Allan 16

.gitignore

@@ -0,0 +1,2 @@
+node_modules
+dotenv

lib/basic-auth-middleware.js

@@ -0,0 +1,36 @@
+'use strict';
+
+const createError = require('http-errors');
+const debug = require('debug')('labapp:basic-auth-middleware');
+
+module.exports = function(req, res, next) {
+  debug('basic auth');
+
+  var authHeader = req.headers.authorization;
+  if(!authHeader) {
+    return next(createError(401, 'authorization header required'));
+  }
+
+  var base64str = authHeader.split('Basic ')[1];
+  if(!base64str) {
+    return next(createError(401, 'username and password required'));
+  }
+
+  var utf8str = new Buffer(base64str, 'base64').toString();
+  var authArr = utf8str.split(':');
+
+  req.auth = {
+    username: authArr[0],
+    password: authorArr[1]
+  }
+
+  if(!req.auth.username) {
+    return next(createError(401, 'username required'));
+  }
+
+  if(!req.auth.password) {
+    return next(createERror(401, 'password required'));
+  }
+
+  next();
+}

lib/error-middleware.js

@@ -0,0 +1,28 @@
+'use strict';
+
+const createError = require('http-errors');
+const debug = require('debug')('labapp:error-middleware');
+
+module.exports = function(err, req, res, next) {
+  debug('error middleware');
+
+  console.error('message:', err.message);
+  console.error('name:', err.name);
+
+  if(err.status) {
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  if(err.name === 'ValidationError') {
+    err = createError(400, err.message);
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  err = createError(500, err.message);
+  res.status(err.status).send(err.name);
+  next();
+}

model/user.js

@@ -0,0 +1,75 @@
+'use strict';
+
+const crypto = require('crypto');
+const bcrypt = require('bcrypt');
+const jwt = require('jsonwebtoken');
+const mongoose = require('mongoose');
+const createError = require('http-errors');
+const Promise = require('bluebird');
+const debug = require('debug')('labapp:user');
+
+const Schema = mongoose.Schema;
+
+const userSchema = Schema({
+  username: { type: String, required: true, unique: true },
+  email: { type: String, required: true, unique: true },
+  password: { type: String, required: true },
+  findHash: { type: String, unique: true }
+});
+
+userSchema.methods.generatePasswordHash = function(password) {
+  debug('generate password hash');
+
+  return new Promise((resolve, reject) => {
+    bcrypt.hash(password, 10, (err, hash) => {
+      if(err) return reject(err);
+      this.password = hash;
+      resolve(this);
+    });
+  });
+}
+
+userSchema.methods.comparePasswordHash = function(password) {
+  debug('compare password hash');
+
+  return new Promise((resolve, reject) => {
+    bcrypt.compare(password, this.password, (err, valid) => {
+      if(err) return reject(err);
+      if(!valid) return reject(createError(401, 'invalid password'));
+      resolve(this);
+    });
+  });
+}
+
+userSchema.methods.generateFindHash = function() {
+  debug('generate find hash');
+
+  return new Promise((resolve, reject) => {
+    let tries = 0;
+
+    _generateFindHash.call(this);
+
+    function _generateFindHash() {
+      this.findHash = crypto.randomBytes(32).toString('hex');
+      this.save()
+      .then(() => resolve(this.findHash))
+      .catch(err => {
+        if(tries > 3) return reject(err);
+        tries++;
+        _generateFindHash.call(this);
+      });
+    }
+  });
+}
+
+userSchema.methods.generateToken = function(password) {
+  debug('generate token');
+
+  return new Promise((resolve, reject) => {
+    this.generateFindHash()
+    .then(findHash => resolve(jwt.sign({ token: findHash }, process.env.APP_SECRET)))
+    .catch(err => reject(err));
+  });
+}
+
+module.exports = mongoose.model('user', userSchema);