INIT

.editorconfig

@@ -0,0 +1,10 @@
+# editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.gitignore

@@ -0,0 +1,120 @@
+################################################
+###############  .gitignore   ##################
+################################################
+#
+# This file is only relevant if you are using git.
+#
+# Files which match the splat patterns below will
+# be ignored by git.  This keeps random crap and
+# sensitive credentials from being uploaded to 
+# your repository.  It allows you to configure your
+# app for your machine without accidentally
+# committing settings which will smash the local 
+# settings of  other developers on your team. 
+#
+# Some reasonable defaults are included below,
+# but, of course, you should modify/extend/prune
+# to fit your needs!
+################################################
+
+
+
+
+################################################
+# Local Configuration
+#
+# Explicitly ignore files which contain:
+#
+# 1. Sensitive information you'd rather not push to
+#    your git repository.
+#    e.g., your personal API keys or passwords.
+#
+# 2. Environment-specific configuration
+#    Basically, anything that would be annoying
+#    to have to change every time you do a 
+#    `git pull`
+#    e.g., your local development database, or
+#    the S3 bucket you're using for file uploads
+#    development.
+# 
+################################################
+
+config/local.js
+config/connections.js
+config/session.js
+
+
+
+
+
+################################################
+# Dependencies
+#
+# When releasing a production app, you may 
+# consider including your node_modules and
+# bower_components directory in your git repo,
+# but during development, its best to exclude it,
+# since different developers may be working on
+# different kernels, where dependencies would
+# need to be recompiled anyway.
+#
+# More on that here about node_modules dir:
+# http://www.futurealoof.com/posts/nodemodules-in-git.html
+# (credit Mikeal Rogers, @mikeal)
+#
+# About bower_components dir, you can see this:
+# http://addyosmani.com/blog/checking-in-front-end-dependencies/
+# (credit Addy Osmani, @addyosmani)
+# 
+################################################
+
+node_modules
+bower_components
+
+
+
+
+################################################
+# Sails.js / Waterline / Grunt
+#
+# Files generated by Sails and Grunt, or related
+# tasks and adapters.
+################################################
+.tmp
+dump.rdb
+
+
+
+
+
+################################################
+# Node.js / NPM
+#
+# Common files generated by Node, NPM, and the
+# related ecosystem.
+################################################
+lib-cov
+*.seed
+*.log
+*.out
+*.pid
+npm-debug.log
+
+
+
+
+
+################################################
+# Miscellaneous
+#
+# Common files generated by text editors,
+# operating systems, file systems, etc.
+################################################
+
+*~
+*#
+.DS_STORE
+.netbeans
+nbproject
+.idea
+.node_history

.sailsrc

@@ -0,0 +1,8 @@
+{
+  "generators": {
+    "modules": {}
+  },
+  "hooks": {
+    "grunt": false
+  }
+}

README.md

@@ -0,0 +1,38 @@
+# sails-passport
+
+Boilerplate to generate quick pure RESTful API with sailsjs + MySQL + passport and jwt token authentication 
+
+## Available Routes:
+* POST /register (with new email & password key value)
+* POST /auth/login (with existed email & password key value) -> return token
+* GET /auth/validate_token (with key:Authorization & value: 'Bearer `<your valid token>`' in header)
+* GET /quote/open (to access random Chuck Norris quote)
+* GET /quote/protected (with valid token in header to access protected random Chuck Norris quote) 
+
+## Key Features:
+### Version 0.0.1
+* Sailsjs web framework with all their features
+* Authentification with passportjs (local) and JSON Web Token
+* MySQL database connection
+* Enable CORS for access from different application
+* Password encrypted (with bcrypt)
+* Email checking
+* Random Chuck Norris Quote! 
+
+## HOW TO:
+* Clone this repo and `cd` to your destined folder
+* Make sure your MySQL server is running
+* Change the value of `mysqlServer` in `/config/connections` to reflect your own MySQL setup conf (make sure to use new dedicated database since it will alter the database, unless you change the config in connections.js )
+* run `npm install`
+* run `sails lift`
+
+### DISCLAIMER! 
+This is as minimal as it can be. Use it as your boilerplate to startup your REST API server, and as your playground to understand sailsjs concept + setup Passport authentification in server.
+For Accessing the functionality, you can use postman or better yet, download my other repo [angular-passport](https://github.com/zuhrasofyan/angular-passport).
+[MIT License](https://github.com/angular/angular.js/blob/master/LICENSE)
+
+Copyright 2016 &copy; Zuhra Sofyan
+
+
+
+

