-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathserver.js
executable file
·116 lines (99 loc) · 3.21 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
var express = require('express'),
files = require('./routes/files'),
routes = require('./routes/');
var util = require('./api-designer/scripts/sha1.js');
var app = express();
var mongo = require('mongodb');
var Server = mongo.Server,
Db = mongo.Db,
BSON = mongo.BSONPure;
app.configure(function(){
app.set('port', process.env.PORT || 3000);
app.use(express.logger('dev'));
app.use(express.methodOverride());
app.use(express.bodyParser());
app.use(express.cookieParser());
//app.use(express.session({secret: '1234567890QWERTY'}));
app.use(express.session({secret: '1234567890QWERTY'}, {
cookie: {
path: '/',
httpOnly: true,
secure: false,
maxAge: 8 * 60 * 60 * 1000
},
rolling: true
}));
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
app.use(express.static(__dirname + '/api-designer'));
app.use(express.errorHandler({
dumpExceptions: true,
showStack: true
}));
app.use(app.router);
});
app.configure('development', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
app.configure('production', function(){
app.use(express.errorHandler());
});
/**
* ------
* ROUTES
* ------
*/
app.get('/ping', checkAuth, files.pong);
app.get('/files', checkAuth, files.findAll);
app.get('/files/:id', checkAuth, files.findById);
app.get('/projects/:id', checkAuth, files.findByProject);
app.get('/projects', checkAuth, files.findMyProjects);
app.post('/files', checkAuth, files.addFile);
app.put('/files/:id', checkAuth, files.updateFile);
app.delete('/files/:id', checkAuth, files.deleteFile);
app.get('/', checkAuth, routes.index);
app.post('/login', function (req, res) {
var post = req.body;
db.collection('users', function (err, collection) {
if(!post.login || !post.password)
res.redirect("/login.html?user="+post.login+"&empty=");
else
collection.findOne({'mail': post.login}, function (err, item) {
//res.header("Access-Control-Allow-Origin", "*");
if(!item || err){
res.redirect("/login.html?user="+post.login+"&badpass=");
}
else{
hashedPass = util.Sha1.hash(post.password);
if(hashedPass == item.pass){
req.session.user_id = item._id
req.session.admin = (item.admin===false || item.admin===true? item.admin : false);
req.session.team = item.team;
req.session.projects = item.projects;
res.redirect("/");
}
else{
res.redirect("/login.html?badpass=");
}
}
});
});
});
app.get('/logout', function (req, res) {
delete req.session.user_id;
res.redirect('/login.html');
});
app.listen(app.get("port"));
console.log('Listening on port 3000...');
function checkAuth(req, res, next) {
if (!req.session || !req.session.user_id) {
res.statusCode = 401;
res.send({status:"error", message:"You are not authorized to view this page"});
} else {
next();
}
}