modules/backend/routes/public.js - ignite-web-console - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 'use strict';

 const _ = require('lodash');
 const express = require('express');
 const passport = require('passport');

 // Fire me up!

 module.exports = {
     implements: 'routes/public',
     inject: ['mongo', 'settings', 'services/users', 'services/auth', 'errors']
 };

 /**
  * @param mongo
  * @param settings
  * @param {UsersService} usersService
  * @param {AuthService} authService
  * @param errors
  * @returns {Promise}
  */
 module.exports.factory = function(mongo, settings, usersService, authService, errors) {
     return new Promise((factoryResolve) => {
         const router = new express.Router();

         // GET user.
         router.post('/user', (req, res) => {
             usersService.get(req.user, req.session.viewedUser)
                 .then(res.api.ok)
                 .catch(res.api.error);
         });

         /**
          * Register new account.
          */
         router.post('/signup', (req, res) => {
             const createdByAdmin = _.get(req, 'user.admin', false);

             usersService.create(req.origin(), req.body, createdByAdmin)
                 .then((user) => {
                     if (createdByAdmin)
                         return user;

                     return new Promise((resolve, reject) => {
                         req.logIn(user, {}, (err) => {
                             if (err)
                                 reject(err);

                             resolve(user);
                         });
                     });
                 })
                 .then(res.api.ok)
                 .catch(res.api.error);
         });

         /**
          * Sign in into exist account.
          */
         router.post('/signin', (req, res, next) => {
             passport.authenticate('local', (errAuth, user) => {
                 if (errAuth)
                     return res.api.error(new errors.AuthFailedException(errAuth.message));

                 if (!user)
                     return res.api.error(new errors.AuthFailedException('Invalid email or password'));

                 if (settings.activation.enabled) {
                     const activationToken = req.body.activationToken;

                     const errToken = authService.validateActivationToken(user, activationToken);

                     if (errToken)
                         return res.api.error(errToken);

                     if (authService.isActivationTokenExpired(user, activationToken)) {
                         authService.resetActivationToken(req.origin(), user.email)
                             .catch((ignored) => {
                                 // No-op.
                             });

                         return res.api.error(new errors.AuthFailedException('This activation link was expired. We resend a new one. Please open the most recent email and click on the activation link.'));
                     }

                     user.activated = true;
                 }

                 return req.logIn(user, {}, (errLogIn) => {
                     if (errLogIn)
                         return res.api.error(new errors.AuthFailedException(errLogIn.message));

                     return res.sendStatus(200);
                 });
             })(req, res, next);
         });

         /**
          * Logout.
          */
         router.post('/logout', (req, res) => {
             req.logout();

             res.sendStatus(200);
         });

         /**
          * Send e-mail to user with reset token.
          */
         router.post('/password/forgot', (req, res) => {
             authService.resetPasswordToken(req.origin(), req.body.email)
                 .then(() => res.api.ok('An email has been sent with further instructions.'))
                 .catch(res.api.error);
         });

         /**
          * Change password with given token.
          */
         router.post('/password/reset', (req, res) => {
             const {token, password} = req.body;

             authService.resetPasswordByToken(req.origin(), token, password)
                 .then(res.api.ok)
                 .catch(res.api.error);
         });

         /* GET reset password page. */
         router.post('/password/validate/token', (req, res) => {
             const token = req.body.token;

             authService.validateResetToken(token)
                 .then(res.api.ok)
                 .catch(res.api.error);
         });

         /* Send e-mail to user with account confirmation token. */
         router.post('/activation/resend', (req, res) => {
             authService.resetActivationToken(req.origin(), req.body.email)
                 .then(() => res.api.ok('An email has been sent with further instructions.'))
                 .catch(res.api.error);
         });

         factoryResolve(router);
     });
 };
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	'use strict';

	const _ = require('lodash');
	const express = require('express');
	const passport = require('passport');

	// Fire me up!

	module.exports = {
	implements: 'routes/public',
	inject: ['mongo', 'settings', 'services/users', 'services/auth', 'errors']
	};

	/**
	* @param mongo
	* @param settings
	* @param {UsersService} usersService
	* @param {AuthService} authService
	* @param errors
	* @returns {Promise}
	*/
	module.exports.factory = function(mongo, settings, usersService, authService, errors) {
	return new Promise((factoryResolve) => {
	const router = new express.Router();

	// GET user.
	router.post('/user', (req, res) => {
	usersService.get(req.user, req.session.viewedUser)
	.then(res.api.ok)
	.catch(res.api.error);
	});

	/**
	* Register new account.
	*/
	router.post('/signup', (req, res) => {
	const createdByAdmin = _.get(req, 'user.admin', false);

	usersService.create(req.origin(), req.body, createdByAdmin)
	.then((user) => {
	if (createdByAdmin)
	return user;

	return new Promise((resolve, reject) => {
	req.logIn(user, {}, (err) => {
	if (err)
	reject(err);

	resolve(user);
	});
	});
	})
	.then(res.api.ok)
	.catch(res.api.error);
	});

	/**
	* Sign in into exist account.
	*/
	router.post('/signin', (req, res, next) => {
	passport.authenticate('local', (errAuth, user) => {
	if (errAuth)
	return res.api.error(new errors.AuthFailedException(errAuth.message));

	if (!user)
	return res.api.error(new errors.AuthFailedException('Invalid email or password'));

	if (settings.activation.enabled) {
	const activationToken = req.body.activationToken;

	const errToken = authService.validateActivationToken(user, activationToken);

	if (errToken)
	return res.api.error(errToken);

	if (authService.isActivationTokenExpired(user, activationToken)) {
	authService.resetActivationToken(req.origin(), user.email)
	.catch((ignored) => {
	// No-op.
	});

	return res.api.error(new errors.AuthFailedException('This activation link was expired. We resend a new one. Please open the most recent email and click on the activation link.'));
	}

	user.activated = true;
	}

	return req.logIn(user, {}, (errLogIn) => {
	if (errLogIn)
	return res.api.error(new errors.AuthFailedException(errLogIn.message));

	return res.sendStatus(200);
	});
	})(req, res, next);
	});

	/**
	* Logout.
	*/
	router.post('/logout', (req, res) => {
	req.logout();

	res.sendStatus(200);
	});

	/**
	* Send e-mail to user with reset token.
	*/
	router.post('/password/forgot', (req, res) => {
	authService.resetPasswordToken(req.origin(), req.body.email)
	.then(() => res.api.ok('An email has been sent with further instructions.'))
	.catch(res.api.error);
	});

	/**
	* Change password with given token.
	*/
	router.post('/password/reset', (req, res) => {
	const {token, password} = req.body;

	authService.resetPasswordByToken(req.origin(), token, password)
	.then(res.api.ok)
	.catch(res.api.error);
	});

	/* GET reset password page. */
	router.post('/password/validate/token', (req, res) => {
	const token = req.body.token;

	authService.validateResetToken(token)
	.then(res.api.ok)
	.catch(res.api.error);
	});

	/* Send e-mail to user with account confirmation token. */
	router.post('/activation/resend', (req, res) => {
	authService.resetActivationToken(req.origin(), req.body.email)
	.then(() => res.api.ok('An email has been sent with further instructions.'))
	.catch(res.api.error);
	});

	factoryResolve(router);
	});
	};