'connection error:'));
	db.once('open', function callback() {
	console.log('Connected to DB');
	});

	// User Schema
	var userSchema = mongoose.Schema({
	username: { type: String, required: true, unique: true },
	email: { type: String, required: true, unique: true },
	password: { type: String, required: true},
	});

	// Bcrypt middleware
	userSchema.pre('save', function(next) {
	var user = this;

	if(!user.isModified('password')) return next();

	bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) {
	if(err) return next(err);

	bcrypt.hash(user.password, salt, function(err, hash) {
	if(err) return next(err);
	user.password = hash;
	next();
	});
	});
	});

	// Password verification
	userSchema.methods.comparePassword = function(candidatePassword, cb) {
	bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
	if(err) return cb(err);
	cb(null, isMatch);
	});
	};

	// Seed a user
	var User = mongoose.model('User', userSchema);
	var user = new User({ username: 'bob', email: '[email protected]', password: 'secret' });
	user.save(function(err) {
	if(err) {
	console.log(err);
	} else {
	console.log('user: ' + user.username + " saved.");
	}
	});


	// Passport session setup.
	// To support persistent login sessions, Passport needs to be able to
	// serialize users into and deserialize users out of the session. Typically,
	// this will be as simple as storing the user ID when serializing, and finding
	// the user by ID when deserializing.
	passport.serializeUser(function(user, done) {
	done(null, user.id);
	});

	passport.deserializeUser(function(id, done) {
	User.findById(id, function (err, user) {
	done(err, user);
	});
	});


	// Use the LocalStrategy within Passport.
	// Strategies in passport require a `verify` function, which accept
	// credentials (in this case, a username and password), and invoke a callback
	// with a user object. In the real world, this would query a database;
	// however, in this example we are using a baked-in set of users.
	passport.use(new LocalStrategy(function(username, password, done) {
	User.findOne({ username: username }, function(err, user) {
	if (err) { return done(err); }
	if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
	user.comparePassword(password, function(err, isMatch) {
	if (err) return done(err);
	if(isMatch) {
	return done(null, user);
	} else {
	return done(null, false, { message: 'Invalid password' });
	}
	});
	});
	}));


	var app = express();

	// configure Express
	app.configure(function() {
	app.set('views', __dirname + '/views');
	app.set('view engine', 'ejs');
	app.engine('ejs', require('ejs-locals'));
	app.use(express.logger());
	app.use(express.cookieParser());
	app.use(express.bodyParser());
	app.use(express.methodOverride());
	app.use(express.session({ secret: 'keyboard cat' }));
	// Initialize Passport! Also use passport.session() middleware, to support
	// persistent login sessions (recommended).
	app.use(passport.initialize());
	app.use(passport.session());
	app.use(app.router);
	app.use(express.static(__dirname + '/../../public'));
	});


	app.get('/', function(req, res){
	res.render('index', { user: req.user });
	});

	app.get('/account', ensureAuthenticated, function(req, res){
	res.render('account', { user: req.user });
	});

	app.get('/login', function(req, res){
	res.render('login', { user: req.user, message: req.session.messages });
	});

	// POST /login
	// Use passport.authenticate() as route middleware to authenticate the
	// request. If authentication fails, the user will be redirected back to the
	// login page. Otherwise, the primary route function function will be called,
	// which, in this example, will redirect the user to the home page.
	//
	// curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login
	//
	/***** This version has a problem with flash messages
	app.post('/login',
	passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
	function(req, res) {
	res.redirect('/');
	});
	*/

	// POST /login
	// This is an alternative implementation that uses a custom callback to
	// acheive the same functionality.
	app.post('/login', function(req, res, next) {
	passport.authenticate('local', function(err, user, info) {
	if (err) { return next(err) }
	if (!user) {
	req.session.messages = [info.message];
	return res.redirect('/login')
	}
	req.logIn(user, function(err) {
	if (err) { return next(err); }
	return res.redirect('/');
	});
	})(req, res, next);
	});

	app.get('/logout', function(req, res){
	req.logout();
	res.redirect('/');
	});

	app.listen(3000, function() {
	console.log('Express server listening on port 3000');
	});


	// Simple route middleware to ensure user is authenticated.
	// Use this route middleware on any resource that needs to be protected. If
	// the request is authenticated (typically via a persistent login session),
	// the request will proceed. Otherwise, the user will be redirected to the
	// login page.
	function ensureAuthenticated(req, res, next) {
	if (req.isAuthenticated()) { return next(); }
	res.redirect('/login')
	}