UNPKG

admin-lte-express

Version:

AdminLTE 2.3.2 with express and express-handlebars.

github.com/RamEduard/admin-lte-express

RamEduard/admin-lte-express

89 lines (80 loc) 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/** * Module dependencies. */ var hash = require('./pass').hash, db = require('../../db'); var Auth = exports.Auth = {}; Auth.authenticate = function(username, pass, fn) { if (!module.parent) console.log('authenticating %s:%s', username, pass); db.findByUsername(username, function(err, user) { // query the db for the given username if (!user) return fn(new Error('cannot find user')); // apply the same algorithm to the POSTed password, applying // the hash against the pass / salt, if there is a match we // found the user hash(pass, user.salt, function(err, hash){ if (err) return fn(err); if (hash == user.hash) return fn(null, user); fn(new Error('invalid password')); }); }); } Auth.restrict = function(req, res, next) { if (req.session.user) { next(); } else { req.session.error = 'Access denied!'; res.redirect('/login'); } } Auth.load = function(parentApp) { // when you create a user, generate a salt // and hash the password ('foobar' is the pass here) var criptUsers = function(req, res, next) { db.users.forEach(function(user, index) { hash(user.password, function(err, salt, hash) { if (err) throw err; // store the salt & hash in the "db" db.users[index].salt = salt; db.users[index].hash = hash; }); }); next(); }; parentApp.get('/logout', 'logout', function(req, res){ // destroy the user's session to log them out // will be re-created next request req.session.destroy(function(){ res.redirect('/login'); }); }); parentApp.get('/login', 'login', criptUsers, function(req, res) { res.render('user/login', { title: 'Login', layout: 'auth' }); }); parentApp.post('/login', function(req, res){ Auth.authenticate(req.body.username, req.body.password, function(err, user){ if (user) { // Regenerate session when signing in // to prevent fixation req.session.regenerate(function(){ // Store the user's primary key // in the session store to be retrieved, // or in this case the entire user object req.session.user = user; req.session.success = 'Authenticated as ' + user.displayName + ' click to <a href="/logout">logout</a>. ' + ' You may now access <a href="' + parentApp.locals.url('dashboard.v1') + '">' + parentApp.locals.url('dashboard.v1') + '</a>.'; res.redirect('/login'); }); } else { req.session.error = 'Authentication failed, please check your ' + ' username and password.' + ' (use "admin" and "admin")'; res.redirect('/login'); } }); }); };