* user login logout signup actions

* passport config local strategy

Author: pmontp19

app.js

@@ -1,24 +1,43 @@
 var createError = require('http-errors');
 var express = require('express');
+var session = require('express-session')
 var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
+var MongoStore = require('connect-mongo')(session)
 var mongoose = require('mongoose')
+var dotenv = require('dotenv')
+var passport = require('passport')
+var flash = require('express-flash')
 
-var indexRouter = require('./routes/index');
-var usersRouter = require('./routes/users');
+dotenv.config({ path: '.env' });
+
+const passportConfig = require('./config/passport')
 
 var app = express();
 
 
 // database connection
 mongoose.set('useNewUrlParser', true)
-mongoose.connect(preocess.env.MONGODB_URI)
+mongoose.connect(process.env.MONGODB_URI)
 mongoose.connection.on('error', (err) => {
   console.error(err)
   console.log('%s MongoDB connection error.', chalk.red('✗'))
   process.exit()
 })
+app.use(session({
+  resave: true,
+  saveUninitialized: true,
+  secret: process.env.SESSION_SECRET,
+  cookie: { maxAge: 1209600000 }, // two weeks in milliseconds
+  store: new MongoStore({
+    url: process.env.MONGODB_URI,
+    autoReconnect: true,
+  })
+}));
+app.use(passport.initialize())
+app.use(passport.session())
+app.use(flash())
 
 // view engine setup
 app.set('views', path.join(__dirname, 'views'));
@@ -30,8 +49,16 @@ app.use(express.urlencoded({ extended: false }));
 app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 
-app.use('/', indexRouter);
-app.use('/users', usersRouter);
+
+const userController = require('./controllers/user')
+const homeController = require('./controllers/home')
+
+app.get('/', homeController.index);
+app.get('/login', userController.getLogin)
+app.post('/login', userController.postLogin)
+app.get('/logout', userController.logout);
+app.get('/signup', userController.getSignup);
+app.post('/signup', userController.postSignup);
 
 // catch 404 and forward to error handler
 app.use(function(req, res, next) {

config/passport.js

@@ -0,0 +1,36 @@
+const passport = require('passport')
+const { Strategy: LocalStrategy} = require('passport-local')
+const axios = require('axios')
+const User = require('../models/Users')
+
+passport.serializeUser((user, done) => {
+  done(null, user.id);
+});
+
+passport.deserializeUser((id, done) => {
+  User.findById(id, (err, user) => {
+    done(err, user);
+  });
+});
+
+/**
+ * Sign in using Email and Password.
+ */
+ passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
+  User.findOne({ email: email.toLowerCase() }, (err, user) => {
+    if (err) { return done(err); }
+    if (!user) {
+      return done(null, false, { msg: `Email ${email} not found.` });
+    }
+    if (!user.password) {
+      return done(null, false, { msg: 'Your account was registered using a sign-in provider. To enable password login, sign in using a provider, and then set a password under your user profile.' });
+    }
+    user.comparePassword(password, (err, isMatch) => {
+      if (err) { return done(err); }
+      if (isMatch) {
+        return done(null, user);
+      }
+      return done(null, false, { msg: 'Invalid email or password.' });
+    });
+  });
+}));

controllers/home.js

@@ -0,0 +1,9 @@
+/**
+ * GET /
+ * Home page.
+ */
+ exports.index = (req, res) => {
+  res.render('home', {
+    title: 'Home'
+  });
+};

