/
03-sessions.js
159 lines (120 loc) · 4.83 KB
/
03-sessions.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
// # sessions
var flash = require('connect-flash');
var passport = require('passport');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var randomstring = require('randomstring-extended');
var connectLiveReload = require('connect-livereload');
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
var GoogleTokenStrategy = require('passport-google-token').Strategy;
var FacebookStrategy = require('passport-facebook').Strategy;
var FacebookTokenStrategy = require('passport-facebook-token').Strategy;
var validator = require('validator');
var _ = require('underscore');
exports = module.exports = function(IoC, settings, sessions, User, policies) {
var app = this;
// pass a secret to cookieParser() for signed cookies
app.all(policies.notApiRouteRegexp, cookieParser(settings.cookieParser));
// add req.session cookie support
settings.session.store = sessions;
app.all(policies.notApiRouteRegexp, session(settings.session));
// support live reload
// (note this must come after sessions)
// <http://stackoverflow.com/a/26740588>
if (settings.server.env === 'development' && settings.liveReload)
app.all(policies.notApiRouteRegexp, connectLiveReload(settings.liveReload));
// add support for authentication
app.use(passport.initialize());
app.all(policies.notApiRouteRegexp, passport.session());
// add flash message support
app.use(session(settings.session));
app.use(flash());
app.all(policies.notApiRouteRegexp, flash());
// add passport strategies
passport.use(User.createStrategy());
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
// ## Google Authentication
if (settings.google.enabled) {
// web-based
passport.use(new GoogleStrategy({
callbackURL: settings.url + '/auth/google/callback',
clientID: settings.google.clientID,
clientSecret: settings.google.clientSecret
}, providerAuthCallback));
// token-based
passport.use(new GoogleTokenStrategy({
clientID: settings.google.clientID,
clientSecret: settings.google.clientSecret
}, providerAuthCallback));
}
// ## Facebook Authentication
if (settings.facebook.enabled) {
// web-based
passport.use(new FacebookStrategy({
callbackURL: settings.url + '/auth/facebook/callback',
clientID: settings.facebook.appID,
clientSecret: settings.facebook.appSecret
}, providerAuthCallback));
// token-based
passport.use(new FacebookTokenStrategy({
clientID: settings.facebook.appID,
clientSecret: settings.facebook.appSecret
}, providerAuthCallback));
}
function providerAuthCallback(accessToken, refreshToken, profile, done) {
if (profile.emails.length === 0 || !_.isObject(profile.emails[0]) || !validator.isEmail(profile.emails[0].value)) {
return done(new Error('Your account did not have an email address associated with it'));
}
var $or = [
{
email: profile.emails[0].value
}
];
// normalize the auth callbacks by simply pushing to the
// $or query that will be executed with User.findOne below
// this allows us to simply have one auth callback for
// different providers like Facebook, Google, etc.
var provider = {};
provider[profile.provider + '_id'] = profile.id;
// note that we unshift instead of push, since we want findOne
// to return the user based off `profile.id` which takes
// precedence over the user's email address in `profile.emails`
$or.unshift(provider);
User.findOne({
$or: $or
}, function(err, user) {
if (err) return done(err);
if (user) {
if (!user[profile.provider + '_id']) {
user[profile.provider + '_id'] = profile.id;
}
if (accessToken)
user[profile.provider + '_access_token'] = accessToken;
if (refreshToken)
user[profile.provider + '_refresh_token'] = refreshToken;
return user.save(done);
}
user = {
email: profile.emails[0].value,
name: profile.name.givenName,
surname: profile.name.familyName
};
user[profile.provider + '_id'] = profile.id;
if (accessToken)
user[profile.provider + '_access_token'] = accessToken;
if (refreshToken)
user[profile.provider + '_refresh_token'] = refreshToken;
// if the user signed in with another service
// then create a random password for them
User.register(user, randomstring.token(), function(err, user) {
if (err) return done(err);
if (!user)
return done(new Error('An error has occured while registering, please try later'));
done(null, user);
user.sendWelcomeEmail();
});
});
}
};
exports['@require'] = [ '$container', 'igloo/settings', 'igloo/sessions', 'models/user', 'policies' ];