You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 23, 2019. It is now read-only.
* Setup connect, express, socket, and the connect-redis session store
31
+
*/
32
+
varexpress=require('express')
33
+
,app=express.createServer()
34
+
,connect=require('connect')
35
+
,jade=require('jade')
36
+
,socket=require('socket.io').listen(app)
37
+
,redisStore=require('connect-redis');
19
38
20
-
//configure express to use jade
21
39
app.set('view engine','jade');
22
40
app.set('view options',{layout: false});
23
-
24
-
//configure express to use redis as session store
25
41
app.use(express.bodyParser());
26
42
app.use(express.cookieParser());
27
43
app.use(express.session({store: newredisStore(),secret: 'Secretly I am an elephant'}));
28
44
29
-
30
-
//setup routes
31
-
app.get('/logout',function(req,res){
32
-
// destroy the user's session to log them out
33
-
// will be re-created next request
34
-
req.session.destroy(function(){
35
-
res.redirect('home');
36
-
});
37
-
});
38
-
45
+
/**
46
+
* Route: GET /login
47
+
*
48
+
* Template: login.jade
49
+
*/
39
50
app.get('/login',function(req,res){
40
51
res.render('login');
41
52
});
42
53
43
-
54
+
/**
55
+
* Route: POST /login
56
+
*
57
+
* Calls the authentication module to verify login details. Failures are redirected back to the login page.
58
+
*
59
+
* If the authentication module gives us a user object back, we ask connect to regenerate the session and send the client back to index. Note: we specify a _long_ cookie age so users won't have to log in frequently. We also set the httpOnly flag to false (I know, not so secure) to make the cookie available over [Flash Sockets](http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/Socket.html).
//This method decides what a valid login looks like. In this case, just verify that we have a session object for the user
143
+
/**
144
+
* Middleware that decides what a valid login looks like. In this case, just verify that we have a session object for the user.
145
+
*
146
+
* This is an express [route middleware](http://expressjs.com/guide.html#route-middleware). Control is passed to the middleware function before the route function is called. We use restrictAccess() to verify that we have a valid user key in the session, implying that authentication has succeeded, before we send the client to the index.jade template. If we do not have a valid user in the session, then we redirect to the '/login' route. This effectively locks down our '/' route from unauthenticated access. You could add the restrictAccess() all to any route you want to protect.
147
+
*/
96
148
functionrestrictAccess(req,res,next){
97
149
if(req.session.user){
98
150
next();
@@ -107,17 +159,28 @@ function restrictAccess(req, res, next) {
107
159
varactiveClients=0;
108
160
varnodeChatModel=newmodels.NodeChatModel();
109
161
110
-
162
+
/**
163
+
* When we have a client that shouldn't be connected, __kick 'em off!__'
* connectSession() is a helper method that will verify a client's validity by checking for a cookie in the request header, then, if we find it, _pulling their session out of redis_.
180
+
*
181
+
* We then use the helper method in the 'connection' handler for our socket listener. Instead accepting any user connection, we are going to check that the client has a valid session (meaning they logged in). If they don't, give them the boot! If they do, then we store a copy of the session data (yay we have access!) in the client object and then setup the rest of the socket events. Finally, send them a welcome message just to prove that we remembered their profile.
182
+
*/
119
183
socket.on('connection',function(client){
120
-
// helper function that goes inside your socket connection
Copy file name to clipboardExpand all lines: lib/auth.js
+68-25Lines changed: 68 additions & 25 deletions
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,15 @@
1
-
/* Auth.js
1
+
/*! Auth.js
2
2
*
3
3
* Handles new user accounts and authentication
4
-
*
5
4
*/
6
5
6
+
/*
7
+
* This will be a [CommonJS module](http://www.commonjs.org/) so we need to start off with some setup.
8
+
*
9
+
* Here we are checking to see if this code is included as a module. If it is, we go ahead and include our dependencies (in this case, our models lib, redis, and hash + friends). If we are not a module, we may as well explode because the rest of the code won't run without redis and hash.
10
+
*/
7
11
(function(){
8
12
if(typeofexports!=='undefined'){
9
-
auth=exports;
10
13
redis=require('redis');
11
14
rc=redis.createClient();
12
15
models=require('../models/models');
@@ -17,10 +20,18 @@
17
20
require('hash');
18
21
}
19
22
else{
20
-
auth=this.auth={};
23
+
thrownewError('auth.js must be loaded as a module.');
21
24
}
22
25
23
-
auth.authenticateUser=function(name,pass,fn){
26
+
/**
27
+
* Checks to see if the user exists in redis. If it does, it calls verifyUserAccount(). Otherwise callback with an error.
28
+
*
29
+
* @param: {string} name
30
+
* @param: {string} pass
31
+
* @param: {function} fn
32
+
* @api: public
33
+
*/
34
+
exports.authenticateUser=function(name,pass,fn){
24
35
console.log('[authenticate] Starting auth for '+name+' with password '+pass);
25
36
26
37
varrKey='user:'+name;
@@ -32,42 +43,74 @@
32
43
}
33
44
else{
34
45
console.log('[authenticateUser] user: '+name+' found in store. Verifying password.');
* Verifies that the two passwords match, then use the current timestamp to salt a hash of the password. Store it all in a user model which we will save as a poor man's profile if everything succeeds.
102
+
*
103
+
* Any failure along the way means we callback with an error.
0 commit comments