login/register logic

.env.example

@@ -1,3 +1,3 @@
 SESSION_SECRET=
-MONGODB_CONN=
+MONGODB_CONN="mongodb://127.0.0.1:27017/howfeed"
 SALT_WORK_FACTOR=10

src/models/article.js

@@ -23,17 +23,17 @@ const ArticleSchema = new Schema({
 
 ArticleSchema.methods.genSlug = () => this.title.toLowerCase().replace(/\W+/g, '-');
 
-ArticleSchema.pre('findOne', next => {
+ArticleSchema.pre('findOne', function (next) {
     var article = this;
     article.views++;
     next();
 });
 
-ArticleSchema.pre('save', next => {
+ArticleSchema.pre('save', function (next) {
     var article = this;
     // only gen the slug if title has been modified (or is new)
     if (!article.isModified('title')) return next();
-    
+
     article.slug = article.genSlug(article.title);
     next();
 });

src/models/user.js

@@ -11,19 +11,16 @@ const UserSchema = new Schema({
 });
 
 
-UserSchema.pre('save', next => {
+UserSchema.pre('save', function (next) {
     var user = this;
     // only hash the password if it has been modified (or is new)
     if (!user.isModified('password')) return next();
-    
     // generate a salt
-    bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) {
+    bcrypt.genSalt(+SALT_WORK_FACTOR, function(err, salt) {
         if (err) return next(err);
-    
         // hash the password along with our new salt
         bcrypt.hash(user.password, salt, function(err, hash) {
             if (err) return next(err);
-    
             // override the cleartext password with the hashed one
             user.password = hash;
             next();
@@ -31,7 +28,7 @@ UserSchema.pre('save', next => {
     });
 });
 
-UserSchema.methods.comparePassword = (candidatePassword, cb) => {
+UserSchema.methods.comparePassword = function (candidatePassword, cb) {
     bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
         if (err) return cb(err);
         cb(null, isMatch);

src/server.js

@@ -31,6 +31,7 @@ passport.serializeUser((user, cb) => {
 passport.deserializeUser((obj, cb) => {
     cb(null, obj);
 });
+
 passport.use(new Strategy((username, password, done) => {
     User.findOne({ username }, (err, user) => {
         if (err) done(err);
@@ -53,6 +54,7 @@ passport.use(new Strategy((username, password, done) => {
 express()
     .use(passport.initialize())
     .use(bodyParser.json())
+    .use(bodyParser.urlencoded({ extended: true }))
     .use(session({
         secret: SESSION_SECRET,
         resave: false,
@@ -62,7 +64,80 @@ express()
             path: '.sessions'
         })
     }))
-    
+
+    .post('/cms/register',
+        (req, res, next) => {
+            if (!req.user) {
+                next();
+            } else {
+                res.writeHead(401, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    message: `You are already logged in`
+                }));
+            }
+        }, async (req, res) => {
+            let { username, password, password_confirm } = req.body;
+            if (!username || !password || !password_confirm) {
+                res.writeHead(422, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    message: `You need to supply a username, password, and password_confirm.`
+                }));
+                return false;
+            }
+            if (password.length < 8) {
+                res.writeHead(422, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    message: `The password must be at least 8 characters long.`
+                }));
+                return false;
+            }
+            if (password !== password_confirm) {
+                res.writeHead(422, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    message: `The password does not match the confirmation.`
+                }));
+                return false;
+            }
+            try {
+                const user = await User.findOne({ username: req.body.username });
+                if (user) {
+                    res.writeHead(401, {
+                        'Content-Type': 'application/json'
+                    });
+                    res.end(JSON.stringify({
+                        message: `This username is taken.`
+                    }));
+                    return false;
+                }
+                // password gets automatically hashed
+                const newUser = await new User({ username, password });
+                await newUser.save();
+
+                req.login(newUser, err => {
+                    if (err) throw err;
+                    return res.redirect('/cms');
+                });
+            } catch (err) {
+                console.error(err);
+                res.writeHead(500, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    message: `Internal server error`
+                }));
+                return false;
+            }
+        }
+    )
+
     .post('/cms/login',
         passport.authenticate('local', {
             successRedirect: '/cms',