From 195505cf5e14e945028414e3f0b6d7f37d362004 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Allan=20M=C3=B8rk=20Christensen?= <allanmc@gmail.com>
Date: Thu, 13 Jun 2013 22:50:04 +0200
Subject: [PATCH] Initial commit of Web application file structure, and some
 in-progress API support for user handling.

---
 .gitignore                                 |   3 +
 README.md                                  |  41 +++-
 app.js                                     |  54 +++++
 oauth.txt => documentation/oauth.txt       |   0
 rest api.txt => documentation/rest api.txt |   0
 models/project.js                          |  15 ++
 models/user.js                             |  48 +++++
 package.json                               |  30 +++
 public/favicon.ico                         | Bin 0 -> 2809 bytes
 public/stylesheets/style.css               |   8 +
 routes/index.js                            |  25 +++
 routes/passport.js                         | 218 +++++++++++++++++++++
 routes/project.js                          |  15 ++
 routes/user.js                             |  90 +++++++++
 views/account.ejs                          |   3 +
 views/index.ejs                            |   7 +
 views/layout.ejs                           |  23 +++
 views/login.ejs                            |  24 +++
 views/new-user.ejs                         |  28 +++
 19 files changed, 630 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 app.js
 rename oauth.txt => documentation/oauth.txt (100%)
 rename rest api.txt => documentation/rest api.txt (100%)
 create mode 100644 models/project.js
 create mode 100644 models/user.js
 create mode 100644 package.json
 create mode 100644 public/favicon.ico
 create mode 100644 public/stylesheets/style.css
 create mode 100644 routes/index.js
 create mode 100644 routes/passport.js
 create mode 100644 routes/project.js
 create mode 100644 routes/user.js
 create mode 100644 views/account.ejs
 create mode 100644 views/index.ejs
 create mode 100644 views/layout.ejs
 create mode 100644 views/login.ejs
 create mode 100644 views/new-user.ejs

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..727b0c103
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+node_modules
+config
+.idea
\ No newline at end of file
diff --git a/README.md b/README.md
index db583ae32..12b99ea53 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,41 @@
-scripler
+Scripler
 ========
+The Scripler web application source code repository.
 
-The Scripler web application source code repository
\ No newline at end of file
+Folder Structure
+----------------
+
+* documentation
+ * Early documentation drafts of the API
+* public
+ * Static files to be deliveredserved through the Web server
+* views
+ * Dynamic templates that needs rendering before being served from the Web server 
+* config
+ * Configuration files for the Node.js server
+* models
+ * The MongoDB schemas for the collections
+* routes
+ * Application logic for the different logical domains
+
+Requirements
+------------
+ * [MongoDB][1]
+ * [Node.js][2] 10.0+
+
+Installation
+------------
+    npm install
+
+How To Run
+----------
+    node app.js
+    
+
+Bcrypt Installation Problems
+----------------------------
+Ask for a pre-build module, or follow the guide:
+https://github.com/ncb000gt/node.bcrypt.js/#dependencies
+
+  [1]: http://www.mongodb.org/
+  [2]: http://nodejs.org/
\ No newline at end of file
diff --git a/app.js b/app.js
new file mode 100644
index 000000000..b352ed874
--- /dev/null
+++ b/app.js
@@ -0,0 +1,54 @@
