gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added sample app for client-server authentication

Browse Source
This commit is contained in:
Sahat Yalkabov
2013-11-13 17:16:06 -05:00
parent bf83154066
commit fc5563c70c
29 changed files with 1199 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
server/routes.js Executable file
View File

@@ -0,0 +1,155 @@
var _ = require('underscore')
, path = require('path')
, passport = require('passport')
, AuthCtrl = require('./controllers/auth')
, UserCtrl = require('./controllers/user')
, User = require('./models/User.js')
, userRoles = require('../client/js/routingConfig').userRoles
, accessLevels = require('../client/js/routingConfig').accessLevels;
var routes = [
// Views
{
path: '/partials/*',
httpMethod: 'GET',
middleware: [function (req, res) {
var requestedView = path.join('./', req.url);
res.render(requestedView);
}]
},
// OAUTH
{
path: '/auth/twitter',
httpMethod: 'GET',
middleware: [passport.authenticate('twitter')]
},
{
path: '/auth/twitter/callback',
httpMethod: 'GET',
middleware: [passport.authenticate('twitter', {
successRedirect: '/',
failureRedirect: '/login'
})]
},
{
path: '/auth/facebook',
httpMethod: 'GET',
middleware: [passport.authenticate('facebook')]
},
{
path: '/auth/facebook/callback',
httpMethod: 'GET',
middleware: [passport.authenticate('facebook', {
successRedirect: '/',
failureRedirect: '/login'
})]
},
{
path: '/auth/google',
httpMethod: 'GET',
middleware: [passport.authenticate('google')]
},
{
path: '/auth/google/return',
httpMethod: 'GET',
middleware: [passport.authenticate('google', {
successRedirect: '/',
failureRedirect: '/login'
})]
},
{
path: '/auth/linkedin',
httpMethod: 'GET',
middleware: [passport.authenticate('linkedin')]
},
{
path: '/auth/linkedin/callback',
httpMethod: 'GET',
middleware: [passport.authenticate('linkedin', {
successRedirect: '/',
failureRedirect: '/login'
})]
},
// Local Auth
{
path: '/register',
httpMethod: 'POST',
middleware: [AuthCtrl.register]
},
{
path: '/login',
httpMethod: 'POST',
middleware: [AuthCtrl.login]
},
{
path: '/logout',
httpMethod: 'POST',
middleware: [AuthCtrl.logout]
},
// User resource
{
path: '/users',
httpMethod: 'GET',
middleware: [UserCtrl.index],
accessLevel: accessLevels.admin
},
// All other get requests should be handled by AngularJS's client-side routing system
{
path: '/*',
httpMethod: 'GET',
middleware: [function(req, res) {
var role = userRoles.public, username = '';
if(req.user) {
role = req.user.role;
username = req.user.username;
}
res.cookie('user', JSON.stringify({
'username': username,
'role': role
}));
res.render('index');
}]
}
];
module.exports = function(app) {
_.each(routes, function(route) {
route.middleware.unshift(ensureAuthorized);
var args = _.flatten([route.path, route.middleware]);
switch(route.httpMethod.toUpperCase()) {
case 'GET':
app.get.apply(app, args);
break;
case 'POST':
app.post.apply(app, args);
break;
case 'PUT':
app.put.apply(app, args);
break;
case 'DELETE':
app.delete.apply(app, args);
break;
default:
throw new Error('Invalid HTTP method specified for route ' + route.path);
break;
}
});
}
function ensureAuthorized(req, res, next) {
var role;
if(!req.user) role = userRoles.public;
else role = req.user.role;
var accessLevel = _.findWhere(routes, { path: req.route.path }).accessLevel || accessLevels.public;
if(!(accessLevel.bitMask & role.bitMask)) return res.send(403);
return next();
}