Listing 26.9 shows the complete users_controller.js
code. Notice that the crypto
library is loaded and used to implement the hashPW()
function that creates the hashed password values. Also notice that the User
schema is loaded to provide access to the database in the route handlers.
01 var crypto = require('crypto'),
02 var mongoose = require('mongoose'),
03 User = mongoose.model('User'),
04 function hashPW(pwd){
05 return crypto.createHash('sha256').update(pwd).
06 digest('base64').toString();
07 }
08 exports.signup = function(req, res){
09 var user = new User({username:req.body.username});
10 user.set('hashed_password', hashPW(req.body.password));
11 user.set('email', req.body.email);
12 user.save(function(err) {
13 if (err){
14 res.sessor.error = err;
15 res.redirect('/signup'),
16 } else {
17 req.session.user = user.id;
18 req.session.username = user.username;
19 req.session.msg = 'Authenticated as ' + user.username;
20 res.redirect('/'),
21 }
22 });
23 };
24 exports.login = function(req, res){
25 User.findOne({ username: req.body.username })
26 .exec(function(err, user) {
27 if (!user){
28 err = 'User Not Found.';
29 } else if (user.hashed_password ===
30 hashPW(req.body.password.toString())) {
31 req.session.regenerate(function(){
32 req.session.user = user.id;
33 req.session.username = user.username;
34 req.session.msg = 'Authenticated as ' + user.username;
35 res.redirect('/'),
36 });
37 }else{
38 err = 'Authentication failed.';
39 }
40 if(err){
41 req.session.regenerate(function(){
42 req.session.msg = err;
43 res.redirect('/login'),
44 });
45 }
46 });
47 };
48 exports.getUserProfile = function(req, res) {
49 User.findOne({ _id: req.session.user })
50 .exec(function(err, user) {
51 if (!user){
52 res.json(404, {err: 'User Not Found.'});
53 } else {
54 res.json(user);
55 }
56 });
57 };
58 exports.updateUser = function(req, res){
59 User.findOne({ _id: req.session.user })
60 .exec(function(err, user) {
61 user.set('email', req.body.email);
62 user.set('color', req.body.color);
63 user.save(function(err) {
64 if (err){
65 res.sessor.error = err;
66 } else {
67 req.session.msg = 'User Updated.';
68 }
69 res.redirect('/user'),
70 });
71 });
72 };
73 exports.deleteUser = function(req, res){
74 User.findOne({ _id: req.session.user })
75 .exec(function(err, user) {
76 if(user){
77 user.remove(function(err){
78 if (err){
79 req.session.msg = err;
80 }
81 req.session.destroy(function(){
82 res.redirect('/login'),
83 });
84 });
85 } else{
86 req.session.msg = "User Not Found!";
87 req.session.destroy(function(){
88 res.redirect('/login'),
89 });
90 }
91 });
92 };