mirror of
https://github.com/KevinMidboe/zoff.git
synced 2025-10-29 18:00:23 +00:00
275 lines
7.5 KiB
JavaScript
275 lines
7.5 KiB
JavaScript
var express = require("express");
|
|
var app = express();
|
|
|
|
import {
|
|
publicPath,
|
|
pathThumbnails
|
|
} from "../settings/globals";
|
|
|
|
var exphbs = require("express-handlebars");
|
|
var hbs = exphbs.create({
|
|
defaultLayout: publicPath + "/layouts/admin/main",
|
|
layoutsDir: publicPath + "/layouts",
|
|
partialsDir: publicPath + "/partials"
|
|
});
|
|
|
|
var passport = require("passport");
|
|
var LocalStrategy = require("passport-local").Strategy;
|
|
var mongoose = require("mongoose");
|
|
var mongo_db_cred = require(pathThumbnails + "/config/mongo_config.js");
|
|
var mongojs = require("mongojs");
|
|
var token_db = mongojs("tokens");
|
|
var bodyParser = require("body-parser");
|
|
var session = require("express-session");
|
|
var MongoStore = require("connect-mongo")(session);
|
|
var api = require(pathThumbnails + "/routing/admin/api.js");
|
|
|
|
var compression = require("compression");
|
|
var User = require(pathThumbnails + "/models/user.js");
|
|
var url = "mongodb://" + mongo_db_cred.host + "/" + mongo_db_cred.users;
|
|
mongoose.connect(url);
|
|
|
|
app.engine("handlebars", hbs.engine);
|
|
app.set("view engine", "handlebars");
|
|
app.use(compression({
|
|
filter: shouldCompress
|
|
}));
|
|
|
|
function shouldCompress(req, res) {
|
|
if (req.headers["x-no-compression"]) {
|
|
// don't compress responses with this request header
|
|
return false;
|
|
}
|
|
|
|
// fallback to standard filter function
|
|
return compression.filter(req, res);
|
|
}
|
|
app.set("trust proxy", "127.0.0.1");
|
|
|
|
var bodyParser = require("body-parser");
|
|
var referrerPolicy = require("referrer-policy");
|
|
var helmet = require("helmet");
|
|
var featurePolicy = require("feature-policy");
|
|
app.use(
|
|
featurePolicy({
|
|
features: {
|
|
fullscreen: ["*"],
|
|
payment: ["'none'"],
|
|
microphone: ["'none'"],
|
|
camera: ["'none'"],
|
|
speaker: ["*"],
|
|
syncXhr: ["'self'"]
|
|
}
|
|
})
|
|
);
|
|
app.use(
|
|
helmet({
|
|
frameguard: false
|
|
})
|
|
);
|
|
app.use(referrerPolicy({
|
|
policy: "origin-when-cross-origin"
|
|
}));
|
|
app.enable("view cache");
|
|
app.set("views", publicPath);
|
|
app.use(bodyParser.json()); // to support JSON-encoded bodies
|
|
app.use(
|
|
bodyParser.urlencoded({
|
|
extended: true
|
|
})
|
|
);
|
|
app.use(
|
|
session({
|
|
secret: mongo_db_cred.secret,
|
|
resave: true,
|
|
saveUninitialized: true,
|
|
store: new MongoStore({
|
|
url: url,
|
|
useNewUrlParser: true,
|
|
collection: "sessions",
|
|
ttl: mongo_db_cred.expire
|
|
})
|
|
})
|
|
); // session secret
|
|
app.use(passport.initialize());
|
|
app.use(passport.session()); // persistent login sessions
|
|
|
|
|
|
passport.serializeUser(function (user, done) {
|
|
done(null, user.id);
|
|
});
|
|
|
|
// used to deserialize the user
|
|
passport.deserializeUser(function (id, done) {
|
|
User.findById(id, function (err, user) {
|
|
done(err, user);
|
|
});
|
|
});
|
|
|
|
passport.use(
|
|
"local-signup",
|
|
new LocalStrategy({
|
|
// by default, local strategy uses username and password, we will override with username
|
|
usernameField: "username",
|
|
passwordField: "password",
|
|
passReqToCallback: true // allows us to pass back the entire request to the callback
|
|
},
|
|
function (req, username, password, done) {
|
|
// asynchronous
|
|
// User.findOne wont fire unless data is sent back
|
|
process.nextTick(function () {
|
|
// find a user whose username is the same as the forms username
|
|
// we are checking to see if the user trying to login already exists
|
|
var token = req.body.token;
|
|
token_db
|
|
.collection("tokens")
|
|
.find({
|
|
token: token
|
|
}, function (err, docs) {
|
|
if (docs.length == 1) {
|
|
token_db
|
|
.collection("tokens")
