The req.isAuthenticated() of api.js function always returns false whether or not the user is logged in or not. Thus user is redirected to /#login at all times. I have not yet connected to MongoDB so it's just the javascript and nodejs part. I am testing my code on advanced rest client.
I tried a few solutions which suggested using cookies but it doesn't seem to work. I know there already exists a lot of answers to this question and I have tried nearly most of the answers on stack overflow but somehow nothing seems to work. I don't know what I am missing out on. I am stuck on this for a long time ao any kind of help is highly appreciated.
app.js (main file):
var http_errors = require('http-errors');
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var passport = require('passport');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var api = require('./routes/api');
var authenticate = require('./routes/authenticate')(passport);
var app = express();
app.use(cookieParser('super duper secret'));
app.use(session({
secret: 'super duper secret',
resave: true,
saveUninitialized: true
}));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
app.use(passport.initialize());
app.use(passport.session());
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use('/api', api);
app.use('/auth', authenticate);
var initPassport = require('./passport-init');
initPassport(passport);
module.exports = app;
Routing files:-
api.js:
var express = require('express');
var router = express.Router();
router.use(function(req, res, next){
if(req.method === "GET"){
return next();
}
if (!req.isAuthenticated()){
return res.redirect('/#login');
}
return next();
});
router.route('/posts')
.get(function(req, res){
res.send({message: 'TODO return all posts'});
})
.post(function(req, res){
res.send({message: 'TODO create a new post'});
})
module.exports = router;
authenticate.js:
var express = require('express');
var router = express.Router();
module.exports = function(passport){
router.get('/success', function(req, res){
res.send({state: 'success', user: req.user ? req.user : null});
})
router.get('/failure', function(req, res){
res.send({state: 'failure', user: null, message: "Invalid username or password"});
})
router.post('/login', passport.authenticate('login', {
successRedirect: '/auth/success',
failureRedirect: '/auth/failure'
}))
router.post('/signup', passport.authenticate('signup', {
successRedirect: '/auth/success',
failureRedirect: '/auth/failure'
}))
router.get('/signout', function(req, res) {
req.logout();
res.redirect('/');
});
return router;
}
passport-init.js (file that exploits passport module):
var LocalStrategy = require('passport-local').Strategy;
var bCrypt = require('bcrypt-nodejs');
var users = {};
module.exports = function(passport){
passport.serializeUser(function(user, done) {
console.log('serializing user:',user.username)
return done(null, user.username);
})
passport.deserializeUser(function(username, done) {
User.findById(username, function(err, user){
return done(err,users[username]);
})
})
passport.use('login', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done) {
if(!users[username]){
return done('user not found',false);
}
if(!isValidPassword (users[username],password)){
return done('invalid password', false);
}
console.log('sucessfully logged in')
return done(null, users[username]);
}
))
passport.use('signup', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done) {
if(users[username]){
return done('username already taken', false);
}
users[username] = {
username: username,
password: createHash(password)
}
console.log('sucessfully signed in')
console.log(users[username])
return done(null, users[username]);
}
))
var isValidPassword = function(user, password){
return bCrypt.compareSync(password, user.password);
}
var createHash = function(password){
return bCrypt.hashSync(password, bCrypt.genSaltSync(10), null);
}
};
|