exports.init = function (conf) { // console.log(conf.goodreads.apiKey) // console.log(conf.goodreads.secret) var Strategy = require('passport-goodreads').Strategy; // passport.use(new Strategy({ // consumerKey: conf.goodreads.apiKey, // consumerSecret: conf.goodreads.secret, // callbackURL: conf.baseURL + 'auth/goodreads/callback' // }, exports.callback)); passport.use('goodreads-connect', new Strategy({ consumerKey: conf.goodreads.apiKey, consumerSecret: conf.goodreads.secret, callbackURL: conf.baseURL + 'connect/goodreads/callback' }, exports.callbackConnect)); // Redirect to Twitter for account authorization. app.get('/connect/goodreads', passport.authorize('goodreads-connect', { failureRedirect: '/connect/accounts' }) ); app.get('/connect/goodreads/callback', passport.authorize('goodreads-connect', { failureRedirect: '/connect/accounts' }), function(req, res) { var user = req.user; // var account = req.account; user.updateAttributes({ goodreadsId: req.account.goodreadsId, goodreadsAccessToken: req.account.goodreadsAccessToken, goodreadsAccessTokenSecret: req.account.goodreadsAccessTokenSecret, updatedAt: new Date() },function(err){ req.flash('info', 'goodreads account linked!'); res.redirect('/connect/accounts'); }); } ); };
module.exports = function routes() { this.root('pages#main'); this.match('crossview', {controller: 'pages', action: 'showCrossview'}); this.match('auth/facebook', passport.authenticate('facebook')); this.match('/auth/facebook/callback', passport.authenticate('facebook', { failureRedirect: '/login' }), function(req, res) { console.log("routes"); console.log(req.user); res.redirect('/crossview'); }); this.match('/auth/google', passport.authorize('google')); this.match('/auth/google/callback', passport.authorize('google', { failureRedirect: '/crossview' }), function(req, res) { console.log("routed"); console.log(req.account); console.log(res); res.redirect('/crossview'); }); }
exports.widgetLoginCallback = function( req, res, next ){ var loginType = req.params.loginType; logger.info('authorizing', 'widget-' + req.params.widgetId + '-' + loginType); passport.authorize('widget-' + req.params.widgetId + '-' + loginType)(req, res, function(){ logger.info('this is account',req.account); try { var loginDetails = { 'name': req.account.name.givenName, 'lastName': req.account.name.familyName, 'email': req.account.emails[0].value}; managers.widgetLogins.handleWidgetLogin(loginType, req.params.widgetId, loginDetails, _loginCallback(req, res)); }catch(e){ next(e); } }); };
app.get('/connect/callback', function (req, res) { var callbackUrl = '/'; if ( req.session.authCallback ) { callbackUrl = req.session.authCallback; } passport.authorize('openstreetmap', { 'successRedirect': callbackUrl, 'failureRedirect': callbackUrl +'/#oups' })(req, res); });
connectWithCallback: function(req, res, next) { var provider = req.param("provider"); console.log("connectWithCallback", provider + "-connect") passport.authorize(provider + "-connect", { failureRedirect: '/callback.html' }, function(a, b) { console.log("a", a); console.log("b", b); console.log("after authorize", req.user); // return res.json({ status : provider + " connected" }); return res.redirect('/callback.html'); } )(req, res, next); },
exports.init = function (conf) { var Strategy = require('passport-foursquare').Strategy; passport.use(new Strategy({ clientID: conf.foursquare.apiKey, clientSecret: conf.foursquare.secret, callbackURL: conf.baseURL + 'auth/foursquare/callback' }, exports.callback)); passport.use('foursquare-connect', new Strategy({ clientID: conf.foursquare.apiKey, clientSecret: conf.foursquare.secret, callbackURL: conf.baseURL + 'connect/foursquare/callback' }, exports.callbackConnect)); // Redirect to Twitter for account authorization. app.get('/connect/foursquare', passport.authorize('foursquare-connect', { failureRedirect: '/connect/accounts' }) ); app.get('/connect/foursquare/callback', passport.authorize('foursquare-connect', { failureRedirect: '/connect/accounts' }), function(req, res) { var user = req.user; // var account = req.account; user.updateAttributes({ foursquareId: req.account.foursquareId, foursquareAccessToken: req.account.foursquareAccessToken, updatedAt: new Date() },function(err){ req.flash('info', 'foursquare account linked!'); res.redirect('/connect/accounts'); }); } ); };
(req, res, next) => { passport.authorize(name, passportAuthOptions, (authorizeError, user, infoOrChallange, status) => { if (authorizeError) { return next(authorizeError); } if (user) { req.account = user; // eslint-disable-line no-param-reassign return next(); } let errorMessage = infoOrChallange; if (!_.isString(errorMessage)) { try { errorMessage = JSON.stringify(errorMessage); } catch (stringifyError) { logger.error('can not stringify errorMessage object', stringifyError); } } const authorizeFailedError = new Error(errorMessage); authorizeFailedError.status = status || 403; return next(authorizeFailedError); })(req, res, next); },
app.get('/auth/google/callback', passport.authenticate('google', { failureRedirect: '/login' }), (req, res) => { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/twitter', passport.authenticate('twitter')); app.get('/auth/twitter/callback', passport.authenticate('twitter', { failureRedirect: '/login' }), (req, res) => { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/linkedin', passport.authenticate('linkedin', { state: 'SOME STATE' })); app.get('/auth/linkedin/callback', passport.authenticate('linkedin', { failureRedirect: '/login' }), (req, res) => { res.redirect(req.session.returnTo || '/'); }); /** * OAuth authorization routes. (API examples) */ app.get('/auth/foursquare', passport.authorize('foursquare')); app.get('/auth/foursquare/callback', passport.authorize('foursquare', { failureRedirect: '/api' }), (req, res) => { res.redirect('/api/foursquare'); }); app.get('/auth/tumblr', passport.authorize('tumblr')); app.get('/auth/tumblr/callback', passport.authorize('tumblr', { failureRedirect: '/api' }), (req, res) => { res.redirect('/api/tumblr'); }); app.get('/auth/steam', passport.authorize('openid', { state: 'SOME STATE' })); app.get('/auth/steam/callback', passport.authorize('openid', { failureRedirect: '/login' }), (req, res) => { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/pinterest', passport.authorize('pinterest', { scope: 'read_public write_public' })); app.get('/auth/pinterest/callback', passport.authorize('pinterest', { failureRedirect: '/login' }), (req, res) => { res.redirect('/api/pinterest'); });
function load(app, fn){ var home = traceur.require(__dirname + '/../routes/home.js'); var users = traceur.require(__dirname + '/../routes/users.js'); var reports = traceur.require(__dirname + '/../routes/reports.js'); /* Passport Configuration */ var passport = require('passport'); require('../config/passport')(passport); app.get('/', dbg, home.index); app.get('/register', dbg, users.registration); app.post('/register', dbg, passport.authenticate('local-register', { successRedirect : '/profile', failureRedirect : '/register', failureFlash : true })); app.post('/login', dbg, passport.authenticate('local-login', { successRedirect : '/profile', failureRedirect : '/', failureFlash : true })); app.get('/auth/facebook', passport.authenticate('facebook', { scope: 'email' })); // facebook does not provide email by default. Must add scope. app.get('/auth/facebook/callback', passport.authenticate('facebook', { successRedirect: '/profile', failureRedirect: '/' })); // locally -------------------------------- app.get('/connect/local', function(req, res) { res.render('users/connect-local', { message: req.flash('registerMessage') }); }); app.post('/connect/local', passport.authenticate('local-register', { successRedirect : '/profile', failureRedirect : '/connect/local', failureFlash : true })); // facebook ------------------------------- app.get('/connect/facebook', passport.authorize('facebook', { scope : 'email' })); app.get('/connect/facebook/callback', passport.authorize('facebook', { successRedirect : '/profile', failureRedirect : '/' })); // UNLINK ACCOUNTS ============================================================= // local ----------------------------------- app.get('/unlink/local', function(req, res) { var user = req.user; user.local.email = undefined; user.local.password = undefined; user.save(function(err) { res.redirect('/profile'); }); }); // facebook ------------------------------- app.get('/unlink/facebook', function(req, res) { var user = req.user; user.facebook.token = undefined; user.save(function(err) { res.redirect('/profile'); }); }); // twitter -------------------------------- app.get('/unlink/twitter', function(req, res) { var user = req.user; user.twitter.token = undefined; user.save(function(err) { res.redirect('/profile'); }); }); app.all('*', users.bounce); app.get('/profile', dbg, users.profile); app.post('/logout', dbg, users.logout); app.get('/users/password', dbg, users.password); app.post('/users/password', dbg, users.updatePassword); app.post('/reports/:id', dbg, reports.destroy); app.post('/reports', dbg, reports.create); console.log('Routes Loaded'); fn(); }
// AUTHORIZE (ALREADY LOGGED IN / CONNECTING OTHER SOCIAL ACCOUNT) ============= // locally -------------------------------- router.get('/connect/local', function(req, res) { res.render('auth/connect-local', { message: req.flash('signupMessage') }); }); router.post('/connect/local', passport.authenticate('local-signup', { successRedirect : '/auth/profile', // redirect to the secure profile section failureRedirect : '/auth/connect/local', // redirect back to the signup page if there is an error failureFlash : true // allow flash messages })); // facebook ------------------------------- // send to facebook to do the authentication router.get('/connect/facebook', passport.authorize('facebook', { scope : 'email' })); // handle the callback after facebook has authorized the user router.get('/connect/facebook/callback', passport.authorize('facebook', { successRedirect : '/auth/profile', failureRedirect : '/auth/' })); // twitter -------------------------------- // send to twitter to do the authentication router.get('/connect/twitter', passport.authorize('twitter', { scope : 'email' })); // handle the callback after twitter has authorized the user router.get('/connect/twitter/callback',
( function () { "use strict"; var jaby = require( "./jaby" ); var express = require( "express" ); var session = require( "express-session" ); var MongoStore = require( "connect-mongo" )( session ); var cookieParser = require( "cookie-parser" ); var compress = require( "compression" ); var bodyParser = require( "body-parser" ); var logger = require( "morgan" ); var errorHandler = require( "errorhandler" ); var csrf = require( "lusca" ).csrf(); var methodOverride = require( "method-override" ); var _ = require( "lodash" ); var path = require( "path" ); var mongoose = require( "mongoose" ); var passport = require( "passport" ); var expressValidator = require( "express-validator" ); /** * Controllers (route handlers). */ var jabyController = require( "./controllers/jaby" ); /** * API keys and Passport configuration. */ var secrets = require( "./config/secrets" ); require( "./config/passport" ); /** * CSRF white-list */ var csrfExclude = [ "/url1", "/url2" ]; var port = process.env.PORT || 3000; /** * Create Express server */ var app = express(); /** * Setup Socket.io */ var server = require( "http" ).Server( app ); var io = require( "socket.io" )( server ); var passportSocketIo = require( "passport.socketio" ); var sessionStore; var hour = 3600000; //milliseconds var day = ( hour * 24 ); var week = ( day * 7 ); /** * Connect to MongoDB */ mongoose.connect( secrets.jabyDB ); mongoose.connection.on( "error", function () { console.error( "MongoDB Connection Error. Make sure MongoDB is running." ); } ); sessionStore = new MongoStore( { mongooseConnection: mongoose.connections[ 0 ] } ); /** * Express configuration. */ app.set( "port", port ); app.use( compress() ); app.use( logger( "dev" ) ); app.use( bodyParser.json() ); app.use( bodyParser.urlencoded( { extended: true } ) ); app.use( expressValidator() ); app.use( methodOverride() ); app.use( cookieParser() ); app.use( session( { resave: true, saveUninitialized: true, secret: secrets.sessionSecret, store: sessionStore } ) ); app.use( passport.initialize() ); app.use( passport.session() ); app.use( function ( req, res, next ) { // CSRF protection. if ( _.contains( csrfExclude, req.path ) ) { return next(); } csrf( req, res, next ); } ); app.use( function ( req, res, next ) { // Make user object available in templates. res.locals.user = req.user; if ( req.user ) { req.session.userDB = secrets.db + "/" + req.user._id.toString(); } next(); } ); app.use( function ( req, res, next ) { req.session.returnTo = "/"; next(); } ); app.use( express.static( path.join( __dirname, "public" ), { maxAge: week } ) ); /** * Main routes. */ app.get( "/", jabyController.index ); app.get( "/login", jabyController.login ); app.get( "/logout", jabyController.logout ); /** * OAuth sign-in routes. */ app.get( "/auth/instagram", passport.authenticate( "instagram" ) ); app.get( "/auth/instagram/callback", passport.authenticate( "instagram", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); app.get( "/auth/facebook", passport.authenticate( "facebook", { scope: [ "email", "user_location" ] } ) ); app.get( "/auth/facebook/callback", passport.authenticate( "facebook", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); app.get( "/auth/github", passport.authenticate( "github" ) ); app.get( "/auth/github/callback", passport.authenticate( "github", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); app.get( "/auth/google", passport.authenticate( "google", { scope: "profile email" } ) ); app.get( "/auth/google/callback", passport.authenticate( "google", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); app.get( "/auth/twitter", passport.authenticate( "twitter" ) ); app.get( "/auth/twitter/callback", passport.authenticate( "twitter", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); app.get( "/auth/linkedin", passport.authenticate( "linkedin", { state: "SOME STATE" } ) ); app.get( "/auth/linkedin/callback", passport.authenticate( "linkedin", { failureRedirect: "/login" } ), function ( req, res ) { res.redirect( req.session.returnTo || "/" ); } ); /** * OAuth authorization routes for API examples. */ // app.get( "/auth/foursquare", passport.authorize( "foursquare" ) ); // app.get( "/auth/foursquare/callback", passport.authorize( "foursquare", { // failureRedirect: "/api" // } ), function ( req, res ) { // res.redirect( "/api/foursquare" ); // } ); app.get( "/auth/tumblr", passport.authorize( "tumblr" ) ); app.get( "/auth/tumblr/callback", passport.authorize( "tumblr", { failureRedirect: "/api" } ), function ( req, res ) { res.redirect( "/api/tumblr" ); } ); app.get( "/auth/venmo", passport.authorize( "venmo", { scope: "make_payments access_profile access_balance access_email access_phone" } ) ); app.get( "/auth/venmo/callback", passport.authorize( "venmo", { failureRedirect: "/api" } ), function ( req, res ) { res.redirect( "/api/venmo" ); } ); /** * 500 Error Handler. */ app.use( errorHandler() ); /** * Start Express server. */ server.listen( app.get( "port" ), function () { console.log( "Jaby server listening on port %d in %s mode", app.get( "port" ), app.get( "env" ) ); } ); function onAuthorizeSuccess( data, accept ) { accept(); } function onAuthorizeFail( data, message, error, accept ) { if ( error ) { throw new Error( message ); } console.log( "Failed connection to socket.io: ", message ); if ( error ) { accept( new Error( message ) ); } } io.use( passportSocketIo.authorize( { cookieParser: cookieParser, key: "connect.sid", secret: secrets.sessionSecret, store: sessionStore, success: onAuthorizeSuccess, fail: onAuthorizeFail } ) ); io.on( "connection", function ( socket ) { jaby.registerSocket( io, socket ); } ); module.exports = app; } ).call( this );
