Adding passport config stuff

common/config.global.js

@@ -0,0 +1,7 @@
+// The path where to mount the REST API app
+exports.restApiRoot = '/api';
+//
+// The URL where the browser client can access the REST API is available
+// Replace with a full url (including hostname) if your client is being
+// served from a different server than your REST API.
+exports.restApiUrl = exports.restApiRoot;

common/models/User-Credential.json

@@ -0,0 +1,16 @@
+{
+  "name": "userCredential",
+  "plural": "userCredentials",
+  "base": "UserCredential",
+  "properties": {},
+  "validations": [],
+  "relations": {
+    "user": {
+      "type": "belongsTo",
+      "model": "user",
+      "foreignKey": "userId"
+    }
+  },
+  "acls": [],
+  "methods": []
+}

common/models/User-Identity.js

@@ -0,0 +1,27 @@
+//var debug = require('debug')('freecc:models:userIdent');
+//
+//module.exports = function(UserIdent) {
+//
+//  UserIdent.observe('before save', function(ctx, next) {
+//
+//    var userIdent = ctx.instance;
+//    userIdent.user(function(err, user) {
+//      if (err) { return next(err); }
+//      debug('got user', user.username);
+//
+//      // check if user has picture
+//      //  set user.picture from twitter
+//      if (!user.picture) {
+//        debug('use has no pic');
+//        user.picture = userIdent.profile.photos[0].value;
+//        user.save(function(err) {
+//          if (err) { return next(err); }
+//          next();
+//        });
+//      } else {
+//        debug('exiting after user ident');
+//        next();
+//      }
+//    });
+//  });
+//};

common/models/User-Identity.json

@@ -0,0 +1,16 @@
+{
+  "name": "userIdentity",
+  "plural": "userIdentities",
+  "base": "UserIdentity",
+  "properties": {},
+  "validations": [],
+  "relations": {
+    "user": {
+      "type": "belongsTo",
+      "model": "user",
+      "foreignKey": "userId"
+    }
+  },
+  "acls": [],
+  "methods": []
+}

common/models/User.js

@@ -0,0 +1,19 @@
+var debug = require('debug')('freecc:models:user');
+
+module.exports = function(User) {
+  debug('setting up user hooks');
+  /*
+   * NOTE(berks): not sure if this is still needed
+  User.observe('before save', function setUsername(ctx, next) {
+    // set username from twitter
+    if (ctx.instance.username && ctx.instance.username.match(/twitter/g)) {
+      ctx.instance.username =
+        ctx.instance.username.match(/twitter/g) ?
+          ctx.instance.username.split('.').pop().toLowerCase() :
+          ctx.instance.username;
+      debug('username set', ctx.instance.username);
+    }
+    next();
+  });
+  */
+};

package.json

@@ -59,6 +59,7 @@
     "lodash": "~2.4.1",
     "loopback": "^2.18.0",
     "loopback-boot": "^2.8.0",
+    "loopback-component-passport": "^1.3.1",
     "loopback-connector-mongodb": "^1.10.0",
     "lusca": "~1.0.2",
     "method-override": "~2.3.0",

server/config.development.js

@@ -0,0 +1,18 @@
+module.exports = {
+  host: '127.0.0.1',
+  sessionSecret: process.env.SESSION_SECRET,
+
+  trello: {
+    key: process.env.TRELLO_KEY,
+    secret: process.env.TRELLO_SECRET
+  },
+
+  blogger: {
+    key: process.env.BLOGGER_KEY
+  },
+
+  github: {
+    clientID: process.env.GITHUB_ID,
+    clientSecret: process.env.GITHUB_SECRET
+  }
+};

server/config.local.js

@@ -0,0 +1,5 @@
+var globalConfig = require('../common/config.global');
+
+module.exports = {
+  restApiRoot: globalConfig.restApi
+};

server/datasources.development.js

@@ -0,0 +1,6 @@
+module.exports = {
+  db: {
+    connector: 'mongodb',
+    url: process.env.MONGOHQ_URL
+  }
+};

