Permalink
Browse files

Implemented a simple index to list posts. Implemented admin authentic…

…ation (/admin)
  • Loading branch information...
1 parent 9851577 commit 4b3c458273011ab22744ebefdd3fc4df8c1071f8 @pedrofranceschi pedrofranceschi committed Dec 8, 2010
Showing with 86 additions and 5 deletions.
  1. +47 −4 blogode.js
  2. +17 −0 lib/admin.js
  3. +1 −0 lib/database.js
  4. +0 −1 lib/posts.js
  5. +6 −0 views/admin_login.ejs
  6. +1 −0 views/admin_panel.ejs
  7. +4 −0 views/index.ejs
  8. +10 −0 views/layout.ejs
View
@@ -2,27 +2,70 @@ var express = require("express")
var sys = require("sys");
var app = express.createServer();
-app.use(express.bodyDecoder());
-app.set('view engine', 'ejs');
app.configure(function() {
app.use(express.logger());
app.use(express.bodyDecoder());
app.use(express.cookieDecoder());
app.use(express.session());
+ app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
app.use(express.staticProvider(__dirname + '/public'));
+ app.set('view options', {
+ layout: 'layout'
+ });
});
var posts = require('./lib/posts');
+var admin = require('./lib/admin');
app.get("/", function(req, res){
// return posts list
posts.getPosts(function (posts){
- return res.send(sys.inspect(posts))
+ res.render('index', {
+ locals: { 'posts': posts }
+ });
+ });
+});
+
+app.get("/admin", function(req, res){
+ // return admin panel
+
+ if(!req.session.admin_username) {
+ return res.redirect("/admin/login");
+ }
+
+ res.render('admin_panel', {
+ layout: false
+ });
+});
+
+
+app.get("/admin/login", function(req, res){
+ // return admin login page
+
+ if(req.session.admin_username) {
+ return res.redirect("/admin")
+ }
+
+ res.render('admin_login', {
+ layout: false
});
+});
+
+app.post("/admin/authenticate", function(req, res){
+ // verifies admin credentials
- // return res.send("OK");
+ if(!req.param('username') || !req.param('password')) {
+ res.redirect('/admin/login')
+ }
+
+ admin.verifyCredentials(req.param('username'), req.param('password'), function(isAdmin){
+ if(isAdmin) {
+ req.session.admin_username = req.param('username')
+ }
+ res.redirect("/admin");
+ });
});
app.listen(3000);
View
@@ -0,0 +1,17 @@
+var sys = require('sys'),
+ database = require('./database.js');
+
+exports.verifyCredentials = function(username, password, callback) {
+ database.getDatabaseConnection(function (mysql_client) {
+ mysql_client.query("SELECT * FROM admins WHERE username='" + escape(username) + "' AND password='" + escape(password) + "';", function (error, results, fields) {
+ if(error) {
+ throw "Error verifying credentials: " + error;
+ }
+ var isAdmin = false;
+ if(results.length > 0) {
+ isAdmin = true;
+ }
+ callback(isAdmin);
+ });
+ });
+}
View
@@ -20,6 +20,7 @@ exports.getDatabaseConnection = function(callback) {
exports._createTables = function(mysql_client, callback) {
mysql_client.query("CREATE TABLE IF NOT EXISTS posts (id INT PRIMARY KEY AUTO_INCREMENT, author_id INT, title varchar(200), body text, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP);")
+ mysql_client.query("CREATE TABLE IF NOT EXISTS admins (id INT PRIMARY KEY AUTO_INCREMENT, name varchar(100), description varchar(500), email varchar(100), username varchar(100), password varchar(100), created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP);")
callback();
}
View
@@ -7,7 +7,6 @@ exports.getPosts = function(callback) {
if(error) {
throw "Error getting posts: " + error;
}
-
callback(results);
});
});
View
@@ -0,0 +1,6 @@
+<form method="post" action="/admin/authenticate" id="createRoomForm">
+ <h1>Admin login</h1>
+ Username: <input type="text" name="username"/><br/>
+ Password: <input type="password" name="password"/><br/><br/>
+ <input type="submit" value="Submit" />
+</form>
View
@@ -0,0 +1 @@
+Admin panel.
View
@@ -0,0 +1,4 @@
+<% for (var i=0; i < posts.length; i++) { %>
+ <h2><%= posts[i].title %></h2>
+ <p><%= posts[i].body %></p><br/>
+<% } %>
View
@@ -0,0 +1,10 @@
+<html>
+ <head>
+ <title>Blogode</title>
+ </head>
+ <body>
+ <h1>HEADER</h1><br/>
+ <%- body %>
+ <h1>FOOTER</h1>
+ </body>
+</html>

0 comments on commit 4b3c458

Please sign in to comment.