1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
var UsersDAO = require('../users').UsersDAO
, SessionsDAO = require('../sessions').SessionsDAO;
/* The SessionHandler must be constructed with a connected db */
function SessionHandler (db) {
"use strict";
var users = new UsersDAO(db);
var sessions = new SessionsDAO(db);
this.isLoggedInMiddleware = function(req, res, next) {
var session_id = req.cookies.session;
sessions.getUsername(session_id, function(err, username) {
"use strict";
if (!err && username) {
req.username = username;
}
return next();
});
}
this.displayLoginPage = function(req, res, next) {
"use strict";
return res.render("login", {username:"", password:"", login_error:""})
}
this.handleLoginRequest = function(req, res, next) {
"use strict";
var username = req.body.username;
var password = req.body.password;
console.log("user submitted username: " + username + " pass: " + password);
users.validateLogin(username, password, function(err, user) {
"use strict";
if (err) {
if (err.no_such_user) {
return res.render("login", {username:username, password:"", login_error:"No such user"});
}
else if (err.invalid_password) {
return res.render("login", {username:username, password:"", login_error:"Invalid password"});
}
else {
// Some other kind of error
return next(err);
}
}
sessions.startSession(user['_id'], function(err, session_id) {
"use strict";
if (err) return next(err);
res.cookie('session', session_id);
return res.redirect('/welcome');
});
});
}
this.displayLogoutPage = function(req, res, next) {
"use strict";
var session_id = req.cookies.session;
sessions.endSession(session_id, function (err) {
"use strict";
// Even if the user wasn't logged in, redirect to home
res.cookie('session', '');
return res.redirect('/');
});
}
this.displaySignupPage = function(req, res, next) {
"use strict";
res.render("signup", {username:"", password:"",
password_error:"",
email:"", username_error:"", email_error:"",
verify_error :""});
}
function validateSignup(username, password, verify, email, errors) {
"use strict";
var USER_RE = /^[a-zA-Z0-9_-]{3,20}$/;
var PASS_RE = /^.{3,20}$/;
var EMAIL_RE = /^[\S]+@[\S]+\.[\S]+$/;
errors['username_error'] = "";
errors['password_error'] = "";
errors['verify_error'] = "";
errors['email_error'] = "";
if (!USER_RE.test(username)) {
errors['username_error'] = "invalid username. try just letters and numbers";
return false;
}
if (!PASS_RE.test(password)) {
errors['password_error'] = "invalid password.";
return false;
}
if (password != verify) {
errors['verify_error'] = "password must match";
return false;
}
if (email != "") {
if (!EMAIL_RE.test(email)) {
errors['email_error'] = "invalid email address";
return false;
}
}
return true;
}
this.handleSignup = function(req, res, next) {
"use strict";
var email = req.body.email
var username = req.body.username
var password = req.body.password
var verify = req.body.verify
// set these up in case we have an error case
var errors = {'username': username, 'email': email}
if (validateSignup(username, password, verify, email, errors)) {
users.addUser(username, password, email, function(err, user) {
"use strict";
if (err) {
// this was a duplicate
if (err.code == '11000') {
errors['username_error'] = "Username already in use. Please choose another";
return res.render("signup", errors);
}
// this was a different error
else {
return next(err);
}
}
sessions.startSession(user['_id'], function(err, session_id) {
"use strict";
if (err) return next(err);
res.cookie('session', session_id);
return res.redirect('/welcome');
});
});
}
else {
console.log("user did not validate");
return res.render("signup", errors);
}
}
this.displayWelcomePage = function(req, res, next) {
"use strict";
if (!req.username) {
console.log("welcome: can't identify user...redirecting to signup");
return res.redirect("/signup");
}
return res.render("welcome", {'username':req.username})
}
}
module.exports = SessionHandler;
|