controllers/user.js

@@ -0,0 +1,196 @@
+const { promisify } = require('util');
+const crypto = require('crypto');
+const passport = require('passport');
+const validator = require('validator');
+const User = require('../models/Users');
+
+const randomBytesAsync = promisify(crypto.randomBytes);
+
+/**
+ * GET /login
+ * Login page.
+ */
+exports.getLogin = (req, res) => {
+  if (req.user) {
+    return res.redirect('/');
+  }
+  res.render('account/login', {
+    title: 'Login'
+  });
+};
+
+/**
+ * POST /login
+ * Sign in using email and password.
+ */
+exports.postLogin = (req, res, next) => {
+  const validationErrors = [];
+  if (!validator.isEmail(req.body.email)) validationErrors.push({ msg: 'Please enter a valid email address.' });
+  if (validator.isEmpty(req.body.password)) validationErrors.push({ msg: 'Password cannot be blank.' });
+
+  if (validationErrors.length) {
+    req.flash('errors', validationErrors);
+    return res.redirect('/login');
+  }
+  req.body.email = validator.normalizeEmail(req.body.email, { gmail_remove_dots: false });
+
+  passport.authenticate('local', (err, user, info) => {
+    if (err) { return next(err); }
+    if (!user) {
+      req.flash('errors', info);
+      return res.redirect('/login');
+    }
+    req.logIn(user, (err) => {
+      if (err) { return next(err); }
+      req.flash('success', { msg: 'Success! You are logged in.' });
+      res.redirect(req.session.returnTo || '/');
+    });
+  })(req, res, next);
+};
+
+/**
+ * GET /logout
+ * Log out.
+ */
+exports.logout = (req, res) => {
+  req.logout();
+  req.session.destroy((err) => {
+    if (err) console.log('Error : Failed to destroy the session during logout.', err);
+    req.user = null;
+    res.redirect('/');
+  });
+};
+
+/**
+ * GET /signup
+ * Signup page.
+ */
+exports.getSignup = (req, res) => {
+  if (req.user) {
+    return res.redirect('/');
+  }
+  res.render('account/signup', {
+    title: 'Create Account'
+  });
+};
+
+/**
+ * POST /signup
+ * Create a new local account.
+ */
+exports.postSignup = (req, res, next) => {
+  const validationErrors = [];
+  if (!validator.isEmail(req.body.email)) validationErrors.push({ msg: 'Please enter a valid email address.' });
+  if (!validator.isLength(req.body.password, { min: 8 })) validationErrors.push({ msg: 'Password must be at least 8 characters long' });
+  if (req.body.password !== req.body.confirmPassword) validationErrors.push({ msg: 'Passwords do not match' });
+
+  if (validationErrors.length) {
+    req.flash('errors', validationErrors);
+    return res.redirect('/signup');
+  }
+  req.body.email = validator.normalizeEmail(req.body.email, { gmail_remove_dots: false });
+
+  const user = new User({
+    email: req.body.email,
+    password: req.body.password
+  });
+
+  User.findOne({ email: req.body.email }, (err, existingUser) => {
+    if (err) { return next(err); }
+    if (existingUser) {
+      req.flash('errors', { msg: 'Account with that email address already exists.' });
+      return res.redirect('/signup');
+    }
+    user.save((err) => {
+      if (err) { return next(err); }
+      req.logIn(user, (err) => {
+        if (err) {
+          return next(err);
+        }
+        res.redirect('/');
+      });
+    });
+  });
+};
+
+/**
+ * GET /account
+ * Profile page.
+ */
+exports.getAccount = (req, res) => {
+  res.render('account/profile', {
+    title: 'Account Management'
+  });
+};
+
+/**
+ * POST /account/profile
+ * Update profile information.
+ */
+exports.postUpdateProfile = (req, res, next) => {
+  const validationErrors = [];
+  if (!validator.isEmail(req.body.email)) validationErrors.push({ msg: 'Please enter a valid email address.' });
+
+  if (validationErrors.length) {
+    req.flash('errors', validationErrors);
+    return res.redirect('/account');
+  }
+  req.body.email = validator.normalizeEmail(req.body.email, { gmail_remove_dots: false });
+
+  User.findById(req.user.id, (err, user) => {
+    if (err) { return next(err); }
+    if (user.email !== req.body.email) user.emailVerified = false;
+    user.email = req.body.email || '';
+    user.name = req.body.name || '';
+    user.gender = req.body.gender || '';
+    user.save((err) => {
+      if (err) {
+        if (err.code === 11000) {
+          req.flash('errors', { msg: 'The email address you have entered is already associated with an account.' });
+          return res.redirect('/account');
+        }
+        return next(err);
+      }
+      req.flash('success', { msg: 'Profile information has been updated.' });
+      res.redirect('/account');
+    });
+  });
+};
+
+/**
+ * POST /account/password
+ * Update current password.
+ */
+exports.postUpdatePassword = (req, res, next) => {
+  const validationErrors = [];
+  if (!validator.isLength(req.body.password, { min: 8 })) validationErrors.push({ msg: 'Password must be at least 8 characters long' });
+  if (req.body.password !== req.body.confirmPassword) validationErrors.push({ msg: 'Passwords do not match' });
+
+  if (validationErrors.length) {
+    req.flash('errors', validationErrors);
+    return res.redirect('/account');
+  }
+
+  User.findById(req.user.id, (err, user) => {
+    if (err) { return next(err); }
+    user.password = req.body.password;
+    user.save((err) => {
+      if (err) { return next(err); }
+      req.flash('success', { msg: 'Password has been changed.' });
+      res.redirect('/account');
+    });
+  });
+};
+
+/**
+ * POST /account/delete
+ * Delete user account.
+ */
+exports.postDeleteAccount = (req, res, next) => {
+  User.deleteOne({ _id: req.user.id }, (err) => {
+    if (err) { return next(err); }
+    req.logout();
+    req.flash('info', { msg: 'Your account has been deleted.' });
+    res.redirect('/');
+  });
+};

models/Users.js

@@ -1,4 +1,5 @@
 const mongoose = require('mongoose')
+const bcrypt = require('bcrypt')
 
 const userSchema = new mongoose.Schema({
   name: String,
@@ -11,13 +12,41 @@ const userSchema = new mongoose.Schema({
     trim: true,
     match: [/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/, 'Please fill a valid email address']
   },
-  password: String
+  password: String,
+  passwordResetToken: String,
+  passwordResetExpires: Date,
+  emailVerificationToken: String,
+  emailVerified: Boolean
 
 }, { timestamps: true })
 
+/**
+ * Password hash middleware.
+ */
+ userSchema.pre('save', function save(next) {
+  const user = this;
+  if (!user.isModified('password')) { return next(); }
+  bcrypt.genSalt(10, (err, salt) => {
+    if (err) { return next(err); }
+    bcrypt.hash(user.password, salt, (err, hash) => {
+      if (err) { return next(err); }
+      user.password = hash;
+      next();
+    });
+  });
+});
+
+/**
+ * Helper method for validating user's password.
+ */
+userSchema.methods.comparePassword = function comparePassword(candidatePassword, cb) {
+  bcrypt.compare(candidatePassword, this.password, (err, isMatch) => {
+    cb(err, isMatch);
+  });
+};
+
 const User = mongoose.model('User', userSchema)
 
 module.exports = User
 
-// TODO password
 // TODO Avatar picture from GRAVATAR?