+var express = require('express')
+    , index = require('./routes/index')
+    , user = require('./routes/user')
+    , http = require('http')
+    , path = require('path')
+    , mongoose = require('mongoose')
+    , conf = require('config')
+    , passport = require('passport')
+    , scriplerPassport = require('./routes/passport');
+
+var app = express();
+
+// db connect
+mongoose.connect(conf.db.uri);
+
+// all environments
+app.set('port', conf.app.port);
+app.set('views', __dirname + '/views');
+app.set('view engine', 'ejs');
+app.engine('ejs', require('ejs-locals'));
+app.use(express.logger('dev'));
+app.use(express.bodyParser());
+app.use(express.methodOverride());
+app.use(express.cookieParser(conf.app.cookie_secret));
+app.use(express.session({ secret: conf.app.session_secret }));
+app.use(passport.initialize());
+app.use(passport.session());
+app.use(app.router);
+app.use(express.static(path.join(__dirname, 'public')));
+
+// development only
+if ('development' == app.get('env')) {
+    app.use(express.errorHandler());
+}
+
+/*Dummy GUI*/
+//app.get('/', index.index);
+//app.get('/account', index.account);
+//app.get('/login', index.login);
+//app.post('/login', user.login);
+//app.get('/new-user', index.newUser);
+//app.post('/new-user', index.newUserPost);
+
+/*API*/
+app.get('/users', user.list);
+app.post('/user/login', user.login);
+app.post('/user/logout', user.logout);
+app.post('/user/register', user.register);
+
+scriplerPassport.initPaths(app);
+
+http.createServer(app).listen(app.get('port'), function () {
+    console.log('Express server listening on port ' + app.get('port') + ('development' == app.get('env') ? ' -  in development mode!' : ''));
+});
diff --git a/oauth.txt b/documentation/oauth.txt
similarity index 100%
rename from oauth.txt
rename to documentation/oauth.txt
diff --git a/rest api.txt b/documentation/rest api.txt
similarity index 100%
rename from rest api.txt
rename to documentation/rest api.txt
diff --git a/models/project.js b/models/project.js
new file mode 100644
index 000000000..80bb65157
--- /dev/null
+++ b/models/project.js
@@ -0,0 +1,15 @@
+var mongoose = require('mongoose')
+    , Schema = mongoose.Schema
+    , bcrypt = require('bcrypt')
+    , SALT_WORK_FACTOR = 10;
+
+/**
+ * User DB
+ */
+var ProjectSchema = new Schema({
+    name: { type: String, required: true },
+    order: { type: Number},
+    modified: { type: Date, default: Date.now }
+});
+
+exports.Project = mongoose.model('Project', ProjectSchema);
\ No newline at end of file
diff --git a/models/user.js b/models/user.js
new file mode 100644
index 000000000..bac82f0a7
--- /dev/null
+++ b/models/user.js
@@ -0,0 +1,48 @@
+var mongoose = require('mongoose')
+    , Schema = mongoose.Schema
+    , bcrypt = require('bcrypt')
+    , SALT_WORK_FACTOR = 10;
+
+/**
+ * User DB
+ */
+var UserSchema = new Schema({
+    name:      { type: String, required: true },
+    email:     { type: String, required: true, unique: true },
+    password:  { type: String, required: true },
+    providers: [ {} ],
+    modified:  { type: Date, default: Date.now }
+});
+
+/** Handle bcrypt password-hashing.
+ * Source: http://devsmash.com/blog/password-authentication-with-mongoose-and-bcrypt
+ */
+UserSchema.pre('save', function (next) {
+    var user = this;
+
+    // only hash the password if it has been modified (or is new)
+    if (!user.isModified('password')) return next();
+
+    // generate a salt
+    bcrypt.genSalt(SALT_WORK_FACTOR, function (err, salt) {
+        if (err) return next(err);
+
