Initial Commit

server/auth/auth.service.js

@@ -0,0 +1,82 @@
+'use strict';
+import config from '../config/environment';
+import jwt from 'jsonwebtoken';
+import expressJwt from 'express-jwt';
+import compose from 'composable-middleware';
+import User from '../api/user/user.model';
+
+var validateJwt = expressJwt({
+  secret: config.secrets.session
+});
+
+/**
+ * Attaches the user object to the request if authenticated
+ * Otherwise returns 403
+ */
+export function isAuthenticated() {
+  return compose()
+    // Validate jwt
+    .use(function(req, res, next) {
+      // allow access_token to be passed through query parameter as well
+      if(req.query && req.query.hasOwnProperty('access_token')) {
+        req.headers.authorization = `Bearer ${req.query.access_token}`;
+      }
+     // IE11 forgets to set Authorization header sometimes. Pull from cookie instead.
+      if(req.query && typeof req.headers.authorization === 'undefined') {
+        req.headers.authorization = `Bearer ${req.cookies.token}`;
+      }
+      validateJwt(req, res, next);
+    })
+    // Attach user to request
+    .use(function(req, res, next) {
+      User.findById(req.user._id).exec()
+        .then(user => {
+          if(!user) {
+            return res.status(401).end();
+          }
+          req.user = user;
+          next();
+        })
+        .catch(err => next(err));
+    });
+}
+
+/**
+ * Checks if the user role meets the minimum requirements of the route
+ */
+export function hasRole(roleRequired) {
+  if(!roleRequired) {
+    throw new Error('Required role needs to be set');
+  }
+
+  return compose()
+    .use(isAuthenticated())
+    .use(function meetsRequirements(req, res, next) {
+      if(config.userRoles.indexOf(req.user.role) >= config.userRoles.indexOf(roleRequired)) {
+        return next();
+      } else {
+        return res.status(403).send('Forbidden');
+      }
+    });
+}
+
+/**
+ * Returns a jwt token signed by the app secret
+ */
+export function signToken(id, role) {
+  return jwt.sign({ _id: id, role }, config.secrets.session, {
+    expiresIn: 60 * 60 * 5
+  });
+}
+
+/**
+ * Set token cookie directly for oAuth strategies
+ */
+export function setTokenCookie(req, res) {
+  if(!req.user) {
+    return res.status(404).send('It looks like you aren\'t logged in, please try again.');
+  }
+  var token = signToken(req.user._id, req.user.role);
+  res.cookie('token', token);
+  res.redirect('/');
+}

server/auth/facebook/index.js

@@ -0,0 +1,20 @@
+'use strict';
+
+import express from 'express';
+import passport from 'passport';
+import {setTokenCookie} from '../auth.service';
+
+var router = express.Router();
+
+router
+  .get('/', passport.authenticate('facebook', {
+    scope: ['email', 'user_about_me'],
+    failureRedirect: '/signup',
+    session: false
+  }))
+  .get('/callback', passport.authenticate('facebook', {
+    failureRedirect: '/signup',
+    session: false
+  }), setTokenCookie);
+
+export default router;

server/auth/facebook/passport.js

@@ -0,0 +1,34 @@
+import passport from 'passport';
+import {Strategy as FacebookStrategy} from 'passport-facebook';
+
+export function setup(User, config) {
+  passport.use(new FacebookStrategy({
+    clientID: config.facebook.clientID,
+    clientSecret: config.facebook.clientSecret,
+    callbackURL: config.facebook.callbackURL,
+    profileFields: [
+      'displayName',
+      'emails'
+    ]
+  },
+  function(accessToken, refreshToken, profile, done) {
+    User.findOne({'facebook.id': profile.id}).exec()
+      .then(user => {
+        if(user) {
+          return done(null, user);
+        }
+
+        user = new User({
+          name: profile.displayName,
+          email: profile.emails[0].value,
+          role: 'user',
+          provider: 'facebook',
+          facebook: profile._json
+        });
+        user.save()
+          .then(savedUser => done(null, savedUser))
+          .catch(err => done(err));
+      })
+      .catch(err => done(err));
+  }));
+}

