First commit

Author: rajesh1158

README.txt

@@ -0,0 +1,36 @@
+This project is a very simple app developed using MEAN stack technology: Mongo as database, Express as web application framework (for routing etc), Angular as the front end framework, and Nodejs as backend server. This app demonstrates a simple login + registration feature, with authentication using the passport-js library and persistent sessions using JWT tokens. This app can be used as a starting template when you develop your own apps.
+
+
+1) Install the latest version of npm and nodejs using below command:
+
+sudo apt install nodejs npm
+
+2) Install mongodb by following the steps from https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/
+
+3) Download this code, then change to the downloaded folder, and run below command to download all nodejs dependencies:
+
+npm install
+
+4) Make sure the mongod service is running, if not, start using below command:
+
+sudo service mongod start
+
+5) Login to the mongo shell using command: mongo
+
+6) Create a new database with some name (example: mydb) using below query:
+
+use mydb;
+
+7) Create a database user for our application using below query:
+
+db.createUser({user: "myuser", pwd: "mypassword", roles: ["readWrite"]});
+
+8) Open db.js and change the database name, username and password. Make sure mongod service is running on port 27017. If it is running on a different port, then set that port in this file. Mongod port is defined in /etc/mongod.conf automatically during installation.
+
+9) By default, the app will work on port 8080. If you need to change it, then open app.js and at the bottom of the code, change 8080 to your desired port.
+
+10) Run below command to start the node server:
+
+node .
+
+11) Open your browser and hit http://localhost:8080 (use different port if you edited it in the app.js file)

app.js

@@ -0,0 +1,73 @@
+const express = require('express');
+const app = express();
+const router = express.Router();
+const passport = require('passport');
+const cookieParser = require('cookie-parser');
+const path = require('path');
+
+app.set('view engine', 'html');
+app.use(cookieParser());
+app.use(express.urlencoded({ extended: true }));
+app.use(express.static(path.join(__dirname, 'public')));
+
+require('./db');
+
+const index = require('./routes/index');
+const login = require('./routes/login');
+const registration = require('./routes/registration');
+
+// caching disabled for every route
+app.use(function(req, res, next) {
+	res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
+	next();
+});
+
+app.use('/', index);
+app.use('/login', login);
+app.use('/registration', registration);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+	res.status(404);
+
+	// respond with html page
+	if(req.accepts('html')) {
+		res.sendFile(path.join(__dirname + '/public/404.html'));
+		return;
+	}
+
+	// respond with json
+	if(req.accepts('json')) {
+		res.send({ err: 'Not found' });
+		return;
+	}
+
+	// default to plain-text. send()
+	res.type('txt').send('Not found');
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+	console.log(err);
+	var status = err.status || 500;
+	res.status(status);
+
+	// respond with html page
+	if(req.accepts('html')) {
+		res.sendFile(path.join(__dirname + '/public/error.html'));
+		return;
+	}
+
+	// respond with json
+	if(req.accepts('json')) {
+		res.send({ err: 'Error occurred' });
+		return;
+	}
+
+	// default to plain-text. send()
+	res.type('txt').send('Error occurred');
+});
+
+app.listen(8080, function() {
+	console.log('App listening on port 8080!')
+});

config/passport.js

@@ -0,0 +1,6 @@
+const config = {
+	secret: 'zAq47d!m(f^9ld',
+	expirationMillis: 3600000
+};
+
+module.exports = config;

db.js

@@ -0,0 +1,14 @@
+const mongoose = require('mongoose');
+
+const MONGO_USERNAME = 'myuser';
+const MONGO_PASSWORD = 'mypassword';
+const MONGO_HOSTNAME = 'localhost';
+const MONGO_PORT = '27017';
+const MONGO_DB = 'mydb';
+
+const url = `mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@${MONGO_HOSTNAME}:${MONGO_PORT}/${MONGO_DB}`;
+
+mongoose.connect(url, {
+	useCreateIndex: true,
+	useNewUrlParser: true
+});