|
|
.remove({
|
|
token: token
|
|
}, function (err, docs) {
|
|
User.findOne({
|
|
username: username
|
|
}, function (err, user) {
|
|
// if there are any errors, return the error
|
|
if (err) return done(err);
|
|
|
|
// check to see if theres already a user with that username
|
|
if (user) {
|
|
return done(null, false);
|
|
} else {
|
|
// if there is no user with that username
|
|
// create the user
|
|
var newUser = new User();
|
|
|
|
// set the user's local credentials
|
|
newUser.username = username;
|
|
newUser.password = newUser.generateHash(password);
|
|
|
|
// save the user
|
|
newUser.save(function (err) {
|
|
if (err) throw err;
|
|
return done(null, newUser);
|
|
});
|
|
}
|
|
});
|
|
});
|
|
} else {
|
|
return done(null, false);
|
|
}
|
|
});
|
|
});
|
|
}
|
|
)
|
|
);
|
|
|
|
passport.use(
|
|
"local-login",
|
|
new LocalStrategy({
|
|
// by default, local strategy uses username and password, we will override with email
|
|
usernameField: "username",
|
|
passwordField: "password",
|
|
passReqToCallback: true // allows us to pass back the entire request to the callback
|
|
},
|
|
function (req, username, password, done) {
|
|
// callback with email and password from our form
|
|
|
|
// find a user whose email is the same as the forms email
|
|
// we are checking to see if the user trying to login already exists
|
|
User.findOne({
|
|
username: username
|
|
}, function (err, user) {
|
|
// if there are any errors, return the error before anything else
|
|
if (err) return done(err);
|
|
|
|
// if no user is found, return the message
|
|
if (!user) return done(null, false); // req.flash is the way to set flashdata using connect-flash
|
|
|
|
// if the user is found but the password is wrong
|
|
if (!user.validPassword(password)) return done(null, false); // create the loginMessage and save it to session as flashdata
|
|
|
|
// all is well, return successful user
|
|
|
|
return done(null, user);
|
|
});
|
|
}
|
|
)
|
|
);
|
|
|
|
app.post(
|
|
"/signup",
|
|
passport.authenticate("local-signup", {
|
|
successRedirect: "/", // redirect to the secure profile section
|
|
failureRedirect: "/signup", // redirect back to the signup page if there is an error
|
|
failureFlash: true // allow flash messages
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
"/login",
|
|
passport.authenticate("local-login", {
|
|
successRedirect: "/", // redirect to the secure profile section
|
|
failureRedirect: "/login#failed", // redirect back to the signup page if there is an error
|
|
failureFlash: true // allow flash messages
|
|
})
|
|
);
|
|
|
|
app.use("/login", isLoggedInTryingToLogIn, function (req, res) {
|
|
var data = {
|
|
where_get: "not_authenticated"
|
|
};
|
|
|
|
res.render("layouts/admin/not_authenticated", data);
|
|
});
|
|
|
|
app.use("/signup", isLoggedInTryingToLogIn, function (req, res) {
|
|
var data = {
|
|
where_get: "not_authenticated"
|
|
};
|
|
|
|
res.render("layouts/admin/not_authenticated", data);
|
|
});
|
|
|
|
app.use("/", api);
|
|
|
|
app.use("/logout", function (req, res) {
|
|
req.logout();
|
|
res.redirect("/login");
|
|
});
|
|
|
|
app.use("/assets/admin/authenticated", function (req, res, next) {
|
|
if (!req.isAuthenticated()) {
|
|
res.sendStatus(403);
|
|
return;
|
|
}
|
|
return next();
|
|
});
|
|
|
|
app.use("/assets", express.static(publicPath + "/assets"));
|
|
|
|
app.use("/", isLoggedIn, function (req, res) {
|
|
var data = {
|
|
where_get: "authenticated",
|
|
year: new Date().getYear() + 1900
|
|
};
|
|
|
|
res.render("layouts/admin/authenticated", data);
|
|
});
|
|
|
|
function isLoggedInTryingToLogIn(req, res, next) {
|
|
if (!req.isAuthenticated()) {
|
|
return next();
|
|
}
|
|
res.redirect("/");
|
|
}
|
|
|
|
function isLoggedIn(req, res, next) {
|
|
if (req.isAuthenticated()) return next();
|
|
res.redirect("/login");
|
|
}
|
|
|
|
module.exports = app; |