Route for badge image.

app.js

@@ -30,7 +30,11 @@ app.configure(function () {
   app.use(middleware.session());
   app.use(express.static(path.join(__dirname, 'public')));
   app.use(user.requireAuth({
-    whitelist: ['/login', '/logout'],
+    whitelist: [
+      '/login',
+      '/logout',
+      '/badge/*'
+    ],
     redirectTo: '/login'
   }));
   app.use(app.router);
@@ -74,6 +78,16 @@ app.get('/admin/behavior', admin.newBehaviorForm);
 
 // create a new behavior
 app.post('/admin/behavior', behavior.create);
+
+// get the badge image
+app.get('/badge/image/:shortname.png', [
+  badge.findByShortname({
+    container: 'param',
+    field: 'shortname',
+    required: true
+  })
+], badge.image);
+
 app.get('/login', user.login);
 app.post('/login', user.login);
 app.get('/logout', user.logout);

routes/badge.js

@@ -53,6 +53,12 @@ exports.removeBehavior = function removeBehavior(req, res) {
   });
 };
 
+exports.image = function image(req, res) {
+  var badge = req.badge;
+  res.type('image/png');
+  res.send(badge.image);
+};
+
 exports.findByShortname = function (options) {
   var required = !!options.required;
 

routes/user.js

@@ -24,11 +24,22 @@ exports.logout = function logout(req, res) {
 };
 
 exports.requireAuth = function requireAuth(options) {
-  var whitelist = options.whitelist || [];
+  var whitelist = (options.whitelist || []).map(function (entry) {
+    entry = entry.replace('*', '.*?');
+    return RegExp('^' + entry + '$');
+  });
+  function isExempt(path) {
+    var i = whitelist.length;
+    while (i--) {
+      if (whitelist[i].test(path))
+        return true
+    }
+    return false;
+  }
   return function (req, res, next) {
     var path = req.path;
     var user = req.session.user;
-    if (whitelist.indexOf(path) > -1)
+    if (isExempt(path))
       return next();
     if (!user || !userIsAuthorized(user))
       return res.redirect(options.redirectTo + '?path=' + path);