server/model-config.json

@@ -57,5 +57,13 @@
   "user": {
     "dataSource": "db",
     "public": true
+  },
+  "userCredential": {
+    "dataSource": "db",
+    "public": true
+  },
+  "userIdentity": {
+    "dataSource": "db",
+    "public": true
   }
 }

server/passport-providers.js

@@ -0,0 +1,149 @@
+var successRedirect = '/';
+var failureRedirect = '/login';
+module.exports = {
+  local: {
+    provider: 'local',
+    module: 'passport-local',
+    usernameField: 'email',
+    passwordField: 'password',
+    authPath: '/auth/local',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    failureFlash: true
+  },
+  'facebook-login': {
+    provider: 'facebook',
+    module: 'passport-facebook',
+    clientID: process.env.FACEBOOK_ID,
+    clientSecret: process.env.FACEBOOK_SECRET,
+    authPath: '/auth/facebook',
+    callbackURL: '/auth/facebook/callback',
+    callbackPath: '/auth/facebook/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email'],
+    failureFlash: true
+  },
+  'facebook-link': {
+    provider: 'facebook',
+    module: 'passport-facebook',
+    clientID: process.env.FACEBOOK_ID,
+    clientSecret: process.env.FACEBOOK_SECRET,
+    authPath: '/link/facebook',
+    callbackURL: '/link/facebook/callback',
+    callbackPath: '/link/facebook/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email', 'user_likes'],
+    link: true,
+    failureFlash: true
+  },
+  'github-login': {
+    provider: 'github',
+    module: 'passport-github',
+    clientID: process.env.GITHUB_ID,
+    clientSecret: process.env.GITHUB_SECRET,
+    authPath: '/auth/github',
+    callbackURL: '/auth/github/callback',
+    callbackPath: '/auth/github/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email'],
+    failureFlash: true
+  },
+  'github-link': {
+    provider: 'github',
+    module: 'passport-github',
+    clientID: process.env.GITHUB_ID,
+    clientSecret: process.env.GITHUB_SECRET,
+    authPath: '/link/github',
+    callbackURL: '/link/github/callback',
+    callbackPath: '/link/github/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email', 'user_likes'],
+    link: true,
+    failureFlash: true
+  },
+  'google-login': {
+    provider: 'google',
+    module: 'passport-google-oauth2',
+    clientID: process.env.GOOGLE_ID,
+    clientSecret: process.env.GOOGLE_SECRET,
+    authPath: '/auth/google',
+    callbackURL: '/auth/google/callback',
+    callbackPath: '/auth/google/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email', 'profile'],
+    failureFlash: true
+  },
+  'google-link': {
+    provider: 'google',
+    module: 'passport-google-oauth2',
+    clientID: process.env.GOOGLE_ID,
+    clientSecret: process.env.GOOGLE_SECRET,
+    authPath: '/link/google',
+    callbackURL: '/link/google/callback',
+    callbackPath: '/link/google/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    scope: ['email', 'profile'],
+    link: true,
+    failureFlash: true
+  },
+  'twitter-login': {
+    provider: 'twitter',
+    authScheme: 'oauth',
+    module: 'passport-twitter',
+    authPath: '/auth/twitter',
+    callbackURL: '/auth/twitter/callback',
+    callbackPath: '/auth/twitter/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    consumerKey: process.env.TWITTER_KEY,
+    consumerSecret: process.env.TWITTER_SECRET,
+    failureFlash: true
+  },
+  'twitter-link': {
+    provider: 'twitter',
+    authScheme: 'oauth',
+    module: 'passport-twitter',
+    authPath: '/link/twitter',
+    callbackURL: '/link/twitter/callback',
+    callbackPath: '/link/twitter/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    consumerKey: process.env.TWITTER_KEY,
+    consumerSecret: process.env.TWITTER_SECRET,
+    failureFlash: true
+  },
+  'linkedin-login': {
+    provider: 'linkedin',
+    authScheme: 'oauth',
+    module: 'passport-linkedin-oauth2',
+    authPath: '/auth/linkedin',
+    callbackURL: '/auth/linkedin/callback',
+    callbackPath: '/auth/linkedin/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    clientID: process.env.LINKEDIN_ID,
+    clientSecret: process.env.LINKEDIN_SECRET,
+    scope: ['r_fullprofile', 'r_emailaddress'],
+    failureFlash: true
+  },
+  'linkedin-link': {
+    provider: 'linkedin',
+    authScheme: 'oauth',
+    module: 'passport-linkedin-oauth2',
+    authPath: '/link/linkedin',
+    callbackURL: '/link/linkedin/callback',
+    callbackPath: '/link/linkedin/callback',
+    successRedirect: successRedirect,
+    failureRedirect: failureRedirect,
+    clientID: process.env.LINKEDIN_ID,
+    clientSecret: process.env.LINKEDIN_SECRET,
+    scope: ['r_fullprofile', 'r_emailaddress'],
+    failureFlash: true
+  }
+};

