germainelol
Reputation: 3331
Nodejs Express3 using sessions to check if user is logged in
I have the following app.js code
app.configure(function(){
app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.enable('jsonp callback');
app.set('view engine', 'jade');
app.set('view options', {layout : false});
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({
secret : 'abcdefg'
}));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
app.use(function(req, res, next){
res.locals.user = req.session.user;
next();
})
});
I'm trying to make it so that the following code on my .jade view will work
- if(session.user)
div#logoutsection.pull-right
a#logout-btn.btn.btn-info.pull-right.top-bar-form-button(href='logout/') Logout
p#loginprompt.pull-right.login-prompt #{session.user.username} logged In
- else
ul.pull-right
li
a#signup-btn.btn.pull-right.top-bar-form-button(href='#signup-modal', data-toggle="modal") Sign Up
So if they are not signed in, provide the option to sign up, and if they are signed in, tell them they are 'logged in'. I added in the function at the end of the app.configure code as before it was using dynamicHelpers() I was told that cookieParser() was the way to go, but how would I code this in so that I could check whether my user was logged in and provide their username as I am trying to above?
Any help appreciated.
Thanks!
EDIT: index.js
'use strict'
var util = require('util');
var Logger = require('devnull');
var logger = new Logger({namespacing : 0});
var User = require('../schemas/User');
var Post = require('../schemas/Post');
/**
* Get Meta information about all the Post's
*/
var getAllMeta = function(req, res, next){
Post.getAllMeta(function(err, postsList){
if(!err && postsList){
req.postsList = postsList;
}
next(err);
});
};
/**
* validate the signup credentials entered by the user
* @param {String} username
* @param {String} pass1 : first password
* @param {String} pass2 : verification password
*/
var validateUserData = function(username, pass1, pass2){
if(pass1.trim() !== pass2.trim()){
util.log('Passwords not Matching ' + pass1 + ' ' + pass2);
return 'Passwords not Matching';
}
return '';
//put any other validations here
};
/*
* GET home page.
*/
module.exports = function(app){
/**
* Map the URL '/' to the callback
*/
app.get('/', function(req, res){
logger.log('Serving request for url [GET]' + req.route.path)
Post.getAll(function(err, allPosts){
if(!err && allPosts){
res.render('index', {'allPosts' : allPosts});
}else{
util.log('Error fetching posts from database : ' + err);
res.render('error');
}
});
});
/**
* Map the URL '/login' to the callback
*/
app.post('/login', function(req, res){
logger.log('Serving request for url [POST] ' + req.route.path);
var username = req.body.User;
var password = req.body.Password;
User.validateUser(username, password, function(err, user){
if(err && !user){
res.json({
retStatus : 'failure'
});
}else{
console.log(user);
req.session.user = user;
res.json({
retStatus : 'success',
user : user ,
});
}
});
});
/**
* Logout the current user and clear the session
*/
app.get('/logout', function(req, res){
logger.log('Serving request for url [GET] ' + req.route.path);
req.session.user = undefined;
res.redirect('/');
});
/**
* Add a new User to database
*/
app.post('/signup', function(req, res){
util.log('Serving request for url [POST] ' + req.route.path);
var signupForm = req.body.signupForm;
var username = signupForm.username;
var pass1 = signupForm.pass1;
var pass2 = signupForm.pass2;
var validateMsg = validateUserData(username, pass1, pass2);
if(validateMsg !== ''){
res.json({
'retStatus' : 'failure',
'message' : validateMsg
});
}else{
var newUser = new User();
newUser.username = username;
newUser.password = pass1;
newUser.save(function(err, savedUser){
var message = '';
var retStatus = '';
if(!err){
util.log('Successfully created new user with Username : ' + username);
message = 'Successfully created new user : ' + username;
retStatus = 'success';
req.session.user = savedUser;
}else{
util.log('Error while creating user : ' + username + ' error : ' + util.inspect(err));
if(err.code === 11000){
message = "User already exists";
}
retStatus = 'failure';
}
res.json({
'retStatus' : retStatus,
'message' : message
});
});
}
});
app.get('/admin', getAllMeta, function(req, res){
util.log('Serving request for url [GET] ' + req.route.path);
if(req.session.user){
res.render('post', {'postsList' : req.postsList});
}else{
res.redirect('/');
}
});
/**
* Save the post to database
*/
app.post('/admin/save/post', function(req, res){
var postContent = req.body.postContent;
if(postContent.postKey === '' || postContent.postKey === undefined){
var post = new Post();
post.subject = postContent.postSubject;
post.content = postContent.postContent;
post.author = req.session.user.username;
post.tags = postContent.postTags;
post.save(function(err, response){
if(!err && response){
util.log('Successfully saved Post with id : ' + response.id);
res.json({
'retStatus' : 'success',
'data' : response
})
}else{
util.log('Error saving the Post : ' + err);
res.json({
'retStatus' : 'failure',
'error' : err
});
}
});
}else{
var conditions = {'key' : postContent.postKey};
var update = {
'subject' : postContent.postSubject,
'content' : postContent.postContent,
'tags' : postContent.postTags
};
Post.update(conditions, update, null, function(err, numAffected){
if(!err && numAffected){
util.log('Successfully updated the Post with id : ' + postContent.postKey);
