Readathon_2019/app.js at glitch · AllStarCodeOrg/Readathon_2019 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
require('dotenv').load(); // required for using .env file
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var validator = require("express-validator"); // NEED TO IMPLEMENT NEW API
var session = require("express-session");
var passport = require("passport");
var LocalStrategy = require('passport-local').Strategy;
var SQLiteStore = require('connect-sqlite3')(session);
const dbHandler = require("./dbHandler");
const bcrypt = require("bcrypt");

var app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views/pages'));
app.set('view engine', 'ejs');

app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(validator()); // must come immediately after bodyParser (adds "checkBody" method to request object)
app.use(cookieParser());
app.use("/static",express.static(path.join(__dirname, 'public')));

// setting & storing session
app.use(session({
  secret: process.env.SESSION_SECRET,
  resave: false,
  saveUninitialized: false,  // only want to store for logged in users
  store: new SQLiteStore,
  cookie: { maxAge: 7 * 24 * 60 * 60 * 1000 } // 1 week
    // secure: true // HTTPS
}))
app.use(passport.initialize()); // adds .login, .serializeUser, and .deserializeUser, .user, .isAuthenticated()
app.use(passport.session());

const clean = str => {
  return str.trim().toLowerCase();
}
async function verifyUser(email, password) {
  const user = await dbHandler.findUserByEmail(clean(email));
  if (!user) return false;
  return await new Promise((res, rej) => {
      bcrypt.compare(password, user.password, function (err, result) {
          if (err) return rej(err);
          if (result) {
              res(user)
          } else {
              res(false);
          }
      })
  })
}

// LOCAL STRATEGY
passport.use(new LocalStrategy({
  usernameField: 'email',
  passwordField: 'password'
},
  function (email, password, done) {
      verifyUser(email, password).
        then(user => {
                if (user) return done(null, {
                    "user":user
                });
                done(null, false);
            })
            .catch(err => {
                done(err);
            })
  }
));

passport.serializeUser(function (user, done) {
  done(null, user.id);
});

passport.deserializeUser(function (userID, done) {
  dbHandler.findUser(userID)
    .then(user=>{
      done(null, user);
    })
    .catch(err=>{
      done(err);
    })
});

// ROUTES
require("./routes/routesHandler")(app, dbHandler);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  console.log("Original URL: ",req.originalUrl);
  next(createError(404));
});

// error handler
app.use(function(err, req, res, next) {
  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};
  console.log(err);
  // render the error page
  res.status(err.status || 500);
  res.render('error',{title:"ERROR"});
});

const port = process.env.PORT || 3000;
app.listen(port, () => console.log(`Listening on port: ${port}`));