server/server.js

@@ -9,35 +9,39 @@ process.on('uncaughtException', function (err) {
   process.exit(1); // eslint-disable-line
 });
 
-var loopback = require('loopback'),
+var R = require('ramda'),
-  boot = require('loopback-boot'),
+    loopback = require('loopback'),
-  accepts = require('accepts'),
+    boot = require('loopback-boot'),
-  cookieParser = require('cookie-parser'),
+    accepts = require('accepts'),
-  compress = require('compression'),
+    cookieParser = require('cookie-parser'),
-  session = require('express-session'),
+    compress = require('compression'),
-  logger = require('morgan'),
+    session = require('express-session'),
-  errorHandler = require('errorhandler'),
+    logger = require('morgan'),
-  methodOverride = require('method-override'),
+    errorHandler = require('errorhandler'),
-  bodyParser = require('body-parser'),
+    methodOverride = require('method-override'),
-  helmet = require('helmet'),
+    bodyParser = require('body-parser'),
-  MongoStore = require('connect-mongo')(session),
+    helmet = require('helmet'),
-  flash = require('express-flash'),
+    MongoStore = require('connect-mongo')(session),
-  path = require('path'),
+    flash = require('express-flash'),
-  passport = require('passport'),
+    path = require('path'),
-  expressValidator = require('express-validator'),
+    passport = require('passport'),
-  // request = require('request'),
+    expressValidator = require('express-validator'),
-  forceDomain = require('forcedomain'),
+    forceDomain = require('forcedomain'),
-  lessMiddleware = require('less-middleware'),
+    lessMiddleware = require('less-middleware'),
 
-  /**
+    passportProviders = require('./passport-providers'),
-   * API keys and Passport configuration.
+    /**
-   */
+    * API keys and Passport configuration.
-  secrets = require('./../config/secrets');
+    */
+    secrets = require('./../config/secrets');
 
 /**
  * Create Express server.
  */
 var app = loopback();
+var PassportConfigurator =
+  require('loopback-component-passport').PassportConfigurator;
+var passportConfigurator = new PassportConfigurator(app);
 
 app.set('port', process.env.PORT || 3000);
 app.set('views', path.join(__dirname, 'views'));
@@ -162,6 +166,7 @@ app.use(helmet.csp({
   safari5: false
 }));
 
+passportConfigurator.init();
 
 app.use(function (req, res, next) {
   // Make user object available in templates.
@@ -173,7 +178,11 @@ app.use(
   loopback.static(path.join(__dirname, '../public'), { maxAge: 86400000 })
 );
 
-boot(app, __dirname);
+boot(app, {
+  appRootDir: __dirname,
+  dev: process.env.NODE_ENV
+});
+
 app.use(function (req, res, next) {
   // Remember original destination before login.
   var path = req.path.split('/')[1];
@@ -186,6 +195,18 @@ app.use(function (req, res, next) {
   next();
 });
 
+passportConfigurator.setupModels({
+  userModel: app.models.user,
+  userIdentityModel: app.models.userIdentity,
+  userCredentialModel: app.models.userCredential
+});
+
+R.keys(passportProviders).map(function(strategy) {
+  var config = passportProviders[strategy];
+  config.session = config.session !== false;
+  passportConfigurator.configureProvider(strategy, config);
+});
+
 /**
  * OAuth sign-in routes.
  */