+        // hash the password along with our new salt
+        bcrypt.hash(user.password, salt, function (err, hash) {
+            if (err) return next(err);
+
+            // override the cleartext password with the hashed one
+            user.password = hash;
+            next();
+        });
+    });
+});
+
+UserSchema.methods.comparePassword = function (candidatePassword, cb) {
+    bcrypt.compare(candidatePassword, this.password, function (err, isMatch) {
+        if (err) return cb(err);
+        cb(null, isMatch);
+    });
+};
+
+exports.User = mongoose.model('User', UserSchema);
\ No newline at end of file
diff --git a/package.json b/package.json
new file mode 100644
index 000000000..578297c07
--- /dev/null
+++ b/package.json
@@ -0,0 +1,30 @@
+{
+  "name": "scripler-server",
+  "description": "Scripler Server",
+  "version": "0.0.1",
+  "private": true,
+  "scripts": {
+    "start": "node app.js"
+  },
+  "dependencies": {
+    "express": "3.2.4",
+    "config": "~0.4.25",
+    "mongoose": "~3.6.11",
+    "ejs": "~0.8.4",
+    "ejs-locals": "~1.0.2",
+    "bcrypt": "~0.7.6",
+    "passport": "~0.1.17",
+    "passport-twitter": "~0.1.5",
+    "passport-facebook": "~0.1.5",
+    "passport-linkedin": "~0.1.3",
+    "passport-google": "~0.3.0",
+    "passport-local": "~0.1.6",
+    "xtend": "~2.0.5"
+  },
+  "readmeFilename": "README.md",
+  "main": "app.js",
+  "devDependencies": {},
+  "repository": "",
+  "author": "",
+  "license": "BSD"
+}
diff --git a/public/favicon.ico b/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..032dc84a2e7aedf2b636d23c45ef0845aceafc0d
GIT binary patch
literal 2809
zcmV<V3I_FwP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00009a7bBm000XU
z000XU0RWnu7ytkYPiaF#P*7-ZbZ>KLZ*U+<Lqi~Na&Km7Y-Iodc-oy)XH-+^7Crag
z^g>IBfRsybQWXdwQbLP>6p<z>Aqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uh<iVD~V
z<RPMtgQJLw%KPDaqifc@_vX$1wbwr9tn;0-&j-K=43<bUQ8j=JsX`tR;Dg7+#^K~H
zK!FM*Z~zbpvt%K2{UZSY_<lS*D<Z%Lz5oGu(+dayz)hRLFdT>f59&ghTmgWD0l;*T
zI7<kC6aYYajzXpYKt=(8otP$50H6c_V9R4-;{Z@C0AMG7=F<Rxo%or10RUT+Ar%3j
zkpLhQWr#!oXgdI`&sK^>09Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p
z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-<?i
z0%4j!F2Z@488U%158(66005wo6%pWr^Zj_v4zAA5HjcIqUoGmt2LB>rV&neh&#Q1i
z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_<lS*MWK+n+1cgf
z<k(8YLR(?VSAG6x!e78w{cQPuJpA|d;J)G{fihizM+Erb!p!tcr5w+a34~(Y=8s4G
zw+sLL9n&JjNn*KJDiq^U5^;`1nvC-@r6P$!k}1U{(*I=Q-z@tBKHoI}uxdU5dyy@u
zU1J0GOD7Ombim^G008p4Z^6_k2m^p<gW=D2|L;HjN1!DDfM!XOaR2~bL?kX$%CkSm
z2mk;?pn)o|K^yeJ7%adB9Ki+L!3+FgHiSYX#KJ-lLJDMn9CBbOtb#%)hRv`YDqt_v
zKpix|QD}yfa1JiQRk#j4a1Z)n2%f<xynzV>LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW
zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_Ifq<Ex{*7`05XF7hP+2Hl!3BQJ=6@fL%FCo
z8iYoo3(#bAF`ADSpqtQgv>H8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X
zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ<AYmRsNLWl*PS{AOARHt#5!wki2?K;t
z!Y3k=s7tgax)J%r7-BLphge7~Bi0g+6E6^Zh(p9TBoc{3GAFr^0!gu?RMHaCM$&Fl
zBk3%un>0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4
z<uv66WtcKSRim0x-Ke2d5jBrmLam{;Qm;{ms1r1GnmNsb7D-E`t)i9F8fX`2_i3-_
zbh;7Ul^#x)&{xvS=|||7=mYe33=M`AgU5(xC>fg=2N-7=cNnjjOr{yriy6mMFgG#l
znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U
zt5vF<Q0r40Q)j6=sE4X&sBct1q<&fbi3VB2Ov6t@q*0);U*o*SAPZv|vv@2aYYnT0
zb%8a+Cb7-ge0D0knEf5Qi#@8Tp*ce{N;6lpQuCB%KL_KOarm5cP6_8Ir<e17iry6O
zDdH&`rZh~sF=bq9s+O0QSgS~@QL9Jmy*94xr=6y~MY~!1fet~(N+(<=M`w@D1)b+p
z*;C!83a1uLJv#NSE~;y#8=<>IcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya?