api/controllers/AuthController.js

@@ -0,0 +1,27 @@
+/**
+ * AuthController
+ *
+ * @description :: Server-side logic for managing auths
+ * @help        :: See http://sailsjs.org/#!/documentation/concepts/Controllers
+ */
+
+var auth = require('../services/auth');
+
+module.exports = {
+    register: function (req,res) {
+        auth.register(req,res);
+    },
+    login: function (req, res) {
+        auth.login(req, res);
+    },
+    validate_token: function (req, res) {
+        auth.isvalidtoken(req, res);
+    },
+    logout: function(req, res){
+        //req.logout is passportjs function to clear user information. see http://passportjs.org/docs
+        req.logout();
+        req.session.destroy();
+        res.send(200);
+    }
+};
+

api/controllers/QuoteController.js

@@ -0,0 +1,17 @@
+/**
+ * QuoteController
+ *
+ * @description :: Server-side logic for managing quotes
+ * @help        :: See http://sailsjs.org/#!/documentation/concepts/Controllers
+ */
+
+module.exports = {
+    getQuote: function(req, res) {
+        return res.json({ quote: quoter.getRandomOne() });
+    },
+
+    getProtectedQuote: function(req, res) {
+        return res.json({ quote: quoter.getRandomOne() });
+    }
+};
+

api/controllers/UserController.js

@@ -0,0 +1,60 @@
+/**
+ * UserController
+ *
+ * @description :: Server-side logic for managing users
+ * @help        :: See http://sailsjs.org/#!/documentation/concepts/Controllers
+ */
+var EmailAddresses = require('machinepack-emailaddresses');
+
+module.exports = {
+    register: function (req, res) {
+        var email = req.param('email');
+        var password = req.param('password');
+
+        //validate request
+        if (_.isUndefined(req.param('email'))) {  
+            return res.badRequest('An email address is required!');  
+        }
+        if (_.isUndefined(req.param('password'))) {
+            return res.badRequest('A password is required');
+        }
+        if (req.param('password').length < 6) {
+            return res.badRequest('A password must be at least 6 character')
+        }
+        EmailAddresses.validate({
+            string: email
+        }).exec({
+            error : function (err) {
+                return res.serverError(err);
+            },
+            invalid: function () {
+                return res.badRequest('Does not looks like an email address for me :)');
+            },
+            success : function () {
+                User.findOne({email:email}).exec(function (err, result){
+                    //validate from database
+                    if (err) {
+                        return res.serverError(err);
+                    } else if (result) {
+                        return res.badRequest('Email already used!');
+                    } else {
+
+                        User.create({username:email, email:email, password:password}).exec(function (err, result){
+                            if (err) {
+                                return res.serverError(err);
+                                //return res.badRequest('Error create user');
+                            }
+                            return res.ok();
+                        })
+                    }
+                });
+            }
+
+        })
+
+
+
+        //res.send({message: 'TODO: register User'});
+    }
+};
+

api/models/User.js

@@ -0,0 +1,53 @@
+/**
+ * User.js
+ *
+ * @description :: TODO: You might write a short summary of how this model works and what it represents here.
+ * @docs        :: http://sailsjs.org/documentation/concepts/models-and-orm/models
+ */
+
+var bcrypt = require('bcrypt-nodejs');
+var auth = require('../services/auth');
+
+module.exports = {
+
+  attributes: {
+    username: {
+        type: 'STRING',
+        required: true,
+        unique: true
+    },
+    email: {
+        type: 'STRING',
+        required: true,
+        unique: true
+    },
+    password: {
+        type: 'STRING',
+        required: true
+    },
+    isAdmin: {
+        type: 'BOOLEAN',
+        defaultsTo: false
+    },
+    isDeleted: {
+        type: 'BOOLEAN',
+        defaultsTo: false
+    },
+    toJSON: function () {
+        var obj = this.toObject();
+        delete obj.password;
+        return obj;
+    }
+  },
+  beforeCreate: function (user, cb) {
+    delete user.password_confirmation;
+    bcrypt.genSalt(10, function (err, salt) {
+        bcrypt.hash(user.password, salt, function () {
+        }, function (err, hash) {
+            user.password = hash;
+            cb(null, user);
+        });
+    });
+  }
+};
+

api/policies/hasToken.js

@@ -0,0 +1,4 @@
+var expressJwt = require('express-jwt');
+var secret = sails.config.secret;
+
+module.exports = expressJwt({secret: secret});

api/policies/sessionAuth.js

@@ -0,0 +1,21 @@
+/**
+ * sessionAuth
+ *
+ * @module      :: Policy
+ * @description :: Simple policy to allow any authenticated user
+ *                 Assumes that your login action in one of your controllers sets `req.session.authenticated = true;`
+ * @docs        :: http://sailsjs.org/#!/documentation/concepts/Policies
+ *
+ */
+module.exports = function(req, res, next) {
+
+  // User is allowed, proceed to the next policy, 
+  // or if this is the last policy, the controller
+  if (req.session.authenticated) {
+    return next();
+  }
+
+  // User is not allowed
+  // (default res.forbidden() behavior can be overridden in `config/403.js`)
+  return res.forbidden('You are not permitted to perform this action.');
+};