UNPKG

landmark-serve

Version:

Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose

github.com/RiversideLabs/landmark

RiversideLabs/landmark

173 lines (130 loc) 4.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
var landmark = require('../'), crypto = require('crypto'); /** * Creates a hash of str with Landmark's cookie secret. * Only hashes the first half of the string. */ var hash = function(str) { // force type str = '' + str; // get the first half str = str.substr(0, Math.round(str.length / 2)); // hash using sha256 return crypto .createHmac('sha256', landmark.get('cookie secret')) .update(str) .digest('base64') .replace(/\=+$/, ''); }; /** * Signs in a user user matching the lookup filters * * @param {Object} lookup - must contain email and password * @param {Object} req - express request object * @param {Object} res - express response object * @param {function()} onSuccess callback, is passed the User instance * @param {function()} onFail callback */ exports.signin = function(lookup, req, res, onSuccess, onFail) { if (!lookup) { return onFail(new Error('session.signin requires a User ID or Object as the first argument')); } var User = landmark.list(landmark.get('user model')); var doSignin = function(user) { req.session.regenerate(function() { req.user = user; req.session.userId = user.id; // if the user has a password set, store a persistence cookie to resume sessions if (landmark.get('cookie signin') && user.password) { var userToken = user.id + ':' + hash(user.password); res.cookie('landmark.uid', userToken, { signed: true, httpOnly: true }); } onSuccess(user); }); }; if ('string' === typeof lookup.email && 'string' === typeof lookup.password) { // match email address and password User.model.findOne({ email: lookup.email }).exec(function(err, user) { if (user) { user._.password.compare(lookup.password, function(err, isMatch) { if (!err && isMatch) { doSignin(user); } else { onFail(err); } }); } else { onFail(err); } }); } else { lookup = '' + lookup; // match the userId, with optional password check var userId = (lookup.indexOf(':') > 0) ? lookup.substr(0, lookup.indexOf(':')) : lookup, passwordCheck = (lookup.indexOf(':') > 0) ? lookup.substr(lookup.indexOf(':') + 1) : false; User.model.findById(userId).exec(function(err, user) { if (user && (!passwordCheck || passwordCheck === hash(user.password))) { doSignin(user); } else { onFail(err); } }); } }; /** * Signs the current user out and resets the session * * @param {Object} req - express request object * @param {Object} res - express response object * @param {function()} next callback */ exports.signout = function(req, res, next) { res.clearCookie('landmark.uid'); req.user = null; req.session.regenerate(next); }; /** * Middleware to ensure session persistence across server restarts * * Looks for a userId cookie, and if present, and there is no user signed in, * automatically signs the user in. * * @param {Object} req - express request object * @param {Object} res - express response object * @param {function()} next callback */ exports.persist = function(req, res, next) { var User = landmark.list(landmark.get('user model')); if (landmark.get('cookie signin') && !req.session.userId && req.signedCookies['landmark.uid'] && req.signedCookies['landmark.uid'].indexOf(':') > 0) { var _next = function() { next(); }; // otherwise the matching user is passed to next() which messes with the middleware signature exports.signin(req.signedCookies['landmark.uid'], req, res, _next, _next); } else if (req.session.userId) { User.model.findById(req.session.userId).exec(function(err, user) { if (err) { return next(err); } req.user = user; next(); }); } else { next(); } }; /** * Middleware to enable access to Landmark * * Bounces the user to the signin screen if they are not signed in or do not have permission. * * @param {Object} req - express request object * @param {Object} res - express response object * @param {function()} next callback */ exports.landmarkAuth = function(req, res, next) { if (!req.user || !req.user.canAccessLandmark) { var from = new RegExp('^\/landmark\/?$', 'i').test(req.url) ? '' : '?from=' + req.url; return res.redirect(landmark.get('signin url') + from); } next(); };