freekrai · August 29, 2015 14:13
diff --git a/application.js b/application.js
 // config/application.js

 var passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy;

 // some static users
 var users = [
    { id: 1, username: 'bob', password: 'secret', email: '[email protected]' }
  , { id: 2, username: 'joe', password: 'birthday', email: '[email protected]' }
 ];

 // helper functions
 function findById(id, fn) {
  var idx = id - 1;
  if (users[idx]) {
    fn(null, users[idx]);
  } else {
    fn(new Error('User ' + id + ' does not exist'));
  }
 }

 function findByUsername(username, fn) {
  for (var i = 0, len = users.length; i < len; i++) {
    var user = users[i];
    if (user.username === username) {
      return fn(null, user);
    }
  }
  return fn(null, null);
 }


 // Passport session setup.
 // To support persistent login sessions, Passport needs to be able to
 // serialize users into and deserialize users out of the session. Typically,
 // this will be as simple as storing the user ID when serializing, and finding
 // the user by ID when deserializing.
 passport.serializeUser(function(user, done) {
  done(null, user.id);
 });

 passport.deserializeUser(function(id, done) {
  findById(id, function (err, user) {
    done(err, user);
  });
 });


 // Use the LocalStrategy within Passport.
 // Strategies in passport require a `verify` function, which accept
 // credentials (in this case, a username and password), and invoke a callback
 // with a user object. In the real world, this would query a database;
 // however, in this example we are using a baked-in set of users.
 passport.use(new LocalStrategy(
  function(username, password, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {
      
      // Find the user by username. If there is no user with the given
      // username, or the password is not correct, set the user to `false` to
      // indicate failure and set a flash message. Otherwise, return the
      // authenticated `user`.
      findByUsername(username, function(err, user) {
        if (err) { return done(err); }
        if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
        if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
        return done(null, user);
      })
    });
  }
 ));

 // export

 module.exports = {
  
 	// Name of the application (used as default <title>)
 	appName: "Sails Application",

 	// Port this Sails application will live on
 	port: 1337,

 	// The environment the app is deployed in 
 	// (`development` or `production`)
 	//
 	// In `production` mode, all css and js are bundled up and minified
 	// And your views and templates are cached in-memory.  Gzip is also used.
 	// The downside?  Harder to debug, and the server takes longer to start.
 	environment: 'development',

  // Custom express middleware - we use this to register the passport middleware
 	express: {
 		customMiddleware: function(app)
 		{
 			app.use(passport.initialize());
 			app.use(passport.session());
 		}
 	}

 };
diff --git a/AuthController.js b/AuthController.js
 // api/controllers/AuthController.js

 var passport = require('passport');

 var AuthController = {

  login: function (req,res)
 	{
 		res.view();
 	},

 	process: function(req, res)
 	{
 		passport.authenticate('local', function(err, user, info)
 		{
 			if ((err) || (!user))
 			{
 				res.redirect('/login');
 				return;
 			}

 			req.logIn(user, function(err)
 			{
 				if (err)
 				{
 					res.view();
 					return;
 				}
 				
 				res.redirect('/');
 				return;
 			});
 		})(req, res);
 	},

 	logout: function (req,res)
 	{
 		req.logout();
 		res.redirect('/');
 	}

 };

 module.exports = AuthController;
diff --git a/authenticated.js b/authenticated.js
 // api/policies/authenticated.js

 // We use passport to determine if we're authenticated
 module.exports = function(req, res, next)
 {
  if (req.isAuthenticated())
 		return next();

 	res.redirect('/login')
 }
diff --git a/login.ejs b/login.ejs
 // views/auth/login.ejs


 <form action="/login" method="post">
 <div>
 <label>Username:</label>
 <input type="text" name="username"/><br/>
 </div>
 <div>
 <label>Password:</label>
 <input type="password" name="password"/>
 </div>
 <div>
 <input type="submit" value="Submit"/>
 </div>
 </form>
 <p><small>Hint - bob:secret</small></p>
diff --git a/policies.js b/policies.js
 // config/policies.js

 /**
 * Policy defines middleware that is run before each controller/controller.
 * Any policy dropped into the /middleware directory is made globally available through sails.middleware
 * Below, use the string name of the middleware
 */
 module.exports.policies = {
  // default require authentication
  // see api/policies/authenticated.js
 	'*': 'authenticated',

