Auth-Passport Finished

.gitignore

@@ -0,0 +1 @@
+node_modules

app.js

@@ -0,0 +1,17 @@
+const express = require('express');
+const bodyParser = require('body-parser');
+const userController = require('./controllers/userController');
+const index = require('./routes/index');
+const passport = require('passport');
+const mongoose = require('mongoose');
+mongoose.connect('mongodb://localhost/authpassport');
+const app = express();
+
+
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(passport.initialize());
+app.use('/', index);
+
+app.listen(3000);
+
+module.exports = app;

controllers/userController.js

@@ -0,0 +1,80 @@
+const User = require('../models/user.js');
+const passwordHash = require('password-hash');
+const jwt = require('jsonwebtoken');
+
+
+let methods = {}
+
+methods.createUser = function(req,res,next) {
+  User.create({
+    username: req.body.username,
+    password: passwordHash.generate(req.body.password),
+    role: req.body.role
+  })
+  .then(function(data) {
+    res.json(data);
+  })
+}
+
+methods.getAllUsers = function(req,res,next) {
+  User.find()
+  .then(function(data) {
+    res.json(data);
+  })
+}
+
+methods.getOneUser = function(req,res,next) {
+  User.findById(req.params.id)
+  .then(function(data) {
+    res.json(data);
+  })
+}
+
+methods.updateUser = function(req,res,next) {
+  User.findById(req.params.id)
+  .then(function(data) {
+    data.username = req.body.username || data.username; // username change must be followed by password change
+    data.password = passwordHash.generate(req.body.password) || data.password;
+    data.role = req.body.role || data.role;
+    data.save()
+    .then(data_ => {
+      res.json(data_);
+    })
+  })
+}
+
+methods.deleteUser = function(req,res,next) {
+  User.findById(req.params.id)
+  .then(function(data) {
+    res.json(data);
+    data.remove();
+  })
+}
+
+methods.signUp = function(req,res,next) {
+  User.create({
+    username: req.body.username,
+    password: passwordHash.generate(req.body.password),
+    role: 'user'
+  })
+  .then(function(data) {
+    res.json(data)
+  })
+}
+
+methods.signIn = (req,res,next) => {
+  var object = req.user;
+  if (object.hasOwnProperty('message')) {
+    res.send(message);
+  } else {
+    var token = jwt.sign({
+      username : object.username,
+      role : object.role
+    }, 'secret', {
+      expiresIn : '3h'
+    })
+    res.send(token);
+  }
+}
+
+module.exports = methods;

helpers/util.js

@@ -0,0 +1,35 @@
+'use strict';
+
+var jwt = require('jsonwebtoken');
+var util = {};
+
+util.isValidAdmin = (req,res,next) => {
+  jwt.verify(req.headers.token, 'secret', (err,decoded) => {
+    if (decoded) {
+      if (decoded.role == 'admin') {
+        console.log(decoded)
+        next();
+      } else {
+        res.send('You are not authorized')
+      }
+    } else {
+      res.send(err)
+    }
+  })
+}
+
+util.isValidUserOrAdmin = (req,res,next) => {
+  jwt.verify(req.headers.token, 'secret', (err,decoded) => {
+    if (decoded) {
+      if (decoded.role == 'admin' || decoded.role == 'user') {
+        next();
+      } else {
+        res.send('You are not authorized')
+      }
+    } else {
+      res.send(err)
+    }
+  })
+}
+
+module.exports = util;

models/user.js

@@ -0,0 +1,12 @@
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+let userSchema = new Schema({
+  username: String,
+  password: String,
+  role: String
+});
+
+let User = mongoose.model('User', userSchema);
+
+module.exports = User;

package.json

@@ -0,0 +1,29 @@
+{
+  "name": "auth-passport",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "nodemon app.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/parelhutahaean/auth-passport.git"
+  },
+  "author": "",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/parelhutahaean/auth-passport/issues"
+  },
+  "homepage": "https://github.com/parelhutahaean/auth-passport#readme",
+  "dependencies": {
+    "body-parser": "^1.17.1",
+    "express": "^4.15.2",
+    "jsonwebtoken": "^7.4.0",
+    "mongoose": "^4.9.6",
+    "passport": "^0.3.2",
+    "passport-local": "^1.0.0",
+    "password-hash": "^1.2.2"
+  }
+}

routes/index.js

@@ -0,0 +1,40 @@
+var express = require('express');
+var router = express.Router();
+var userController = require('../controllers/userController');
+var util = require('../helpers/util.js');
+var passport = require('passport');
+var passwordHash = require('password-hash');
+var Strategy = require('passport-local').Strategy;
+var User = require('../models/user.js');
+
+/* GET home page. */
+router.get('/', function(req, res, next) {
+  res.send('Hello World Yes');
+});
+
+passport.use(new Strategy(
+  function(username, password, done) {
+    console.log(username);
+    User.findOne({ username: username }, function(err, user) {
+      if (err) { return done(err); }
+      if (!user) {
+        return done(null, { message: 'Incorrect username.' });
+      }
+      if (passwordHash.verify(password, user.password) == false) {
+        return done(null, { message: 'Incorrect password.' });
+      }
+      return done(null, user);
+    });
+  }
+));
+
+router.post('/api/users', util.isValidAdmin, userController.createUser);
+router.get('/api/users', util.isValidAdmin, userController.getAllUsers);
+router.get('/api/users/:id', util.isValidUserOrAdmin, userController.getOneUser);
+router.put('/api/users/:id', util.isValidAdmin, userController.updateUser);
+router.delete('/api/users/:id', util.isValidAdmin, userController.deleteUser);
+router.post('/signup', userController.signUp);
+router.post('/signin', passport.authenticate('local', {session: false}), userController.signIn);
+/*passport.authenticate('local', {session: false}),*/
+
+module.exports = router;