z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y
zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB
zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt
z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a<fJbF^|4I#xQ~n$Dc=
zKYhjYmgz5NSkDm8*fZm{6U!;YX`NG>(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C
z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB
zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe
zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0
z?2xS?_ve_-k<Mujg;0Lz*3buG=3$G&ehepthlN*$KaOySSQ^nWmo<0M+(UEUMEXRQ
zMBbZcF;6+KElM>iKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$
z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4
z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu
zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu
z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E
ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw
zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX
z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i&
z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01
z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R
z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw
zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD
zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3|
zawq-H%e&ckC+@AhPrP6BK<z=<L*0kfKU@CX*zeqbYQT4(^U>T#_XdT7&;F71j}Joy
zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z
zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot<a{81DF0~rvGr5Xr~8u`lav1h
z1DNytV>2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F}
z0000aNkl<Zc-mt8|25}70|kJIfkH59z^DPE1`HMh00000|NjF3@0tUDYZfNo00000
LNkvXXu0mjf!zME{

literal 0
HcmV?d00001

diff --git a/public/stylesheets/style.css b/public/stylesheets/style.css
new file mode 100644
index 000000000..a0d284851
--- /dev/null
+++ b/public/stylesheets/style.css
@@ -0,0 +1,8 @@
+body {
+    padding: 50px;
+    font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+}
+
+a {
+    color: #00B7FF;
+}
\ No newline at end of file
diff --git a/routes/index.js b/routes/index.js
new file mode 100644
index 000000000..538bf1cfc
--- /dev/null
+++ b/routes/index.js
@@ -0,0 +1,25 @@
+var user = require('./user');
+
+exports.index = function (req, res) {
+    res.render('index', {user: req.user});
+};
+exports.account = function (req, res) {
+    res.render('account', { user: req.user });
+};
+exports.login = function (req, res) {
+    res.render('login', { user: req.user, message: req.session.messages });
+};
+
+exports.newUser = function (req, res) {
+    res.render('new-user', { user: req.user, message: req.session.messages });
+};
+
+exports.newUserPost = function (req, res, next) {
+    //res.send(util.inspect(req.body, false, null));
+    var email = req.body.email
+    if (!email) {
+        req.session.messages = ["You need to enter an email address!"];
+        return res.redirect('/new-user');
+    }
+    user.register(req, res);
+}
\ No newline at end of file
diff --git a/routes/passport.js b/routes/passport.js
new file mode 100644
index 000000000..d1c792809
--- /dev/null
+++ b/routes/passport.js
@@ -0,0 +1,218 @@
+var express = require('express'),
+    passport = require('passport'),
+    TwitterStrategy = require('passport-twitter').Strategy,
+    FacebookStrategy = require('passport-facebook').Strategy,
+    GoogleStrategy = require('passport-google').Strategy,
+    LinkedInStrategy = require('passport-linkedin').Strategy,
+    LocalStrategy = require('passport-local').Strategy,
+//ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn,
+    mongoose = require('mongoose'),
+    ObjectId = mongoose.Types.ObjectId,
+    extend = require('xtend'),
+    User = require('../models/user.js').User,
+//crypto = require('crypto'),
+    util = require('util'),
+    conf = require('config')
+//SALT = "s8(hb?.;*!sW"
+    ;
+
+passport.serializeUser(function (user, done) {
+    done(null, user._id);
+});
+
+passport.deserializeUser(function (uid, done) {
+    User.findOne({_id: uid}, function (err, user) {
+        done(err, user);
+    });
+});
+
+
+/*
+ * LOCAL ACCOUNT
+ */
+
+// Use the LocalStrategy within Passport.
