-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
152 lines (135 loc) · 4.3 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', 'http://localhost:3002');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
// res.header('Access-Control-Allow-Credentials', 'true');
next();
}
function authenticateUser(username, password, done, public_id){
// Use escape to protect against SQL injection (or use ? method below, same effect)
// var username = connection.escape(username);
// var password = connection.escape(password);
var sql="SELECT * FROM users WHERE username = ? and password = ? limit 1";
connection.run(sql, [username, password],
function (err,results) {
if (err) { return done(err); }
if(results.length > 0){
var res=results[0];
//serialize the query result save whole data as session in req.user[] array
passport.serializeUser(function(res, done) {
done(null,res);
});
passport.deserializeUser(function(id, done) {
done(null,res);
});
return done(null, res);
}else{
return done(null, false);
}
});
}
function isAuth(req, res, next) {
console.log(req.isAuthenticated()); // false
if (req.isAuthenticated()) { return next(); }
res.redirect('/login');
}
var express = require('express'),
http = require('http'),
mysql = require('mysql'),
path = require('path'),
sqlite3 = require('sqlite3').verbose();
//Setup Authentication
var passport = require('passport')
, LocalStrategy = require('passport-local').Strategy;
var app = express();
// all environments
app.configure(function(){
app.set('port', process.env.PORT || 3002);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.methodOverride());
app.use(allowCrossDomain);
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({
secret: 'keyboard cat',
cookie: {httpOnly: true}
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.csrf());
app.use(function (req, res, next) {
res.locals.csrftoken = req.csrfToken();
next();
});
app.use(app.router);
})
// app.get('/', function( req, res) {
// res.render('index');
// });
// Connect to mysql database
// var connection = mysql.createConnection({
// host : 'localhost',
// user : 'root',
// password : 'password',
// database : 'nodejs_todo'
// });
// connection.connect(function(err){
// if(err){
// console.log("Error Connecting to MySQL");
// console.log('Error: ', err);
// }
// else{
// console.log("Connection to MySQL Successful");
// }
// });
//Connect to the local SQLite3 DB
var connection = new sqlite3.Database('db/todo_app');
passport.use(new LocalStrategy(
function(username, password, done) {
return authenticateUser(username, password, done);
}
));
/**
* Define the routes
*/
//Auth Route
app.post('/login',
passport.authenticate('local', { successRedirect: '/',
failureRedirect: '/login',
failureFlash: true })
);
//Get all the todos
app.get('/todos', isAuth, function (req, res) {
connection.run('select * from todos', function(err, docs) {
res.render('todos', {todos: docs});
});
});
app.get("/login", function (req, res) {
res.render("login");
});
// Add a new Todo
app.get("/todos/new", function (req, res) {
res.render("new");
});
// Save the Newly created Todo Item
app.post("/todos", function (req, res) {
var description=req.body.description;
var complete=req.body.complete;
connection.run('INSERT INTO todos (description, complete) VALUES (? , ?);' , [description, complete], function(err, docs) {
if (err) res.json(err);
res.redirect('todos');
});
});
// Delete a todo item
app.delete("/todos/:id", function (req, res) {
var id = req.params.id;
console.log("Todo to delete: ", id);
});
//Create the server
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});