app.get('/auth/google/callback', passport.authenticate('google', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/twitter', passport.authenticate('twitter')); app.get('/auth/twitter/callback', passport.authenticate('twitter', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/linkedin', passport.authenticate('linkedin', { state: 'SOME STATE' })); app.get('/auth/linkedin/callback', passport.authenticate('linkedin', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); /** * OAuth authorization routes. (API examples) */ app.get('/auth/tumblr', passport.authorize('tumblr')); app.get('/auth/tumblr/callback', passport.authorize('tumblr', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/tumblr'); }); /** * Error Handler. */ app.use(errorHandler()); /** * Start Express server. */ app.listen(app.get('port'), function() { console.log('Express server listening on port %d in %s mode', app.get('port'), app.get('env'));
module.exports.controller = function (app) { /** * GET /api* * *ALL* api routes must be authenticated first */ app.all('/api*', passportConf.isAuthenticated); /** * GET /api * List of API examples. */ app.get('/api', function (req, res) { res.render('api/index', { url: req.url }); }); /** * GET /api/react * React examples */ app.get('/api/react', function (req, res) { res.render('api/react', { url: req.url }); }); /** * GET /creditcard * Credit Card Form Example. */ app.get('/api/creditcard', function (req, res) { res.render('api/creditcard', { url: req.url }); }); /** * GET /api/lastfm * Last.fm API example. */ app.get('/api/lastfm', function (req, res, next) { var lastfm = new LastFmNode(config.lastfm); async.parallel({ artistInfo: function (done) { lastfm.request('artist.getInfo', { artist: 'Morcheeba', handlers: { success: function (data) { done(null, data); }, error: function (err) { done(err); } } }); }, artistTopAlbums: function (done) { lastfm.request('artist.getTopAlbums', { artist: 'Morcheeba', handlers: { success: function (data) { var albums = []; _.forEach(data.topalbums.album, function (album) { albums.push(album.image.slice(-1)[0]['#text']); }); done(null, albums.slice(0, 4)); }, error: function (err) { done(err); } } }); } }, function (err, results) { if (err) { return next(err.message); } var artist = { name: results.artistInfo.artist.name, image: results.artistInfo.artist.image.slice(-1)[0]['#text'], tags: results.artistInfo.artist.tags.tag, bio: results.artistInfo.artist.bio.summary, stats: results.artistInfo.artist.stats, similar: results.artistInfo.artist.similar.artist, topAlbums: results.artistTopAlbums }; res.render('api/lastfm', { artist: artist, url: '/apiopen' }); }); }); /** * GET /api/nyt * New York Times API example. */ app.get('/api/nyt', function (req, res, next) { var query = querystring.stringify({ 'api-key': config.nyt.key, 'list-name': 'young-adult' }); var url = 'http://api.nytimes.com/svc/books/v2/lists?' + query; request.get(url, function (error, request, body) { if (request.statusCode === 403) { return next(error('Missing or Invalid New York Times API Key')); } var bestsellers = {}; // NYT occasionally sends bad data :( try { bestsellers = JSON.parse(body); } catch (err) { bestsellers.results = ''; req.flash('error', { msg: err.message }); } res.render('api/nyt', { url: '/apiopen', books: bestsellers.results }); }); }); /** * GET /api/paypal * PayPal SDK example. */ app.get('/api/paypal', function (req, res, next) { paypal.configure(config.paypal); var payment_details = { intent: 'sale', payer: { payment_method: 'paypal' }, redirect_urls: { return_url: config.paypal.returnUrl, cancel_url: config.paypal.cancelUrl }, transactions: [ { description: 'ITEM: Something Awesome!', amount: { currency: 'USD', total: '2.99' } } ] }; paypal.payment.create(payment_details, function (error, payment) { if (error) { // TODO FIXME console.log(error); } else { req.session.payment_id = payment.id; var links = payment.links; for (var i = 0; i < links.length; i++) { if (links[i].rel === 'approval_url') { res.render('api/paypal', { url: '/apilocked', approval_url: links[i].href }); } } } }); }); /** * GET /api/paypal/success * PayPal SDK example. */ app.get('/api/paypal/success', function (req, res, next) { var payment_id = req.session.payment_id; var payment_details = { payer_id: req.query.PayerID }; paypal.payment.execute(payment_id, payment_details, function (error, payment) { if (error) { res.render('api/paypal', { url: req.url, result: true, success: false }); } else { res.render('api/paypal', { url: '/apilocked', result: true, success: true }); } }); }); /** * GET /api/paypal/cancel * PayPal SDK example. */ app.get('/api/paypal/cancel', function (req, res, next) { req.session.payment_id = null; res.render('api/paypal', { url: '/apilocked', result: true, canceled: true }); }); /** * GET /api/scraping * Web scraping example using Cheerio library. */ app.get('/api/scraping', function (req, res, next) { request.get({ url: 'https://news.ycombinator.com/', timeout: 3000 }, function (err, response, body) { if (!err && response.statusCode === 200) { var $ = cheerio.load(body); // Get Articles var links = []; $('.title a[href^="http"], .title a[href^="https"], .title a[href^="item"]').each(function () { if ($(this).text() !== 'scribd') { if ($(this).text() !== 'Bugs') { links.push($(this)); } } }); // Get Comments var comments = []; $('.subtext a[href^="item"]').each(function () { comments.push('<a href="https://news.ycombinator.com/' + $(this).attr('href') + '">' + $(this).text() + '</a>'); }); // Render Page res.render('api/scraping', { url: '/apiopen', links: links, comments: comments }); } else { req.flash('error', { msg: 'Sorry, something went wrong! MSG: ' + err.message }); return res.redirect('back'); } }); }); /** * GET /api/socrata * Web scraping example using Cheerio library. */ app.get('/api/socrata', function (req, res, next) { // Get the socrata open data as JSON // http://dev.socrata.com/docs/queries.html request.get({ url: 'http://controllerdata.lacity.org/resource/qjfm-3srk.json?$order=q4_earnings DESC&$where=year = 2014&$limit=20', timeout: 5000 }, function (err, response, body) { if (!err && response.statusCode === 200) { // Parse the data var payroll = JSON.parse(body); // Render the page res.render('api/socrata', { url: '/apiopen', data: payroll }); } else { req.flash('error', { msg: 'Sorry, something went wrong! MSG: ' + err.message }); return res.redirect('back'); } }); }); /** * GET /api/stripe * Stripe API example. */ app.get('/api/stripe', function (req, res, next) { res.render('api/stripe', { title: 'Stripe API' }); }); /** * POST /api/stripe * @param stipeToken * @param stripeEmail */ app.post('/api/stripe', function (req, res, next) { var stripeToken = req.body.stripeToken; var stripeEmail = req.body.stripeEmail; stripe.charges.create({ amount: 395, currency: 'usd', card: stripeToken, description: stripeEmail }, function (err, charge) { if (err && err.type === 'StripeCardError') { req.flash('error', { msg: 'Your card has been declined.' }); res.redirect('/api/stripe'); } req.flash('success', { msg: 'Your card has been charged successfully.' }); res.redirect('/api/stripe'); }); }); /** * GET /api/twilio * Twilio API example. */ app.get('/api/twilio', function (req, res, next) { res.render('api/twilio', { url: '/apiopen' }); }); /** * POST /api/twilio * Twilio API example. * @param telephone */ app.post('/api/twilio', function (req, res, next) { var message = { to: req.body.telephone, from: config.twilio.phone, body: 'Hello from ' + app.locals.application + '. We are happy you are testing our code!' }; twilio.sendMessage(message, function (err, responseData) { if (err) { return next(err); } req.flash('success', { msg: 'Text sent to ' + responseData.to + '.' }); res.redirect('/api/twilio'); }); }); /** * GET /api/foursquare * Foursquare API example. */ app.get('/api/foursquare', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res, next) { var token = _.find(req.user.tokens, { kind: 'foursquare' }); async.parallel({ trendingVenues: function (callback) { foursquare.Venues.getTrending('40.7222756', '-74.0022724', { limit: 50 }, token.accessToken, function (err, results) { callback(err, results); }); }, venueDetail: function (callback) { foursquare.Venues.getVenue('49da74aef964a5208b5e1fe3', token.accessToken, function (err, results) { callback(err, results); }); }, userCheckins: function (callback) { foursquare.Users.getCheckins('self', null, token.accessToken, function (err, results) { callback(err, results); }); } }, function (err, results) { if (err) { return next(err); } res.render('api/foursquare', { url: '/apilocked', trendingVenues: results.trendingVenues, venueDetail: results.venueDetail, userCheckins: results.userCheckins }); }); }); /** * GET /api/tumblr * Tumblr API example. */ app.get('/api/tumblr', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res) { var token = _.find(req.user.tokens, { kind: 'tumblr' }); var client = tumblr.createClient({ consumer_key: config.tumblr.key, consumer_secret: config.tumblr.secret, token: token.token, token_secret: token.tokenSecret }); client.posts('danielmoyerdesign.tumblr.com', { type: 'photo' }, function (err, data) { res.render('api/tumblr', { url: '/apilocked', blog: data.blog, photoset: data.posts[0].photos }); }); }); /** * GET /api/facebook * Facebook API example. */ app.get('/api/facebook', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res, next) { var token = _.find(req.user.tokens, { kind: 'facebook' }); graph.setAccessToken(token.accessToken); async.parallel({ getMe: function (done) { graph.get(req.user.facebook, function (err, me) { done(err, me); }); }, getMyFriends: function (done) { graph.get(req.user.facebook + '/friends', function (err, friends) { debug('Friends: ' + JSON.stringify(friends)); done(err, friends); }); } }, function (err, results) { if (err) { return next(err); } res.render('api/facebook', { url: '/apilocked', me: results.getMe, friends: results.getMyFriends }); }); }); /** * GET /api/github * GitHub API Example. */ app.get('/api/github', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res) { var token = _.find(req.user.tokens, { kind: 'github' }); var github = new Github({ token: token.accessToken }); var repo = github.getRepo('dstroot', 'skeleton'); repo.show(function (err, repo) { res.render('api/github', { url: '/apilocked', repo: repo }); }); }); /** * GET /api/twitter * Twitter API example. * https://dev.twitter.com/rest/reference/get/search/tweets */ app.get('/api/twitter', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res, next) { var token = _.find(req.user.tokens, { kind: 'twitter' }); var params = { q: 'iPhone 6', since_id: 24012619984051000, count: 10, result_type: 'popular' }; var T = new Twit({ consumer_key: config.twitter.consumerKey, consumer_secret: config.twitter.consumerSecret, access_token: token.token, access_token_secret: token.tokenSecret }); T.get('search/tweets', params, function (err, data, response) { if (err) { return next(err); } res.render('api/twitter', { url: '/apilocked', tweets: data.statuses }); }); }); /** * POST /api/twitter * Post a tweet. */ app.post('/api/twitter', passportConf.isAuthenticated, passportConf.isAuthorized, function (req, res, next) { req.assert('tweet', 'Tweet cannot be empty.').notEmpty(); var errors = req.validationErrors(); if (errors) { req.flash('errors', errors); return res.redirect('/api/twitter'); } var token = _.find(req.user.tokens, { kind: 'twitter' }); var T = new Twit({ consumer_key: config.twitter.consumerKey, consumer_secret: config.twitter.consumerSecret, access_token: token.token, access_token_secret: token.tokenSecret }); T.post('statuses/update', { status: req.body.tweet }, function (err, data, response) { if (err) { return next(err); } req.flash('success', { msg: 'Tweet has been posted.' }); res.redirect('/api/twitter'); }); }); /** * OAuth routes for API examples that require authorization. */ app.get('/auth/foursquare', passport.authorize('foursquare')); app.get('/auth/foursquare/callback', passport.authorize('foursquare', { failureRedirect: '/api' }), function (req, res) { res.redirect('/api/foursquare'); }); app.get('/auth/tumblr', passport.authorize('tumblr')); app.get('/auth/tumblr/callback', passport.authorize('tumblr', { failureRedirect: '/api' }), function (req, res) { res.redirect('/api/tumblr'); }); };
app.get('/auth/google/callback', passport.authenticate('google', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/twitter', passport.authenticate('twitter')); app.get('/auth/twitter/callback', passport.authenticate('twitter', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/linkedin', passport.authenticate('linkedin', { state: 'SOME STATE' })); app.get('/auth/linkedin/callback', passport.authenticate('linkedin', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); /** * OAuth authorization routes. (API examples) */ app.get('/auth/foursquare', passport.authorize('foursquare')); app.get('/auth/foursquare/callback', passport.authorize('foursquare', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/foursquare'); }); app.get('/auth/tumblr', passport.authorize('tumblr')); app.get('/auth/tumblr/callback', passport.authorize('tumblr', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/tumblr'); }); app.get('/auth/venmo', passport.authorize('venmo', { scope: 'make_payments access_profile access_balance access_email access_phone' })); app.get('/auth/venmo/callback', passport.authorize('venmo', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/venmo'); }); app.get('/auth/steam', passport.authorize('openid', { state: 'SOME STATE' })); app.get('/auth/steam/callback', passport.authorize('openid', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); });
/* Authenticate a user based on the credentials returned, * whether those are provided by 'local' user/password * logins or by OAuth authentication + REST profile from * remote server. */ function authenticate (req, res, strategy, json) { if (req.user && json) req.logout(); if (req.user) { passport.authorize(strategy, function (err, user, info) { if (json) { res.send(userUtils.cleanUser(req.user, req.user.id)); } else { if (info && info.message) req.flash('message', info.message); res.redirect('/profile/edit'); } return; })(req, res, function (err) { if (err) { sails.log.error('Authentication Error:', err); return res.send(500, { message: "An internal error occurred while trying to authenticate. Please try again later.", error: err }); } }); } else { passport.authenticate(strategy, function (err, user, info) { if ((err) || (!user)) { var message = ''; if (info && info.message) { message = info.message; } // if local strategy, don't show user what actually happened for security purposes sails.log.debug('Authentication Error:', err, info); if (json === true) { res.send(403, { error: err, message: message }); } else { res.redirect('/auth'); } return; } // process additional registration information if available if (strategy === 'register') { } req.logIn(user, function (err) { if (err) { sails.log.debug('Authentication Error:', err, info); if (json === true) { res.send(403, { error: err, message: info.message }); } else { res.redirect('/'); } return; } if (json === true) { res.send(userUtils.cleanUser(user, user.id)); } else { res.redirect(req.session.logged_in_path || sails.config.ui.home.logged_in_path); delete req.session.logged_in_path; } return; }); })(req, res, function (err) { if (err) { sails.log.error('Authentication Error:', err); return res.send(500, { message: "An internal error occurred while trying to authenticate. Please try again later.", error: err }); } }); } }