  // whitelist the auth controller
 	'auth':
 	{
 		'*': true
 	}
 };
	// config/application.js

	var passport = require('passport')
	, LocalStrategy = require('passport-local').Strategy;

	// some static users
	var users = [
	{ id: 1, username: 'bob', password: 'secret', email: '[email protected]' }
	, { id: 2, username: 'joe', password: 'birthday', email: '[email protected]' }
	];

	// helper functions
	function findById(id, fn) {
	var idx = id - 1;
	if (users[idx]) {
	fn(null, users[idx]);
	} else {
	fn(new Error('User ' + id + ' does not exist'));
	}
	}

	function findByUsername(username, fn) {
	for (var i = 0, len = users.length; i < len; i++) {
	var user = users[i];
	if (user.username === username) {
	return fn(null, user);
	}
	}
	return fn(null, null);
	}


	// Passport session setup.
	// To support persistent login sessions, Passport needs to be able to
	// serialize users into and deserialize users out of the session. Typically,
	// this will be as simple as storing the user ID when serializing, and finding
	// the user by ID when deserializing.
	passport.serializeUser(function(user, done) {
	done(null, user.id);
	});

	passport.deserializeUser(function(id, done) {
	findById(id, function (err, user) {
	done(err, user);
	});
	});


	// Use the LocalStrategy within Passport.
	// Strategies in passport require a `verify` function, which accept
	// credentials (in this case, a username and password), and invoke a callback
	// with a user object. In the real world, this would query a database;
	// however, in this example we are using a baked-in set of users.
	passport.use(new LocalStrategy(
	function(username, password, done) {
	// asynchronous verification, for effect...
	process.nextTick(function () {

	// Find the user by username. If there is no user with the given
	// username, or the password is not correct, set the user to `false` to
	// indicate failure and set a flash message. Otherwise, return the
	// authenticated `user`.
	findByUsername(username, function(err, user) {
	if (err) { return done(err); }
	if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
	if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
	return done(null, user);
	})
	});
	}
	));

	// export

	module.exports = {

	// Name of the application (used as default <title>)
	appName: "Sails Application",

	// Port this Sails application will live on
	port: 1337,

	// The environment the app is deployed in
	// (`development` or `production`)
	//
	// In `production` mode, all css and js are bundled up and minified
	// And your views and templates are cached in-memory. Gzip is also used.
	// The downside? Harder to debug, and the server takes longer to start.
	environment: 'development',

	// Custom express middleware - we use this to register the passport middleware
	express: {
	customMiddleware: function(app)
	{
	app.use(passport.initialize());
	app.use(passport.session());
	}
	}

	};
	// api/controllers/AuthController.js

	var passport = require('passport');

	var AuthController = {

	login: function (req,res)
	{
	res.view();
	},

	process: function(req, res)
	{
	passport.authenticate('local', function(err, user, info)
	{
	if ((err) \|\| (!user))
	{
	res.redirect('/login');
	return;
	}

	req.logIn(user, function(err)
	{
	if (err)
	{
	res.view();
	return;
	}

	res.redirect('/');
	return;
	});
	})(req, res);
	},

	logout: function (req,res)
	{
	req.logout();
	res.redirect('/');
	}

	};

	module.exports = AuthController;
	// api/policies/authenticated.js

	// We use passport to determine if we're authenticated
	module.exports = function(req, res, next)
	{
	if (req.isAuthenticated())
	return next();

	res.redirect('/login')
	}
	// views/auth/login.ejs


	<form action="/login" method="post">
	<div>
	<label>Username:</label>
	<input type="text" name="username"/><br/>
	</div>
	<div>
	<label>Password:</label>
	<input type="password" name="password"/>
	</div>
	<div>
	<input type="submit" value="Submit"/>
	</div>
	</form>
	<p><small>Hint - bob:secret</small></p>
	// config/policies.js

	/**
	* Policy defines middleware that is run before each controller/controller.
	* Any policy dropped into the /middleware directory is made globally available through sails.middleware
	* Below, use the string name of the middleware
	*/
	module.exports.policies = {
	// default require authentication
	// see api/policies/authenticated.js
	'*': 'authenticated',

	// whitelist the auth controller
	'auth':
	{
	'*': true
	}
	};