+passport.use(new LocalStrategy({usernameField: 'email'}, function (email, password, done) {
+    User.findOne({"email": email}, function (err, user) {
+        if (err) {
+            return done(err);
+        } else if (user) {
+            // check if password is matchings
+            user.comparePassword(passwordpassword, function (err, isMatch) {
+                if (err) {
+                    return done(err);
+                } else if (isMatch) {
+                    return done(null, user);
+                } else {
+                    // invalid password
+                    return done(null, false, { message: 'Invalid password' });
+                }
+            });
+        } else {
+            // could not find user
+            return done(null, false, { message: 'Unknown user ' + email });
+        }
+    });
+}));
+
+/*
+ * PROVIDER ACCOUNTS
+ */
+passport.use(new TwitterStrategy({
+        consumerKey:       conf.passport.twitter.consumerKey,
+        consumerSecret:    conf.passport.twitter.consumerSecret,
+        callbackURL:       conf.passport.twitter.callbackURL,
+        passReqToCallback: true
+    },
+    function (req, token, tokenSecret, profile, done) {
+        addProviderToUser(profile.provider, profile.id, profile, req.user, done);
+    }
+));
+
+passport.use(new FacebookStrategy({
+        clientID:          conf.passport.facebook.clientID,
+        clientSecret:      conf.passport.facebook.clientSecret,
+        callbackURL:       conf.passport.facebook.callbackURL,
+        passReqToCallback: true,
+        profileFields:     ['id', 'username', 'displayName', 'emails']
+    },
+    function (req, accessToken, refreshToken, profile, done) {
+        addProviderToUser(profile.provider, profile.id, profile, req.user, done);
+    }
+));
+
+passport.use(new GoogleStrategy({
+        returnURL:         conf.passport.google.returnURL,
+        realm:             conf.passport.google.realm,
+        passReqToCallback: true
+    },
+    function (req, identifier, profile, done) {
+        //console.log("DUMP: " + util.inspect(profile, false, null));
+        addProviderToUser("google", identifier, profile, req.user, done);
+    }
+));
+
+passport.use(new LinkedInStrategy({
+        consumerKey:       conf.passport.linkedin.consumerKey,
+        consumerSecret:    conf.passport.linkedin.consumerSecret,
+        callbackURL:       conf.passport.linkedin.callbackURL,
+        passReqToCallback: true,
+        profileFields:     ['id', 'name', 'emails']
+    },
+    function (req, token, tokenSecret, profile, done) {
+        addProviderToUser(profile.provider, profile.id, profile, req.user, done);
+    }
+));
+
+function addProviderToUser(provider, providerId, profile, currentUser, done) {
+    var providerObject = {"name": provider, "id": providerId};
+    User.findOne({providers: {"$elemMatch": providerObject}}, function (err, user) {
+        if (user) {
+            //User already in database
+            if (currentUser && currentUser._id != user._id) {
+                console.log("Current user: " + currentUser);
+                console.log("Database user: " + user);
+                //TODO merge accounts?
+                console.log("debug: " + "User already in database, and already logged in, but not with the same account! Merge!");
+                done(null, currentUser);
+            } else {
+                console.log("debug: " + "Nothing to do... User already has this account attached");
+                done(null, user);
+            }
+        } else {
+            if (currentUser) {
+                //User already loggedin, so add new provider to user
+                var user = currentUser;
+                console.log("debug: " + "User already loggedin, so add new provider to user");
+                user.providers.addToSet(providerObject);
+                done(null, user);
+            } else {
+                //New user
+                //TODO check if another account with same email address exists!
+                console.log("debug: " + "New user");
+                var user = new User();
+                user.providers.addToSet(providerObject);
+                user.name = profile.displayName;
+                user.email = profile.emails[0].value;
+            }
+            user.markModified('providers');//"providers" is of type "Mixed", so Mongoose, doesn't detect the change.
+            user.save(function (err) {
+                if (err) {
+                    throw err;
+                }
+                done(null, user);
+            });
+        }
+    })
+}
+
+function addProviderToUser(provider, providerId, profile, currentUser, done) {
+    var providerObject = {"name": provider, "id": providerId};
+    User.findOne({providers: {"$elemMatch": providerObject}}, function (err, user) {
+        if (user) {
+            //User already in database
+            if (currentUser && currentUser._id != user._id) {
+                console.log("Current user: " + currentUser);
+                console.log("Database user: " + user);
+                //TODO merge accounts?
+                console.log("debug: " + "User already in database, and already logged in, but not with the same account! Merge!");
+                done(null, currentUser);
+            } else {
+                console.log("debug: " + "Nothing to do... User already has this account attached");
+                done(null, user);
+            }
+        } else {
+            if (currentUser) {
+                //User already loggedin, so add new provider to user
+                var user = currentUser;
+                console.log("debug: " + "User already loggedin, so add new provider to user");
+                user.providers.addToSet(providerObject);
+                done(null, user);
+            } else {
+                //New user
+                //TODO check if another account with same email address exists!
+                console.log("debug: " + "New user");
+                var user = new User();
+                user.providers.addToSet(providerObject);
+                user.name = profile.displayName;
+                user.email = profile.emails[0].value;
+            }
+            user.markModified('providers');//"providers" is of type "Mixed", so Mongoose, doesn't detect the change.