server/auth/google/index.js

@@ -0,0 +1,23 @@
+'use strict';
+
+import express from 'express';
+import passport from 'passport';
+import {setTokenCookie} from '../auth.service';
+
+var router = express.Router();
+
+router
+  .get('/', passport.authenticate('google', {
+    failureRedirect: '/signup',
+    scope: [
+      'profile',
+      'email'
+    ],
+    session: false
+  }))
+  .get('/callback', passport.authenticate('google', {
+    failureRedirect: '/signup',
+    session: false
+  }), setTokenCookie);
+
+export default router;

server/auth/google/passport.js

@@ -0,0 +1,31 @@
+import passport from 'passport';
+import {Strategy as GoogleStrategy} from 'passport-google-oauth20';
+
+export function setup(User, config) {
+  passport.use(new GoogleStrategy({
+    clientID: config.google.clientID,
+    clientSecret: config.google.clientSecret,
+    callbackURL: config.google.callbackURL
+  },
+  function(accessToken, refreshToken, profile, done) {
+    User.findOne({'google.id': profile.id}).exec()
+      .then(user => {
+        if(user) {
+          return done(null, user);
+        }
+
+        user = new User({
+          name: profile.displayName,
+          email: profile.emails[0].value,
+          role: 'user',
+          username: profile.emails[0].value.split('@')[0],
+          provider: 'google',
+          google: profile._json
+        });
+        user.save()
+          .then(savedUser => done(null, savedUser))
+          .catch(err => done(err));
+      })
+      .catch(err => done(err));
+  }));
+}

server/auth/index.js

@@ -0,0 +1,17 @@
+'use strict';
+import express from 'express';
+import config from '../config/environment';
+import User from '../api/user/user.model';
+
+// Passport Configuration
+require('./local/passport').setup(User, config);
+require('./facebook/passport').setup(User, config);
+require('./google/passport').setup(User, config);
+
+var router = express.Router();
+
+router.use('/local', require('./local').default);
+router.use('/facebook', require('./facebook').default);
+router.use('/google', require('./google').default);
+
+export default router;

server/auth/local/index.js

@@ -0,0 +1,24 @@
+'use strict';
+
+import express from 'express';
+import passport from 'passport';
+import {signToken} from '../auth.service';
+
+var router = express.Router();
+
+router.post('/', function(req, res, next) {
+  passport.authenticate('local', function(err, user, info) {
+    var error = err || info;
+    if(error) {
+      return res.status(401).json(error);
+    }
+    if(!user) {
+      return res.status(404).json({message: 'Something went wrong, please try again.'});
+    }
+
+    var token = signToken(user._id, user.role);
+    res.json({ token });
+  })(req, res, next);
+});
+
+export default router;

server/auth/local/passport.js

@@ -0,0 +1,35 @@
+import passport from 'passport';
+import {Strategy as LocalStrategy} from 'passport-local';
+
+function localAuthenticate(User, email, password, done) {
+  User.findOne({
+    email: email.toLowerCase()
+  }).exec()
+    .then(user => {
+      if(!user) {
+        return done(null, false, {
+          message: 'This email is not registered.'
+        });
+      }
+      user.authenticate(password, function(authError, authenticated) {
+        if(authError) {
+          return done(authError);
+        }
+        if(!authenticated) {
+          return done(null, false, { message: 'This password is not correct.' });
+        } else {
+          return done(null, user);
+        }
+      });
+    })
+    .catch(err => done(err));
+}
+
+export function setup(User/*, config*/) {
+  passport.use(new LocalStrategy({
+    usernameField: 'email',
+    passwordField: 'password' // this is the virtual field on the model
+  }, function(email, password, done) {
+    return localAuthenticate(User, email, password, done);
+  }));
+}