jokecamp · July 6, 2020 13:50 · pallavidhan · Dec 20, 2017 · bouwerp · Jul 6, 2020
diff --git a/package.json b/package.json
 {
  "name": "securehelloworld",
  "version": "1.0.0",
  "description": "",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.13.3",
    "express-session": "^1.11.3",
    "passport": "^0.3.0",
    "passport-github": "^1.0.0"
  }
 }
diff --git a/server.js b/server.js
 var express = require('express');
 var app = express();
 var passport = require('passport');
 var GithubStrategy = require('passport-github').Strategy;

 passport.use(new GithubStrategy({
    clientID: "YOUR CLIENT ID",
    clientSecret: "YOUR CLIENT SECRET",
    callbackURL: "http://localhost:30000/auth/github/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    // placeholder for translating profile into your own custom user object.
    // for now we will just use the profile object returned by GitHub
    return done(null, profile);
  }
 ));

 // Express and Passport Session
 var session = require('express-session');
 app.use(session({secret: "enter custom sessions secret here"}));
 app.use(passport.initialize());
 app.use(passport.session());

 passport.serializeUser(function(user, done) {
  // placeholder for custom user serialization
  // null is for errors
  done(null, user);
 });

 passport.deserializeUser(function(user, done) {
  // placeholder for custom user deserialization.
  // maybe you are getoing to get the user from mongo by id?
  // null is for errors
  done(null, user);
 });

 // we will call this to start the GitHub Login process
 app.get('/auth/github', passport.authenticate('github'));

 // GitHub will call this URL
 app.get('/auth/github/callback',
  passport.authenticate('github', { failureRedirect: '/' }),
  function(req, res) {
    res.redirect('/');
  });

 app.get('/', function (req, res) {
  var html = "<ul>\
    <li><a href='/auth/github'>GitHub</a></li>\
    <li><a href='/logout'>logout</a></li>\
  </ul>";

  // dump the user for debugging
  if (req.isAuthenticated()) {
    html += "<p>authenticated as user:</p>"
    html += "<pre>" + JSON.stringify(req.user, null, 4) + "</pre>";
  }

  res.send(html);
 });

 app.get('/logout', function(req, res){
  console.log('logging out');
  req.logout();
  res.redirect('/');
 });

 // Simple route middleware to ensure user is authenticated.
 //  Use this route middleware on any resource that needs to be protected.  If
 //  the request is authenticated (typically via a persistent login session),
 //  the request will proceed.  Otherwise, the user will be redirected to the
 //  login page.
 function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { return next(); }
  res.redirect('/')
 }

 app.get('/protected', ensureAuthenticated, function(req, res) {
  res.send("acess granted");
 });



 var server = app.listen(30000, function () {
  console.log('Example app listening at http://%s:%s',
    server.address().address, server.address().port);
 });
	{
	"name": "securehelloworld",
	"version": "1.0.0",
	"description": "",
	"main": "server.js",
	"scripts": {
	"test": "echo \"Error: no test specified\" && exit 1"
	},
	"author": "",
	"license": "ISC",
	"dependencies": {
	"express": "^4.13.3",
	"express-session": "^1.11.3",
	"passport": "^0.3.0",
	"passport-github": "^1.0.0"
	}
	}
	var express = require('express');
	var app = express();
	var passport = require('passport');
	var GithubStrategy = require('passport-github').Strategy;

	passport.use(new GithubStrategy({
	clientID: "YOUR CLIENT ID",
	clientSecret: "YOUR CLIENT SECRET",
	callbackURL: "http://localhost:30000/auth/github/callback"
	},
	function(accessToken, refreshToken, profile, done) {
	// placeholder for translating profile into your own custom user object.
	// for now we will just use the profile object returned by GitHub
	return done(null, profile);
	}
	));

	// Express and Passport Session
	var session = require('express-session');
	app.use(session({secret: "enter custom sessions secret here"}));
	app.use(passport.initialize());
	app.use(passport.session());

	passport.serializeUser(function(user, done) {
	// placeholder for custom user serialization
	// null is for errors
	done(null, user);
	});

	passport.deserializeUser(function(user, done) {
	// placeholder for custom user deserialization.
	// maybe you are getoing to get the user from mongo by id?
	// null is for errors
	done(null, user);
	});

	// we will call this to start the GitHub Login process
	app.get('/auth/github', passport.authenticate('github'));

	// GitHub will call this URL
	app.get('/auth/github/callback',
	passport.authenticate('github', { failureRedirect: '/' }),
	function(req, res) {
	res.redirect('/');
	});

	app.get('/', function (req, res) {
	var html = "<ul>\
	<li><a href='/auth/github'>GitHub</a></li>\
	<li><a href='/logout'>logout</a></li>\
	</ul>";

	// dump the user for debugging
	if (req.isAuthenticated()) {
	html += "<p>authenticated as user:</p>"
	html += "<pre>" + JSON.stringify(req.user, null, 4) + "</pre>";
	}

	res.send(html);
	});

	app.get('/logout', function(req, res){
	console.log('logging out');
	req.logout();
	res.redirect('/');
	});

	// Simple route middleware to ensure user is authenticated.
	// Use this route middleware on any resource that needs to be protected. If
	// the request is authenticated (typically via a persistent login session),
	// the request will proceed. Otherwise, the user will be redirected to the
	// login page.
	function ensureAuthenticated(req, res, next) {
	if (req.isAuthenticated()) { return next(); }
	res.redirect('/')
	}

	app.get('/protected', ensureAuthenticated, function(req, res) {
	res.send("acess granted");
	});



	var server = app.listen(30000, function () {
	console.log('Example app listening at http://%s:%s',
	server.address().address, server.address().port);
	});