240 lines
5.3 KiB
JavaScript
Executable File
240 lines
5.3 KiB
JavaScript
Executable File
var express = require('express'),
|
|
mongoose = require('mongoose'),
|
|
fs = require('fs'),
|
|
config = require('./conf'),
|
|
passport = require('passport');
|
|
|
|
/**
|
|
* Generic require login routing middleware
|
|
*/
|
|
var requiresLogin = function(req, res, next) {
|
|
if (!req.isAuthenticated()) {
|
|
return res.send(401, 'User is not authorized');
|
|
}
|
|
next();
|
|
};
|
|
|
|
/**
|
|
* User authorizations routing middleware
|
|
*/
|
|
var hasAuthorization = function(req, res, next) {
|
|
if (req.profile.id != req.user.id) {
|
|
return res.send(401, 'User is not authorized');
|
|
}
|
|
next();
|
|
};
|
|
|
|
/**
|
|
* Article authorizations routing middleware
|
|
*/
|
|
var hasAuthorization = function(req, res, next) {
|
|
if (req.article.user.id != req.user.id) {
|
|
return res.send(401, 'User is not authorized');
|
|
}
|
|
next();
|
|
};
|
|
|
|
//Bootstrap db connection
|
|
var db = mongoose.connect(config.db);
|
|
|
|
/**
|
|
* Module dependencies.
|
|
*/
|
|
var mongoose = require('mongoose'),
|
|
Schema = mongoose.Schema,
|
|
crypto = require('crypto'),
|
|
_ = require('underscore'),
|
|
authTypes = ['github', 'twitter', 'facebook', 'google'];
|
|
|
|
|
|
/**
|
|
* User Schema
|
|
*/
|
|
var UserSchema = new Schema({
|
|
name: String,
|
|
email: String,
|
|
username: {
|
|
type: String,
|
|
unique: true
|
|
},
|
|
provider: String,
|
|
hashed_password: String,
|
|
salt: String,
|
|
facebook: {},
|
|
twitter: {},
|
|
github: {},
|
|
google: {}
|
|
});
|
|
|
|
/**
|
|
* Virtuals
|
|
*/
|
|
UserSchema.virtual('password').set(function(password) {
|
|
this._password = password;
|
|
this.salt = this.makeSalt();
|
|
this.hashed_password = this.encryptPassword(password);
|
|
}).get(function() {
|
|
return this._password;
|
|
});
|
|
|
|
/**
|
|
* Validations
|
|
*/
|
|
var validatePresenceOf = function(value) {
|
|
return value && value.length;
|
|
};
|
|
|
|
// the below 4 validations only apply if you are signing up traditionally
|
|
UserSchema.path('name').validate(function(name) {
|
|
// if you are authenticating by any of the oauth strategies, don't validate
|
|
if (authTypes.indexOf(this.provider) !== -1) return true;
|
|
return name.length;
|
|
}, 'Name cannot be blank');
|
|
|
|
UserSchema.path('email').validate(function(email) {
|
|
// if you are authenticating by any of the oauth strategies, don't validate
|
|
if (authTypes.indexOf(this.provider) !== -1) return true;
|
|
return email.length;
|
|
}, 'Email cannot be blank');
|
|
|
|
UserSchema.path('username').validate(function(username) {
|
|
// if you are authenticating by any of the oauth strategies, don't validate
|
|
if (authTypes.indexOf(this.provider) !== -1) return true;
|
|
return username.length;
|
|
}, 'Username cannot be blank');
|
|
|
|
UserSchema.path('hashed_password').validate(function(hashed_password) {
|
|
// if you are authenticating by any of the oauth strategies, don't validate
|
|
if (authTypes.indexOf(this.provider) !== -1) return true;
|
|
return hashed_password.length;
|
|
}, 'Password cannot be blank');
|
|
|
|
|
|
/**
|
|
* Pre-save hook
|
|
*/
|
|
UserSchema.pre('save', function(next) {
|
|
if (!this.isNew) return next();
|
|
|
|
if (!validatePresenceOf(this.password) && authTypes.indexOf(this.provider) === -1)
|
|
next(new Error('Invalid password'));
|
|
else
|
|
next();
|
|
});
|
|
|
|
/**
|
|
* Methods
|
|
*/
|
|
UserSchema.methods = {
|
|
/**
|
|
* Authenticate - check if the passwords are the same
|
|
*
|
|
* @param {String} plainText
|
|
* @return {Boolean}
|
|
* @api public
|
|
*/
|
|
authenticate: function(plainText) {
|
|
return this.encryptPassword(plainText) === this.hashed_password;
|
|
},
|
|
|
|
/**
|
|
* Make salt
|
|
*
|
|
* @return {String}
|
|
* @api public
|
|
*/
|
|
makeSalt: function() {
|
|
return Math.round((new Date().valueOf() * Math.random())) + '';
|
|
},
|
|
|
|
/**
|
|
* Encrypt password
|
|
*
|
|
* @param {String} password
|
|
* @return {String}
|
|
* @api public
|
|
*/
|
|
encryptPassword: function(password) {
|
|
if (!password) return '';
|
|
return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
|
|
}
|
|
};
|
|
|
|
mongoose.model('User', UserSchema);
|
|
|
|
/**
|
|
* Article Schema
|
|
*/
|
|
var ArticleSchema = new Schema({
|
|
created: {
|
|
type: Date,
|
|
default: Date.now
|
|
},
|
|
title: {
|
|
type: String,
|
|
default: '',
|
|
trim: true
|
|
},
|
|
content: {
|
|
type: String,
|
|
default: '',
|
|
trim: true
|
|
},
|
|
user: {
|
|
type: Schema.ObjectId,
|
|
ref: 'User'
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Validations
|
|
*/
|
|
ArticleSchema.path('title').validate(function(title) {
|
|
return title.length;
|
|
}, 'Title cannot be blank');
|
|
|
|
/**
|
|
* Statics
|
|
*/
|
|
ArticleSchema.statics = {
|
|
load: function(id, cb) {
|
|
this.findOne({
|
|
_id: id
|
|
}).populate('user', 'name username').exec(cb);
|
|
}
|
|
};
|
|
|
|
mongoose.model('Article', ArticleSchema);
|
|
|
|
var app = express();
|
|
|
|
|
|
/**
|
|
* Express Settings
|
|
*/
|
|
app.set('port', process.env.PORT || 3000);
|
|
app.use(express.favicon());
|
|
app.use(express.logger('dev'));
|
|
app.use(express.json());
|
|
app.use(express.urlencoded());
|
|
app.use(express.methodOverride());
|
|
app.use(app.router);
|
|
app.use(express.static(config.root + '/public'));
|
|
|
|
|
|
/**
|
|
* API Routes
|
|
*/
|
|
app.post('/api/users', users.create);
|
|
app.get('/api/users/me', users.me);
|
|
app.get('/api/users/:userId', users.show);
|
|
app.get('/api/articles', articles.all);
|
|
app.post('/api/articles', requiresLogin, articles.create);
|
|
app.get('/api/articles/:articleId', articles.show);
|
|
app.put('/api/articles/:articleId', auth.requiresLogin, auth.article.hasAuthorization, articles.update);
|
|
app.del('/api/articles/:articleId', auth.requiresLogin, auth.article.hasAuthorization, articles.destroy);
|
|
|
|
|
|
app.listen(app.get('port'), function() {
|
|
console.log('Express server listening on port ' + app.get('port'));
|
|
}); |