+            user.save(function (err) {
+                if (err) {
+                    throw err;
+                }
+                done(null, user);
+            });
+        }
+    })
+}
+
+
+function authnOrAuthz(provider, options) {
+    return function (req, res, next) {
+        if (!req.isAuthenticated()) {
+            passport.authenticate(provider, extend(options, {
+                successRedirect: '/settings/accounts', failureRedirect: '/login'
+            }))(req, res, next);
+        } else {
+            passport.authorize(provider)(req, res, next);
+        }
+    }
+}
+
+function initPaths(app) {
+    app.get('/auth/twitter', authnOrAuthz('twitter'));
+    app.get('/auth/twitter/callback', passport.authenticate('twitter', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));
+
+    app.get('/auth/facebook', authnOrAuthz('facebook', { scope: ['email'] }));
+    app.get('/auth/facebook/callback', passport.authenticate('facebook', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));
+
+    app.get('/auth/google', authnOrAuthz('google'));
+    app.get('/auth/google/callback', passport.authenticate('google', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));
+
+    app.get('/auth/linkedin', authnOrAuthz('linkedin', {scope: ['r_basicprofile', 'r_emailaddress']}));
+    app.get('/auth/linkedin/callback', passport.authenticate('linkedin', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));
+}
+
+exports.initPaths = initPaths;
\ No newline at end of file
diff --git a/routes/project.js b/routes/project.js
new file mode 100644
index 000000000..ca6a25b69
--- /dev/null
+++ b/routes/project.js
@@ -0,0 +1,15 @@
+var Project = require('../models/project.js').Project;
+
+/**
+ * GET projects listing.
+ */
+
+exports.list = function (req, res) {
+    Project.find({}, function (err, docs) {
+        if (err) {
+            res.send({"status": -err.code, "errorMessage": "Database problem", "errorDetails": err.err});
+        } else {
+            res.send({"status": 0, "projects": docs});
+        }
+    });
+};
diff --git a/routes/user.js b/routes/user.js
new file mode 100644
index 000000000..845194546
--- /dev/null
+++ b/routes/user.js
@@ -0,0 +1,90 @@
+var User = require('../models/user.js').User
+    , passport = require('passport');
+
+/**
+ * GET users listing.
+ */
+exports.list = function (req, res) {
+    User.find({}, function (err, docs) {
+        if (err) {
+            res.send({"status": 0, "error": err.code, "error_text": err.err});
+        } else {
+            res.send({"status": 1, "users": docs});
+        }
+    });
+};
+
+/**
+ * POST user login.
+ */
+exports.login = function (req, res, next) {
+    //    passport.authenticate('local', function (err, user, info) {
+    //        if (err) {
+    //            return next(err)
+    //        }
+    //        if (!user) {
+    //            req.session.messages = [info.message];
+    //            //return res.redirect('/login')
+    //        }
+    //        req.logIn(user, function (err) {
+    //            if (err) {
+    //                return next(err);
+    //            }
+    //            //return res.redirect('/');
+    //        });
+    //    })(req, res, next);
+
+    User.findOne({"email": req.body.email}, function (err, user) {
+        if (err) {
+            // return error
+            res.send({"status": -err.code, "errorMessage": "Database problem", "errorDetails": err.err});
+        } else if (user) {
+            // check if password is matchings
+            user.comparePassword(req.body.password, function (err, isMatch) {
+                if (err) {
+                    // return error
+                    res.send({"status": -err.code, "errorMessage": "Database problem", "errorDetails": err.err});
+                } else if (isMatch) {
+                    res.send({"status": 0, "user": user});
+                } else {
+                    // invalid password
+                    res.send({"status": -1, "errorMessage": "Invalid user password"});
+                }
+            });
+        } else {
+            // could not find user
+            res.send({"status": -2, "errorMessage": "Unknown user"});
+        }
+    });
+
+};
+
+/**
+ * POST user logout.
+ */
+exports.logout = function (req, res) {
+    res.send({"status": 0});
+};
+
+/**
+ * POST user registration.