var User = require('../../models/User'); var facebook = require('./strategies/facebook'); passport.serializeUser(function(user, callback) { callback(null, user.id); }); passport.deserializeUser(function(id, callback) { User.findById(id, function(err, user) { callback(err, user); }); }); passport.use('facebook', facebook.strategy); module.exports = { facebook: { signin: passport.authenticate('facebook'), callback: passport.authenticate('facebook', { successRedirect: '/', failureRedirect: '/' }), // these two are not used right now! link: passport.authorize('facebook'), linkCallback: passport.authorize('facebook', { successRedirect: '/', failureRedirect: '/' }) } };
const source_redirect_url = get_callback_url('github'); passport.use('github-source', new GithubStrategy({ clientID: secrets.get('GITHUB_CLIENT_ID'), clientSecret: secrets.get('GITHUB_CLIENT_SECRET'), callbackURL: source_redirect_url, passReqToCallback: true, }, save_source)); router.get( '/', ensured_logged_in, passport.authorize('github-source', { scope: GITHUB_SCOPES, }) ); router.get( '/callback', ensured_logged_in, passport.authorize('github-source', { failureRedirect: get_static_url(), }), send_home_redirects ); router.get(
function authorize(provider, options, middleware) { var passport = require('passport'); return passport.authorize(provider, options, middleware); }
PassportConfigurator.prototype.configureProvider = function(name, options) { var self = this; options = options || {}; var link = options.link; var AuthStrategy = require(options.module)[options.strategy || 'Strategy']; if (!AuthStrategy) { AuthStrategy = require(options.module); } var authScheme = options.authScheme; if (!authScheme) { // Guess the authentication scheme if (options.consumerKey) { authScheme = 'oAuth1'; } else if (options.realm) { authScheme = 'OpenID'; } else if (options.clientID) { authScheme = 'oAuth 2.0'; } else if (options.usernameField) { authScheme = 'local'; } else { authScheme = 'local'; } } var provider = options.provider || name; var clientID = options.clientID; var clientSecret = options.clientSecret; var callbackURL = options.callbackURL; var authPath = options.authPath || ((link ? '/link/' : '/auth/') + name); var callbackPath = options.callbackPath || ((link ? '/link/' : '/auth/') + name + '/callback'); var callbackHTTPMethod = options.callbackHTTPMethod !== 'post' ? 'get' : 'post'; // remember returnTo position, set by ensureLoggedIn var successRedirect = function(req, accessToken) { if (!!req && req.session && req.session.returnTo) { var returnTo = req.session.returnTo; delete req.session.returnTo; return appendAccessToken(returnTo, accessToken); } return appendAccessToken(options.successRedirect, accessToken) || (link ? '/link/account' : '/auth/account'); }; var appendAccessToken = function(url, accessToken) { if (!accessToken) { return url; } return url + '?access-token=' + accessToken.id + '&user-id=' + accessToken.userId; }; var failureRedirect = options.failureRedirect || (link ? '/link.html' : '/login.html'); var scope = options.scope; var authType = authScheme.toLowerCase(); var session = !!options.session; var loginCallback = options.loginCallback || function(req, done) { return function(err, user, identity, token) { var authInfo = { identity: identity, }; if (token) { authInfo.accessToken = token; } done(err, user, authInfo); }; }; var strategy; switch (authType) { case 'ldap': strategy = new AuthStrategy(_.defaults({ usernameField: options.usernameField || 'username', passwordField: options.passwordField || 'password', session: options.session, authInfo: true, passReqToCallback: true, }, options), function(req, user, done) { if (user) { var profile = self.buildUserLdapProfile(user, options); var OptionsForCreation = _.defaults({ autoLogin: true, }, options); self.userIdentityModel.login(provider, authScheme, profile, {}, OptionsForCreation, loginCallback(req, done)); } else { done(null); } } ); break; case 'local': strategy = new AuthStrategy(_.defaults({ usernameField: options.usernameField || 'username', passwordField: options.passwordField || 'password', session: options.session, authInfo: true, }, options), function(username, password, done) { var query = { where: { or: [ {username: username}, {email: username}, ], }, }; self.userModel.findOne(query, function(err, user) { if (err) return done(err); var errorMsg = g.f('Invalid username/password or email has not been verified'); if (user) { var u = user.toJSON(); delete u.password; var userProfile = { provider: 'local', id: u.id, username: u.username, emails: [ { value: u.email, }, ], status: u.status, accessToken: null, }; // If we need a token as well, authenticate using Loopbacks // own login system, else defer to a simple password check // will grab user info from providers.json file. Right now // this only can use email and username, which are the 2 most common var login = function(creds) { self.userModel.login(creds, function(err, accessToken) { if (err) { return err.code === 'LOGIN_FAILED' ? done(null, false, {message: g.f('Failed to create token.')}) : done(err); } if (accessToken && user.emailVerified) { userProfile.accessToken = accessToken; done(null, userProfile, {accessToken: accessToken}); } else { done(null, false, {message: g.f('Failed to create token.')}); } }); }; if (options.setAccessToken) { switch (options.usernameField) { case 'email': login({email: username, password: password}); break; case 'username': login({username: username, password: password}); break; } } else { return user.hasPassword(password, function(err, ok) { // Fail to login if email is not verified or invalid username/password. // Unify error message in order not to give indication about the error source for // security purposes. if (ok && user.emailVerified) return done(null, userProfile); done(null, false, {message: errorMsg}); }); } } else { done(null, false, {message: errorMsg}); } }); } ); break; case 'oauth': case 'oauth1': case 'oauth 1.0': strategy = new AuthStrategy(_.defaults({ consumerKey: options.consumerKey, consumerSecret: options.consumerSecret, callbackURL: callbackURL, passReqToCallback: true, }, options), function(req, token, tokenSecret, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link( req.user.id, provider, authScheme, profile, {token: token, tokenSecret: tokenSecret}, options, done); } else { done(g.f('No user is logged in')); } } else { self.userIdentityModel.login(provider, authScheme, profile, { token: token, tokenSecret: tokenSecret, }, options, loginCallback(req, done)); } } ); break; case 'openid': strategy = new AuthStrategy(_.defaults({ returnURL: options.returnURL, realm: options.realm, callbackURL: callbackURL, passReqToCallback: true, }, options), function(req, identifier, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link( req.user.id, provider, authScheme, profile, {identifier: identifier}, options, done); } else { done(g.f('No user is logged in')); } } else { self.userIdentityModel.login(provider, authScheme, profile, {identifier: identifier}, options, loginCallback(req, done)); } } ); break; case 'openid connect': strategy = new AuthStrategy(_.defaults({ clientID: clientID, clientSecret: clientSecret, callbackURL: callbackURL, passReqToCallback: true, }, options), // https://github.com/jaredhanson/passport-openidconnect/blob/master/lib/strategy.js#L220-L244 function(req, iss, sub, profile, jwtClaims, accessToken, refreshToken, params, done) { // Azure openid connect profile returns oid profile.id = profile.id || profile.oid; if (link) { if (req.user) { self.userCredentialModel.link( req.user.id, provider, authScheme, profile, { accessToken: accessToken, refreshToken: refreshToken, }, options, done); } else { done(g.f('No user is logged in')); } } else { self.userIdentityModel.login(provider, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, loginCallback(req, done)); } } ); break; case 'saml': strategy = new AuthStrategy(_.defaults({ callbackUrl: callbackURL, cert: options.certPath ? fs.readFileSync(options.certPath, 'utf-8') : options.cert, privateCert: options.privateCertPath ? fs.readFileSync(options.privateCertPath, 'utf-8') : options.privateCert, decryptionPvk: options.decryptionPvkPath ? fs.readFileSync(options.decryptionPvkPath, 'utf-8') : options.decryptionPvk, passReqToCallback: true, }, options), function(req, profile, done) { // Azure saml profile returns http://schemas.microsoft.com/identity/claims/objectidentifier profile.id = profile.id || profile['http://schemas.microsoft.com/identity/claims/objectidentifier']; if (link) { if (req.user) { self.userCredentialModel.link(req.user.id, name, authScheme, profile, {}, options, done); } else { done('No user is logged in'); } } else { self.userIdentityModel.login(name, authScheme, profile, {}, options, loginCallback(req, done)); } } ); break; default: strategy = new AuthStrategy(_.defaults({ clientID: clientID, clientSecret: clientSecret, callbackURL: callbackURL, passReqToCallback: true, }, options), function(req, accessToken, refreshToken, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link( req.user.id, provider, authScheme, profile, { accessToken: accessToken, refreshToken: refreshToken, }, options, done); } else { done(g.f('No user is logged in')); } } else { self.userIdentityModel.login(provider, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, loginCallback(req, done)); } } ); } passport.use(name, strategy); var defaultCallback = function(req, res, next) { // The default callback passport.authenticate(name, _.defaults({session: session}, options.authOptions), function(err, user, info) { if (err) { return next(err); } if (!user) { if (!!options.json) { return res.status(401).json(g.f('authentication error')); } if (options.failureQueryString && info) { return res.redirect(appendErrorToQueryString(failureRedirect, info)); } return res.redirect(failureRedirect); } if (session) { req.logIn(user, function(err) { if (err) { return next(err); } if (info && info.accessToken) { if (!!options.json) { return res.json({ 'access_token': info.accessToken.id, userId: user.id, }); } else { res.cookie('access_token', info.accessToken.id, { signed: req.signedCookies ? true : false, // maxAge is in ms maxAge: 1000 * info.accessToken.ttl, domain: (options.domain) ? options.domain : null, }); res.cookie('userId', user.id.toString(), { signed: req.signedCookies ? true : false, maxAge: 1000 * info.accessToken.ttl, domain: (options.domain) ? options.domain : null, }); } } return res.redirect(successRedirect(req)); }); } else { if (info && info.accessToken) { if (!!options.json) { return res.json({ 'access_token': info.accessToken.id, userId: user.id, }); } else { res.cookie('access_token', info.accessToken.id, { signed: req.signedCookies ? true : false, maxAge: 1000 * info.accessToken.ttl, }); res.cookie('userId', user.id.toString(), { signed: req.signedCookies ? true : false, maxAge: 1000 * info.accessToken.ttl, }); } } return res.redirect(successRedirect(req, info.accessToken)); } })(req, res, next); }; /*! * Setup the authentication request URLs. */ if (authType === 'local') { self.app.post(authPath, passport.authenticate( name, options.fn || _.defaults({ successReturnToOrRedirect: options.successReturnToOrRedirect, successRedirect: options.successRedirect, failureRedirect: options.failureRedirect, successFlash: options.successFlash, failureFlash: options.failureFlash, scope: scope, session: session, }, options.authOptions))); } else if (authType === 'ldap') { var ldapCallback = options.customCallback || defaultCallback; self.app.post(authPath, ldapCallback); } else if (link) { self.app.get(authPath, passport.authorize(name, _.defaults({ scope: scope, session: session, }, options.authOptions))); } else { self.app.get(authPath, passport.authenticate(name, _.defaults({ scope: scope, session: session, }, options.authOptions))); } /*! * Setup the authentication callback URLs. */ if (link) { self.app[callbackHTTPMethod](callbackPath, passport.authorize(name, _.defaults({ session: session, // successReturnToOrRedirect: successRedirect, successRedirect: successRedirect(), failureRedirect: failureRedirect, }, options.authOptions)), // passport.authorize doesn't handle redirect function(req, res, next) { res.redirect(successRedirect(req)); }, function(err, req, res, next) { if (options.failureFlash) { if (typeof req.flash !== 'function') { next(new TypeError(g.f('{{req.flash}} is not a function'))); } var flash = options.failureFlash; if (typeof flash === 'string') { flash = {type: 'error', message: flash}; } var type = flash.type || 'error'; var msg = flash.message || err.message; if (typeof msg === 'string') { req.flash(type, msg); } } if (options.failureQueryString) { return res.redirect(appendErrorToQueryString(failureRedirect, err)); } res.redirect(failureRedirect); }); } else { var customCallback = options.customCallback || defaultCallback; // Register the path and the callback. self.app[callbackHTTPMethod](callbackPath, customCallback); } function appendErrorToQueryString(url, err) { var hasQueryString = (url.indexOf('?') !== -1); var separator = (hasQueryString) ? '&' : '?'; var fieldValuePair = 'error=' + encodeURIComponent(err); var queryString = url + separator + fieldValuePair; return queryString; } return strategy; };
exports.expressConfigure = function (hook_name, args, cb) { var app = args.app; app.set('trust proxy', 1) // trust first proxy app.use(session({ secret: 'keyboard cat', resave: false, saveUninitialized: true, cookie: { secure: true } })); app.use(bodyParser.json()); // to support JSON-encoded bodies app.use(bodyParser.urlencoded({ // to support URL-encoded bodies extended: true })); app.use(json()); // to support JSON-encoded bodies app.use(passport.initialize()); app.use(passport.session()); app.get('/auth/dataporten', passport.authorize('dataporten')); app.get('/dataporten/callback', passport.authorize('dataporten', { failureRedirect: '/login' }), function(req, res) { req.session.user = req.account; res.redirect("/"); }); app.use('/logout', function(req, res) { req.session.destroy(); res.redirect("https://auth.dataporten.no/logout"); }); app.use('/p/', function(req, res, next) { var maxAge = 3600*24*365; var until = (new Date).getTime() + (maxAge); console.log("Middleware to do session handling"); if (!req.cookies['sessionID']) { console.log("Session cookie is not set, obtaining new session."); EAPI.getSession(req.session.user, function(data) { var sessionID = data.join(','); console.log("Setting session ID ", sessionID); res.cookie('sessionID', sessionID, { "maxAge": maxAge, "httpOnly": false }); next(); }); } else { console.log("Session cookie is set"); next(); } }); app.use('/p/', function(req, res, next) { next(); }); app.get('/dashboard-api/setupSession', function(req, res, next) { var maxAge = 3600*24*365; var until = (new Date).getTime() + (maxAge); var body = "Creating session\n\n"; EAPI.getSession(req.session.user, function(data) { var sessionID = data.join(','); body += 'Setting session identifier in sessionID Cookie: ' + sessionID + "\n"; res.cookie('sessionID', sessionID, { "maxAge": maxAge, "httpOnly": false }); res.writeHead(200, {"Content-Type": "text/plain; charset=utf-8"}); res.end(body); }); }); app.get('/dashboard-api/session', function(req, res, next) { EAPI.getSession(req.session.user, function(data) { var body = ''; body += "\n\nSession data: \n" + JSON.stringify(data, undefined, 2); body += "\nGroups:\n" + JSON.stringify(req.session.user.groups, undefined, 2); res.writeHead(200, {"Content-Type": "text/plain; charset=utf-8"}); res.end(body); }); }); app.get('/dashboard-api/padshtml', function(req, res, next) { EAPI.listPads(req.session.user, function(data) { res.writeHead(200, {"Content-Type": "text/html; charset=utf-8"}); var body = ''; body += '<h2>List of pads</h2>'; body += '<ul>'; for(var i =0; i < data.length; i++) { body += '<li><a target="_blank" href="/p/' + data[i].padID + '">' + data[i].padID + '</a>' + '<pre>' + JSON.stringify(data[i], undefined, 2) + '</pre>' + '</li>'; } if (data.length === 0) { body += '<li style="color: #ccc">No pads available</li>'; } body += '</ul>'; res.end(body); }); }); app.get('/dashboard-api/userinfo', function(req, res, next) { res.writeHead(200, {"Content-Type": "application/json; charset=utf-8"}); res.end(JSON.stringify(req.session.user, undefined, 2)); }); app.get('/dashboard-api/pads', function(req, res, next) { EAPI.listPads(req.session.user, function(data) { res.writeHead(200, {"Content-Type": "application/json; charset=utf-8"}); res.end(JSON.stringify(data, undefined, 2)); }); }); app.post('/dashboard-api/pad/create', function(req, res, next) { var newObject = req.body; EAPI.createPad(newObject.name, newObject.groupid, function(data) { res.writeHead(200, {"Content-Type": "application/json; charset=utf-8"}); res.end(JSON.stringify(data, undefined, 2)); }); }); app.get('/login', function(req, res, next) { res.end("You need to authenticate first"); }); app.use('/', function (req, res, next) { if(req.session.user && req.session.user.data.provider == "Dataporten") { next(); } else { res.redirect('/auth/dataporten'); } }); app.use('/', exp.static(__dirname + '/webapp/')); };
function authorize(req, res, next) { if (req.user) return next(); req.flash("redirect", req.path); return passport.authorize('local', { failureRedirect: '/forms/sign-in', failureFlash: "Sign in required." })(req, res, next); }
module.exports = function(app, db) { var User = db.model('user'); var GithubAccount = db.model('githubAccount'); var githubConfig = app.getValue('env').GITHUB; var githubCredentials = { clientID: githubConfig.clientID, clientSecret: githubConfig.clientSecret, callbackURL: githubConfig.callbackURL, passReqToCallback: true } var verifyCallback = function(req, accessToken, refreshToken, profile, done) { var user = req.user; console.log('Access Token(prior): ', accessToken); var updatedGithubAccount = { username: profile.username, profileUrl: profile.profileUrl, accessToken: accessToken }; if (!user) { var err = new Error('You must be signed in to use the app!'); err.status = 401; done(err); } else { GithubAccount.findOrCreate({ where: { id: profile.id }, defaults: updatedGithubAccount }) .spread(function(githubAccount, created) { if (!created) { githubAccount.update(updatedGithubAccount); } User.findById(user.id) .then(function(user) { user.setGithubAccount(githubAccount) .then(function(user) { console.log("Access Token: ", accessToken); done(null, githubAccount); }) .catch(done); }) .catch(done); }) .catch(done); } }; passport.use(new GithubStrategy(githubCredentials, verifyCallback)); app.get('/auth/github', passport.authorize('github', { scope: [ 'user', 'repo' ] })); app.get('/auth/github/callback', passport.authorize('github', { successRedirect: '/connections', failureRedirect: '/connections' })); app.get('/unlink/github', function(req, res, next) { var member = req.user; User.findById(member.id) .then(function(member) { member.setGithubAccount(null) .then(function(member) { res.redirect('/connections'); // NEED TO CHANGE }) }) .catch(next); }); }
router.get('/logout', function(req, res) { req.logout(); res.redirect('/'); }); router.get('/auth/linkedin', passport.authenticate('linkedin')); router.get('/auth/linkedin/callback', passport.authenticate('linkedin', { failureRedirect: '/' }), function(req, res) { // res.json(req.user); res.render('profile', { user : req.user }); }); router.get('/connect/linkedin', passport.authorize('linkedin')); // handle the callback after twitter has authorized the user router.get('/connect/linkedin/callback', passport.authorize('linkedin', {failureRedirect : '/'}), function(req, res) { res.render('profile', { user : req.user }); } ); router.get('/auth/facebook', passport.authenticate('facebook', { scope : 'email' })); // handle the callback after facebook has authenticated the user router.get('/auth/facebook/callback', passport.authenticate('facebook', { failureRedirect : '/' }), function(req, res) {
passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(obj, done) { done(null, obj); }); /* Routes */ // authentication app.get("/login/success", passport.authenticate("dropbox"), appCon.login); app.get("/auth/facebook", passport.authorize("facebook", { scope: "publish_stream", failureRedirect: "/error" })); app.get("/auth/facebook/success", passport.authorize("facebook", { failureRedirect: "/error" }), appCon.fbUpload); app.get("/logout", appCon.logout); // app app.get("/", appCon.index); app.get("/home", appCon.auth, appCon.home); app.get("/error", appCon.error); app.get("/login", passport.authenticate("dropbox")); app.get("/all", appCon.auth, photoCon.all); app.get("/help", appCon.help);
/** * OAuth authentication routes. (Sign in) */ app.get('/auth/facebook', passport.authenticate('facebook', { scope: ['email', 'user_location'] })); app.get('/auth/facebook/callback', passport.authenticate('facebook', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); app.get('/auth/google', passport.authenticate('google', { scope: 'profile email' })); app.get('/auth/google/callback', passport.authenticate('google', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); /** * OAuth authorization routes. (API examples) */ app.get('/auth/venmo', passport.authorize('venmo', { scope: 'make_payments access_profile access_balance access_email access_phone' })); app.get('/auth/venmo/callback', passport.authorize('venmo', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/venmo'); }); app.get('/auth/steam', passport.authorize('openid', { state: 'SOME STATE' })); app.get('/auth/steam/callback', passport.authorize('openid', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); /** * Character select routes */ app.get('/charSelect', userController.getCharSelect) app.post('/charSelect', userController.postCreateNewChar) /**
}); }; }); app.get('/auth/google/paperwork/done', function(req,res) { req.logIn(req.session.tmpuser,function(){ console.log('in paperwork/done, session:\n'+JSON.stringify(req.session,null,2)); res.render('paperwork-google-done', {user:req.user}); delete req.session.tmpuser; }); }); // This route starts to link a new google account to a logged in user app.get( '/auth/link/google' , passport.authorize('google-link' ,{ scope: ['https://www.googleapis.com/auth/userinfo.profile' ,'https://www.googleapis.com/auth/userinfo.email'] }) ); app.get( '/auth/link/google/callback' , passport.authorize('google-link', {failureRedirect:'/auth/failure'}) , function(req, res) { // if we got here then auth succeeded req.user.google = req.account; db.createOrUpdateUser(req.user, function(){ delete req.account; res.redirect( '/auth/success' ); }); });
user.local.email = undefined; user.local.password = undefined; user.save(function(err) { next(); }); } }, facebook : { login: passport.authenticate("facebook", { scope: "email" }), callback: passport.authenticate("facebook", { successRedirect : "/profile", failureRedirect : "/" }), connect: passport.authorize("facebook", { scope: "email" }), connectCallback: passport.authorize("facebook", { successRedirect : "/profile", failureRedirect : "/profile" }), disconnect : function(req, res, next) { var user = req.user; user.facebook.id = undefined; user.facebook.email = undefined; user.facebook.token = undefined; user.save(function(err) { next(); }); }