res.json({
'retStatus' : 'success',
'numAffected' : numAffected
});
}else{
util.log('Error updating the Post with id : ' + postContent.postKey + ' ' + err);
res.json({
'retStatus' : 'failure'
});
}
});
}
});
app.get('/post/show/:key', function(req, res){
Post.findByKey(req.params.key, function(err, postData){
if(!err && postData){
postData = postData[0];
res.json({
'retStatus' : 'success',
'postData' : postData
});
}else{
util.log('Error in fetching Post by key : ' + req.params.key);
res.json({
'retStatuts' : 'failure',
'msg' : 'Error in fetching Post by key ' + req.params.key
});
}
});
});
app.post('/admin/save/', function(req, res){
//container for saving a post
});
app.get('/admin/remove/:key', function(req, res){
//container for deleting a post
});
app.get('/contact', function(req, res){
util.log('Serving request for url[GET] ' + req.route.path);
res.render('contact');
});
};
User.js
'use strict'
var util = require('util');
var bcrypt = require('bcrypt');
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var validatePresenceOf = function(value){
return value && value.length;
};
var toLower = function(string){
return string.toLowerCase();
};
var User = new Schema({
'username' : { type : String,
validate : [validatePresenceOf, 'a Username is required'],
set : toLower,
index : { unique : true }
},
'password' : String,
});
User.statics.findUser = function(username, password, cb){
return this.find({'username' : username}, cb);
};
User.statics.validateUser = function(username, password, cb){
this.find({'username' : username}, function(err, response){
var user = response[0];
if(!user || response.length === 0){
cb(new Error('AuthFailed : Username does not exist'));
}else{
if(password == user.password){
util.log('Authenticated User ' + username);
cb(null, user);
}else{
cb(new Error('AuthFailed : Invalid Password'));
}
}
});
};
module.exports = mongoose.model('User' , User);
Upvotes: 5
Views: 12729
Answers (2)
Renato Gama
Reputation: 16519
What I do in the app I work, and in order to not have to do this validation in every controller action, is:
//userValidation.js
module.exports = function(req, res, next){
if(req.body.user == 'Ryan' && req.body.password == 'Dahl'){
next();
}else res.send("Not auth");
}
//controller.js
var validate = require("./userValidation");
app.post("/route", validate, function(req, res){
//if execution get to this point you are sure that user is authenticated.
});
This code is also from the App I work, this is how we set the session to work. For dev purposes you can replace MongoStore with a MemoryStore.
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(connect.compress());
app.use(express.static(__dirname + "/public", { maxAge: 6000000 }));
app.use(express.favicon(__dirname + "/public/img/favicon.ico", { maxAge: 6000000 }));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({
secret: config.sessionSecret,
maxAge: new Date(Date.now() + (1000 * 60 * 15)),
store: new MongoStore({ url: config.database.connectionString })
}));
app.use(function(req, res, next){
console.log("\n~~~~~~~~~~~~~~~~~~~~~~~{ REQUEST }~~~~~~~~~~~~~~~~~~~~~~~".cyan);
res.locals.config = config;
res.locals.session = req.session;
res.locals.utils = viewUtils;
next();
});
app.use(app.router);
app.use(function(req, res, next){
res.status(404).send("Resource not found");
});
});
In order to set the user in the session we have this:
var User = require("../utils/modelRegistrar").user; //any way to get the User model
var userRepository = require("../domain/repositories/usuarioRepository");
var hash = require("../utils/hash");
module.exports.init = function(app, io){
app.publicPost("/login", login);
app.put("/exit", exit);
};
function login(req, res){
var dadosDeLogin = req.body.dadosDeLogin;
userRepository.autenticar(dadosDeLogin.login, /*hash.md5(*/dadosDeLogin.senha/*)*/, function(err, user){
if(err) req.next(err);
if(user){
user.lastAcess = new Date();
user.access++;
userRepository.update(user, ["lastAcess", "acess"], function(err){
if(err) req.next(err);
else{
req.session.logedUser = user;
res.redirect("/home");
}
});
}
else res.redirect("/#user-not-found");
});
};
function exit(req, res){
if(req.session.logedUser) delete req.session.logedUser;
res.redirect("/");
}
May some part of the code is still in portuguese
Upvotes: 1
topek
Reputation: 18979
Maybe I'm understanding your question wrong, but the only thing you are missing is a route, where you authenticate the user, e.g.:
app.post('/login', function(req, res){
if(req.body.user == 'Ryan' && req.body.password == 'Dahl'){
req.session.user = aUserIdOrUserObject;
res.send(200) // or redirect
}
};
This is hust pseudo code. You obviously want to check if user and password match against your database.
The second point you are missing is a permanent session store like https://github.com/masylum/connect-mongodb or https://github.com/CarnegieLearning/connect-mysql-session. The memory store is only usefull for development, in production this could kill your server.
Upvotes: 1
Related Questions
- How to check session in Node.js Express?
- Session-only cookie for Express.js
- NodeJS express-session req.session is undefined
- Express Session and Cookie
- Session Cookies on Express.JS
- Check if the user is logged in or not using session and node.js
- Session and Cookies in expressjs
- How to use cookie-session for node expresss.js
- Session in nodejs
- ExpressJS sessions with cookies