+ */
+exports.register = function (req, res) {
+    var user = new User({
+        name:     req.body.name,
+        email:    req.body.email,
+        password: req.body.password
+    });
+    user.save(function (err) {
+        if (err) {
+            // return error
+            if (err.code == 11000) {
+                res.send({"status": -1, "errorMessage": "User already registered"});
+            } else {
+                res.send({"status": -err.code, "errorMessage": "Database problem", "errorDetails": err.err});
+            }
+        } else {
+            res.send({"status": 0});
+        }
+    });
+};
\ No newline at end of file
diff --git a/views/account.ejs b/views/account.ejs
new file mode 100644
index 000000000..951585d23
--- /dev/null
+++ b/views/account.ejs
@@ -0,0 +1,3 @@
+<% layout('layout') -%>
+<p>User: </p>
+<pre><%= user %></pre>
\ No newline at end of file
diff --git a/views/index.ejs b/views/index.ejs
new file mode 100644
index 000000000..e5816115e
--- /dev/null
+++ b/views/index.ejs
@@ -0,0 +1,7 @@
+<% layout('layout') -%>
+<h1>Scripler</h1>
+<% if (!user) { %>
+	<p>You're not supposed to be here. Visit <a href="http://scripler.com">Scripler</a>.</p>
+<% } else { %>
+	<p>Hello, <%= user.name %>.</p>
+<% } %>
\ No newline at end of file
diff --git a/views/layout.ejs b/views/layout.ejs
new file mode 100644
index 000000000..3f583c50f
--- /dev/null
+++ b/views/layout.ejs
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>Scripler</title>
+    <link rel='stylesheet' href='/stylesheets/style.css' />
+	</head>
+	<body>
+		<% if (!user) { %>
+			<a href="/">Home</a> |
+			<a href="/login">Log In</a> |
+			<a href="/new-user">Create User</a>
+			</p>
+		<% } else { %>
+			<p>
+			<a href="/">Home</a> |
+			<a href="/account">Account</a> |
+            <a href="/login">Add another login</a> |
+			<a href="/logout">Log Out</a>
+			</p>
+		<% } %>
+		<%- body %>
+	</body>
+</html>
\ No newline at end of file
diff --git a/views/login.ejs b/views/login.ejs
new file mode 100644
index 000000000..9ee95d791
--- /dev/null
+++ b/views/login.ejs
@@ -0,0 +1,24 @@
+<% layout('layout') -%>
+Select login-provider:<br />
+<a href="/auth/twitter">Sign in with Twitter</a><br />
+<a href="/auth/facebook">Sign in with Facebook</a><br />
+<a href="/auth/google">Sign in with Google</a><br />
+<a href="/auth/linkedin">Sign in with LinkedIn</a><br />
+<br /><br />
+Or login with a local account:
+<form action="/login" method="post">
+	<div>
+	<label>Email:</label>
+	<input type="text" name="email"/><br/>
+	</div>
+	<div>
+	<label>Password:</label>
+	<input type="password" name="password"/>
+	</div>
+	<div>
+	<input type="submit" value="Login"/>
+    <% if (message) { %>
+    <span style="color:red;"><%= message %></span>
+    <% } %>
+	</div>
+</form>
\ No newline at end of file
diff --git a/views/new-user.ejs b/views/new-user.ejs
new file mode 100644
index 000000000..01ee509d4
--- /dev/null
+++ b/views/new-user.ejs
@@ -0,0 +1,28 @@
+<% layout('layout') -%>
+Select login-provider:<br />
+<a href="/auth/twitter">Sign in with Twitter</a><br />
+<a href="/auth/facebook">Sign in with Facebook</a><br />
+<a href="/auth/google">Sign in with Google</a><br />
+<a href="/auth/linkedin">Sign in with LinkedIn</a><br />
+<br /><br />
+Or create a new local account:
+<form action="/new-user" method="post">
+	<div>
+	<label>Name:</label>
+	<input type="text" name="name"/><br/>
+	</div>
+	<div>
+	<label>Email:</label>
+	<input type="text" name="email"/><br/>
+	</div>
+	<div>
+	<label>Password:</label>
+	<input type="password" name="password"/>
+	</div>
+	<div>
+	<input type="submit" value="Create account"/>
+    <% if (message) { %>
+    <span style="color:red;"><%= message %></span>
+    <% } %>
+	</div>
+</form>
\ No newline at end of file