PassportConfigurator.prototype.configureProvider = function (name, options) { var self = this; options = options || {}; var link = options.link; var AuthStrategy = require(options.module)[options.strategy || 'Strategy']; var authScheme = options.authScheme; if (!authScheme) { // Guess the authentication scheme if (options.consumerKey) { authScheme = 'oAuth1'; } else if (options.realm) { authScheme = 'OpenID'; } else if (options.clientID) { authScheme = 'oAuth 2.0'; } else if (options.usernameField) { authScheme = 'local'; } else { authScheme = 'local'; } } var clientID = options.clientID; var clientSecret = options.clientSecret; var callbackURL = options.callbackURL; var authPath = options.authPath || ((link ? '/link/' : '/auth/') + name); var callbackPath = options.callbackPath || ((link ? '/link/' : '/auth/') + name + '/callback'); var successRedirect = options.successRedirect || (link ? '/link/account' : '/auth/account'); var failureRedirect = options.failureRedirect || (link ? '/link.html' : '/login.html'); var scope = options.scope; var authType = authScheme.toLowerCase(); var session = !!options.session; function loginCallback(req, done) { return function (err, user, identity, token) { var authInfo = { identity: identity }; if (token) { authInfo.accessToken = token; } done(err, user, authInfo); }; } switch (authType) { case 'local': passport.use(name, new AuthStrategy(_.defaults({ usernameField: options.usernameField || 'username', passwordField: options.passwordField || 'password', session: options.session }, options), function (username, password, done) { var query = {where: {or: [ {username: username}, {email: username} ]}}; self.userModel.findOne(query, function (err, user) { if (err) { return done(err); } if (user) { user.hasPassword(password, function (err, ok) { if (ok) { var u = user.toJSON(); delete u.password; var userProfile = { provider: 'local', id: u.id, username: u.username, emails: [ { value: u.email } ], status: u.status }; done(null, userProfile); } else { return done(null, false, { message: 'Incorrect password.' }); } }); } else { return done(null, false, { message: 'Incorrect username.' }); } }); } )); break; case 'oauth': case 'oauth1': case 'oauth 1.0': passport.use(name, new AuthStrategy(_.defaults({ consumerKey: options.consumerKey, consumerSecret: options.consumerSecret, callbackURL: callbackURL, passReqToCallback: true }, options), function (req, token, tokenSecret, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link(req.user.id, name, authScheme, profile, {token: token, tokenSecret: tokenSecret}, options, done); } else { done('No user is logged in'); } } else { self.userIdentityModel.login(name, authScheme, profile, {token: token, tokenSecret: tokenSecret}, options, loginCallback(req, done)); } } )); break; case 'openid': passport.use(name, new AuthStrategy(_.defaults({ returnURL: options.returnURL, realm: options.realm, callbackURL: callbackURL, passReqToCallback: true }, options), function (req, identifier, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link(req.user.id, name, authScheme, profile, {identifier: identifier}, options, done); } else { done('No user is logged in'); } } else { self.userIdentityModel.login(name, authScheme, profile, {identifier: identifier}, options, loginCallback(req, done)); } } )); break; case 'openid connect': passport.use(name, new AuthStrategy(_.defaults({ clientID: clientID, clientSecret: clientSecret, callbackURL: callbackURL, passReqToCallback: true }, options), function (req, accessToken, refreshToken, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link(req.user.id, name, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, done); } else { done('No user is logged in'); } } else { self.userIdentityModel.login(name, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, loginCallback(req, done)); } } )); break; default: passport.use(name, new AuthStrategy(_.defaults({ clientID: clientID, clientSecret: clientSecret, callbackURL: callbackURL, passReqToCallback: true }, options), function (req, accessToken, refreshToken, profile, done) { if (link) { if (req.user) { self.userCredentialModel.link(req.user.id, name, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, done); } else { done('No user is logged in'); } } else { self.userIdentityModel.login(name, authScheme, profile, {accessToken: accessToken, refreshToken: refreshToken}, options, loginCallback(req, done)); } } )); } /* * Redirect the user to Facebook for authentication. When complete, * Facebook will redirect the user back to the application at * /auth/facebook/callback with the authorization code */ if (authType === 'local') { self.app.post(authPath, passport.authenticate(name, options.fn || _.defaults({ successReturnToOrRedirect: options.successReturnToOrRedirect, successRedirect: options.successRedirect, failureRedirect: options.failureRedirect, successFlash: options.successFlash, failureFlash: options.failureFlash, scope: scope, session: session }, options.authOptions))); } else if (link) { self.app.get(authPath, passport.authorize(name, _.defaults({scope: scope, session: session}, options.authOptions))); } else { self.app.get(authPath, passport.authenticate(name, _.defaults({scope: scope, session: session}, options.authOptions))); } /* * Facebook will redirect the user to this URL after approval. Finish the * authentication process by attempting to obtain an access token using the * authorization code. If access was granted, the user will be logged in. * Otherwise, authentication has failed. */ if (link) { self.app.get(callbackPath, passport.authorize(name, _.defaults({ session: session, // successReturnToOrRedirect: successRedirect, successRedirect: successRedirect, failureRedirect: failureRedirect }, options.authOptions)), // passport.authorize doesn't handle redirect function (req, res, next) { res.redirect(successRedirect); }, function (err, req, res, next) { res.redirect(failureRedirect); }); } else { var customCallback = options.customCallback || function (req, res, next) { // The default callback passport.authenticate(name, _.defaults({session: session}, options.authOptions), function (err, user, info) { if (err) { return next(err); } if (!user) { return res.redirect(failureRedirect); } if (session) { req.logIn(user, function (err) { if (err) { return next(err); } if (info && info.accessToken) { if (!!options.json) { return res.json({'access_token': info.accessToken.id, userId: user.id}); } else { res.cookie('access_token', info.accessToken.id, { signed: req.signedCookies ? true : false, maxAge: info.accessToken.ttl }); res.cookie('userId', user.id.toString(), { signed: req.signedCookies ? true : false, maxAge: info.accessToken.ttl }); } } return res.redirect(successRedirect); }); } else { if (info && info.accessToken) { if (!!options.json) { return res.json({'access_token': info.accessToken.id, userId: user.id}); } else { res.cookie('access_token', info.accessToken.id, { signed: req.signedCookies ? true : false, maxAge: info.accessToken.ttl }); res.cookie('userId', user.id.toString(), { signed: req.signedCookies ? true : false, maxAge: info.accessToken.ttl }); } } return res.redirect(successRedirect); } })(req, res, next); }; // Register the path and the callback. self.app.get(callbackPath, customCallback); } };
app.post('/api/bitgo', apiController.postBitGo); app.get('/api/upload', apiController.getFileUpload); app.post('/api/upload', upload.single('myFile'), apiController.postFileUpload); /** * OAuth authentication routes. (Sign in) */ app.get('/auth/google', passport.authenticate('google', { scope: 'profile email' })); app.get('/auth/google/callback', passport.authenticate('google', { failureRedirect: '/login' }), function(req, res) { res.redirect(req.session.returnTo || '/'); }); /** * OAuth authorization routes. (API examples) */ app.get('/auth/venmo', passport.authorize('venmo', { scope: 'make_payments access_profile access_balance access_email access_phone' })); app.get('/auth/venmo/callback', passport.authorize('venmo', { failureRedirect: '/api' }), function(req, res) { res.redirect('/api/venmo'); }); /** * Error Handler. */ app.use(errorHandler()); /** * Start Express server. */ app.listen(app.get('port'), function() { console.log('Express server listening on port %d in %s mode', app.get('port'), app.get('env')); });
function(req, res, next) { passport.authorize('google-authz', function(err) { logger.debug('google Passport error', err); next(); })(req, res, next); },