Skip to content

Commit

Permalink
Merge branch 'addusers'
Browse files Browse the repository at this point in the history
  • Loading branch information
@victorkane
victorkane committed Jul 29, 2011
2 parents 667b659 + 9a6ce52 commit b50356f
Show file tree
Hide file tree
Showing 6 changed files with 78 additions and 32 deletions.
32 changes: 32 additions & 0 deletions models/user.js
View file
@@ -0,0 +1,32 @@
var cradle = require('cradle');
var crypto = require('crypto');

//Used to generate a hash of the plain-text password + salt
function md5(str) {
return crypto.createHash('md5').update(str).digest('hex');
}

User = function(host, port) {
this.connection= new (cradle.Connection)(host, port, {
cache: true,
raw: false
});
this.db = this.connection.database('lit-users');
};

User.prototype.login = function(login_name, login_password, callback) {
this.db.view('default/login', {key: login_name}, function(error, result) {
if( error ){
callback(error)
}else{
// TODO try first without md5 or salt, ascii in database only until we get GUI user registration going
if (result[0].value.password == login_password) {
callback(null, result);
}else{
callback('auth error');
}
}
});
};

exports.User = User;
1 change: 1 addition & 0 deletions package.json
View file
Expand Up @@ -6,5 +6,6 @@
"express": "2.3.11"
, "jade": ">= 0.0.1"
, "express-messages": "0.0.2"
, "cradle": "0.5.5"
}
}
38 changes: 7 additions & 31 deletions routes/user.js
View file
Expand Up @@ -2,21 +2,10 @@
* Module dependencies.
*/

var crypto = require('crypto');
var Text = require('../models/text');

var users = {
tj: {
name: 'tj'
, salt: 'randomly-generated-salt'
, pass: md5('foobar' + 'randomly-generated-salt')
}
};

//Used to generate a hash of the plain-text password + salt
function md5(str) {
return crypto.createHash('md5').update(str).digest('hex');
}
var User = require('../models/user').User;
var user = new User();

function restrict(req, res, next) {
console.log('visited restricted');
Expand All @@ -29,22 +18,10 @@ function restrict(req, res, next) {
}

function accessLogger(req, res, next) {
console.log('/restricted accessed by %s', req.session.user.name);
console.log('/restricted accessed by %s', req.session.user.registration_email);
next();
}

function authenticate(name, pass, fn) {
var user = users[name];
// query the db for the given username
if (!user) return fn(new Error('cannot find user'));
// apply the same algorithm to the POSTed password, applying
// the md5 against the pass / salt, if there is a match we
// found the user
if (user.pass == md5(pass + user.salt)) return fn(null, user);
// Otherwise password is invalid
fn(new Error('invalid password'));
}

function getCount (req, res, next) {
Text.count(function(err, count){
req.count = count;
Expand Down Expand Up @@ -74,22 +51,21 @@ module.exports = function(app){
});

app.post('/login', function(req, res) {
authenticate(req.body.username, req.body.password, function(err, user) {
console.log(user);
user.login(req.body.username, req.body.password, function(err, user) {
if (user) {
// Regenerate session when signing in
// to prevent fixation
req.session.regenerate(function() {
// Store the user's primary key
// in the session store to be retrieved,
// or in this case the entire user object
req.session.user = user;
req.session.user = user[0].value;
//res.redirect('back');
req.flash('info', 'Welcome _%s_', req.session.user.name);
req.flash('info', 'Welcome _%s_ _%s_', req.session.user.first_name, req.session.user.last_name);
res.redirect('/textview');
});
} else {
req.flash('error', 'Authentication failed, please check your username and password. (Use "tj" and "foobar")');
req.flash('error', 'Authentication failed, please check your username and password. (Use "tj" and "foobar" but it will not work hehe )');
res.redirect('back');
}
});
Expand Down
2 changes: 1 addition & 1 deletion views/login.jade
View file
Expand Up @@ -3,7 +3,7 @@
form#login(action=base + '/login', method='post')
p
label(for='user[username]') Username:
input(type='text', name='username', value='tj')
input(type='text', name='username', value='vk@hotmail.com')
p
label(for='user[pass]') Password:
input(type='password', name='password', value='*****')
Expand Down
20 changes: 20 additions & 0 deletions views/user/form.jade
View file
@@ -0,0 +1,20 @@

- if (user.title)
h1 Editing #{user.title}
- else
h1 New User

!= messages()

form#text(action=base + '/user' + (user.name ? '/' + user.id : ''), method='post')
- if (user.title)
input(type='hidden', name='_method', value='put')
p
label(for='user[name]') Title:
input(type='text', name='user[name]', value=user.name)
p
label(for='user[bio]') Bio:
textarea(name='user[bio]')= user.bio || ''
p
input(type='submit', value=text.title ? 'Update' : 'Register')

17 changes: 17 additions & 0 deletions views/user/index.jade
View file
@@ -0,0 +1,17 @@
.user
// Name
a.view(href=base + '/user/' + user.id)
h2
= user.name
a.edit(href=base + '/user/' + user.id + '/user') Edit

// flash messages
!= messages()

// dates
p.date.created Created at #{user.createdAt}
- if (user.updatedAt)
p.date.updated Updated at #{user.updatedAt}

// bio
pre.bio= user.bio

0 comments on commit b50356f

Please sign in to comment.