Readme Updates

dstroot · Feb 24, 2014 · 7dcd266 · 7dcd266
1 parent a0f4dad
commit 7dcd266
Show file tree

Hide file tree

Showing 6 changed files with 125 additions and 277 deletions.
diff --git a/.gitignore b/.gitignore
@@ -50,6 +50,7 @@ builtAssets/
 # Configuration
 ##################
 env.json
+secrets.js
 
 # Logging
 ##################

diff --git a/README.md b/README.md
diff --git a/config/config.js b/config/config.js
@@ -36,9 +36,9 @@ config.mongodb.url    = process.env.MONGODB_URL || 'localhost';
  * Session Configuration
  */
 
-var hour  = 3600000;
-var day   = (hour * 24);
-var week  = (day * 7);
+var hour              = 3600000;
+var day               = (hour * 24);
+var week              = (day * 7);
 
 config.session        = {};
 config.session.secret = process.env.SESSION_SECRET || 'nLz8gSz7DHv3fDU3LIp60G';

diff --git a/config/passport.js b/config/passport.js
@@ -317,8 +317,10 @@ passport.use('foursquare', new OAuth2Strategy({
 exports.isAuthenticated = function(req, res, next) {
   if (req.isAuthenticated()) {
     return next();
+  } else {
+    req.flash('errors', { msg: 'You must be logged in to reach that page.' });
+    res.redirect('/login');
   }
-  res.redirect('/login');
 };
 
 /**
@@ -333,3 +335,24 @@ exports.isAuthorized = function(req, res, next) {
     res.redirect('/auth/' + provider);
   }
 };
+
+/**
+ * Check if the account is an Administrator
+ */
+
+exports.isAdministrator = function(req, res, next) {
+  // make sure we are logged in first
+  if (req.isAuthenticated()) {
+    //user must be be an administrator
+    if (req.user.type !== 'admin') {
+      req.flash('errors', { msg: 'You must be an Administrator reach that page.' });
+      return res.redirect('/api');
+    } else {
+      return next();
+    }
+  } else {
+    req.flash('errors', { msg: 'You must be logged in to reach that page.' });
+    res.redirect('/login');
+  }
+};
+
diff --git a/controllers/admin.js b/controllers/admin.js
@@ -5,6 +5,7 @@
  */
 
 var User          = require('../models/User');
+var passportConf  = require('../config/passport');
 
 /**
  * Admin Pages Controller
@@ -17,18 +18,7 @@ module.exports.controller = function(app) {
    * Render Dashboard Page
    */
 
-  app.get('/dashboard', function(req, res) {
-
-    //user must be logged in
-    if (!req.user) {
-      return res.redirect('/');
-    }
-
-    //user must be be an administrator
-    if (req.user.type !== 'admin') {
-      return res.redirect('/api');
-    }
-
+  app.get('/dashboard', passportConf.isAuthenticated, passportConf.isAdministrator, function(req, res) {
     User.count({}, function(err, count) {
       if (err) {
         return (err, null);
@@ -38,26 +28,14 @@ module.exports.controller = function(app) {
         accounts: count
       });
     });
-
   });
 
   /**
    * GET /accounts
    * Render accounts page
    */
 
-  app.get('/accounts', function(req, res) {
-
-    //user must be logged in
-    if (!req.user) {
-      return res.redirect('/');
-    }
-
-    //user must be be an administrator
-    if (req.user.type !== 'admin') {
-      return res.redirect('/api');
-    }
-
+  app.get('/accounts', passportConf.isAuthenticated, passportConf.isAdministrator, function(req, res) {
     res.render('admin/accounts', {
       url: '/administration', // to set navbar active state
       token: res.locals.token
@@ -69,18 +47,7 @@ module.exports.controller = function(app) {
    * JSON accounts api
    */
 
-  app.get('/accountlist', function(req, res) {
-
-    //user must be logged in
-    if (!req.user) {
-      return res.redirect('/');
-    }
-
-    //user must be be an administrator
-    if (req.user.type !== 'admin') {
-      return res.redirect('/api');
-    }
-
+  app.get('/accountlist', passportConf.isAuthenticated, passportConf.isAdministrator, function(req, res) {
     User.find({}, function (err, items) {
       if (err) {
         return (err, null);
@@ -94,22 +61,10 @@ module.exports.controller = function(app) {
    * JSON accounts delete api
    */
 
-  app.delete('/accountlist/:id', function(req, res) {
-
-    //user must be logged in
-    if (!req.user) {
-      return res.redirect('/');
-    }
-
-    //user must be be an administrator
-    if (req.user.type !== 'admin') {
-      return res.redirect('/api');
-    }
-
+  app.delete('/accountlist/:id', passportConf.isAuthenticated, passportConf.isAdministrator, function(req, res) {
     User.remove({ _id : req.params.id }, function(err, result) {
       res.send((result === 1) ? { msg: '' } : { msg: 'error: ' + err });
     });
-
   });
 
 };
diff --git a/public/img/Octocat.png b/public/img/Octocat.png