userRouter.post('/', function (req, res) { log.error(req.body); var patient = new Patient({ firstName: req.body.firstName, lastName: req.body.lastName, secondName: req.body.secondName, email: req.body.email, password: req.body.password, phone: req.body.phone, location: req.body.location, gender: req.body.gender, birthDate: req.body.birthDate, policyNumber: req.body.policyNumber }); patient.save(function (err) { if (!err) { log.info("Patient created"); return res.send({status: 'OK', patient: patient, apiKey: patient.apiKey, _id: patient._id}); } else { console.log(err); if (err.name == 'ValidationError') { res.statusCode = 400; res.send({error: 'Validation error'}); } else { res.statusCode = 500; res.send({error: 'Server Error'}); } log.error('Internal error(%d): %s', res.statusCode, err.message); } }); });
return function (req, res, next) { return next(); if (doctorArea && !patientArea) { return next(); } var token = req.get('X-API-KEY'); if (patientArea && !doctorArea) { Patient.findOne({apiKey: token}, function (err, patient) { if (err) { res.statusCode = 500; return res.send({error: 'Server Error'}); } if (!patient) { res.statusCode = 500; return res.send({error: 'Server Error'}); } console.log(patient._id); if (patient.checkApiKey(token)) { req.authStrategy = 'Header'; req.user = patient; return next(); } }); } if (patientArea && doctorArea) { if (req.isAuthenticated()) return next(); else { Patient.findOne({apiKey: token}, function (err, patient) { if (err) { res.statusCode = 500; return res.send({error: 'Server Error'}); } if (!patient) { res.statusCode = 500; return res.send({error: 'Server Error'}); } console.log(patient._id); if (patient.checkApiKey(token)) { req.authStrategy = 'Header'; req.user = patient; return next(); } }); } } }
userRouter.get('/:id', reqHandler.isLoggedIn(true,true), function (req, res) { log.debug(req.get('apikey')); if (req.authStrategy === 'Header') { if (req.params.id !== req.user._id) { res.statusCode = 401; return res.send({error: 'You can request only your profile'}); } } return Patient.findById(req.params.id, function (err, patient) { if (!patient) { res.statusCode = 404; return res.send({error: 'Patient not found'}); } if (!err) { return res.send({ status: 'OK', patient: patient }); } else { res.statusCode = 500; log.error('Internal error(%d): %s', res.statusCode, err.message); res.send({ error: 'Server error' }); } }) });
userRouter.put('/:id', passport.authenticate('Header'), function (req, res) { return Patient.findById(req.params.id, function (err, patient) { if (!patient) { res.statusCode = 404; return res.send({error: 'Patient not found'}); } patient.firstName = req.body.firstName; patient.lastName = req.body.lastName; patient.secondName = req.body.secondName; patient.location = req.body.location; patient.policyNumber = req.body.policyNumber; return patient.save(function (err) { if (!err) { log.info('Patient updated'); return res.send({status: 'OK', patient: patient}); } else { if (err.name == 'ValidationError') { res.statusCode = 400; res.send({error: 'Validation Error'}); } else { res.statusCode = 500; res.send({error: 'Server error'}); } log.error('Internal error(%d): %s', res.statusCode, err.message); } }); }) });
userRouter.get('/settings', function (req, res) { Patient.count({}, function (err, c) { if (!err) { var totalPages = Math.ceil(c / pageLimit); return res.send({status: 'OK', count: c, pageLimit: pageLimit, totalPages: totalPages}); } else { return res.send({error: 'Server error'}); } }) });
passport.use(new headerStrategy({ header: 'X-API-KEY', passReqToCallback: true }, function (req, token, done) { Patient.findOne({ apiKey: token }, function (err, patient) { if (err) { return done(err); } if (!patient) return done(null, false, { error: 'Invalid token.' }); if (!patient.checkApiKey(token)) { return done(null, false, { error: 'Incorrect token.' }); } req.authStrategy = 'Header'; return done(null, patient); }); }));
userRouter.get('/', reqHandler.isLoggedIn(true, true), function (req, res) { var offset = 0; console.log(req.query); if (req.query.offset) offset = parseInt(req.query.offset); var query = Patient.find({}); query.skip(offset); query.limit(pageLimit); var count = 0; Patient.count({}, function (err, c) { if (!err) count = c; }); return query.exec(function (err, patients) { if (!err) { return res.send({status: 'OK', offset: offset, patients: patients}); } else { res.statusCode = 500; log.error('Internal error(%d): %s', res.statusCode, err.message); return res.send({error: 'Server error'}); } }); });
passport.use(new BasicStrategy(function (email, password, done) { Patient.findOne({ email: email }, function (err, patient) { if (err) { log.debug('Bad request'); return done(err); } if (!patient) { log.debug('Bad request2'); return done(null, false, { error: "No authentication data provided" }); } if (!patient.checkPassword(password)) { return done(null, false); } return done(null, patient); }); }));
function isApiAuthenticated(req) { if (!req.get('X-API-KEY')) { return false; } var token = req.get('X-API-KEY'); var patient = Patient.findOne({apiKey: token}, function (err, patient) { if (err) return null; if (!patient) return null; console.log(patient._id); if (patient.checkApiKey(token)) return patient; }); console.log(patient._id); if (patient._id) { req.login(patient._id, function (err) { if (!err) console.log('Updated'); return true; }); } }