middleware/passport.js

@@ -0,0 +1,135 @@
+const passport = require('passport');
+const LocalStrategy = require('passport-local').Strategy;
+const passportJWT = require('passport-jwt');
+const jwt = require('jsonwebtoken');
+const JWTStrategy = passportJWT.Strategy;
+const bcrypt = require('bcrypt');
+
+const UserModel = require('../models/user');
+const passportConfig = require('../config/passport');
+
+passport.use('login', new LocalStrategy({
+	usernameField: 'username',
+	passwordField: 'password',
+	session: false
+}, async(username, password, done) => {
+	try {
+		const userDocument = await UserModel.findOne({username: username}).exec();
+		if(!userDocument) {
+			return done('Incorrect username or password');
+		}
+
+		const passwordsMatch = bcrypt.compareSync(password, userDocument.passwordHash);
+		if(passwordsMatch) {
+			return done(null, userDocument);
+		} else {
+			return done('Incorrect username or password');
+		}
+	} catch(error) {
+		console.log(error);
+		return done('An error occurred while authentication');
+	}
+}));
+
+passport.use('registration', new LocalStrategy({
+	usernameField: 'username',
+	passwordField: 'password',
+	session: false
+}, async(username, password, done) => {
+	try {
+		const userDocument = await UserModel.findOne({username: username}).exec();
+		if(userDocument) {
+			return done('Username already exists');
+		}
+
+		const hash = bcrypt.hashSync(password, 10);
+		const newUserDocument = new UserModel({username: username, passwordHash: hash});
+		try {
+			const savedUser = await newUserDocument.save();
+			return done(null, true);
+		} catch(ex) {
+			return done('Unable to create user');
+		}
+	} catch(error) {
+		console.log(error);
+		return done('An error occurred while registration');
+	}
+}));
+
+passport.use('user', new JWTStrategy({
+	jwtFromRequest: req => req.cookies.jwt,
+	secretOrKey: passportConfig.secret,
+}, async (jwtPayload, done) => {
+	if(!jwtPayload || !jwtPayload.username) {
+		return done('Authentication token is invalid');
+	}
+
+	const userDocument = await UserModel.findOne({username: jwtPayload.username}).exec();
+	if(!userDocument) {
+		return done('Authentication token is invalid');
+	}
+
+	if(!jwtPayload.expires || Date.now() >= jwtPayload.expires) {
+		return done('Authentication token expired');
+	}
+
+	return done(null, jwtPayload);
+}));
+
+const validateRegistration = (req, res, next) => {
+	passport.authenticate('registration', { session: false }, (error, isUserCreated) => {
+		if(error) {
+			res.status(400).json({ error: error });
+			return;
+		}
+
+		res.status(200).send({success: true});
+	})(req, res);
+};
+
+const doLoginCheck = (req, res, next) => {
+	passport.authenticate('user', { session: false }, (error, payload) => {
+		if(!payload && req.path != '/index.html' && req.path != '/') {
+			res.redirect('/');
+		} else if(payload && (req.path == '/' || req.path == '/index.html')) {
+			res.redirect('/home');
+		} else {
+			next();
+		}
+	})(req, res);
+};
+
+const validateLogin = (req, res, next) => {
+	passport.authenticate('login', { session: false }, (error, user) => {
+		if(error) {
+			res.status(400).json({ error: error });
+			return;
+		}
+
+		/** This is what ends up in our JWT */
+		const payload = {
+			username: user.username,
+			expires: Date.now() + parseInt(passportConfig.expirationMillis)
+		};
+
+		/** assigns payload to req.user */
+		req.login(payload, {session: false}, (error) => {
+			if(error) {
+				console.log(error);
+				res.status(400).send({ error: "Unable to login" });
+				return;
+			}
+
+			/** generate a signed json web token and return it in the response */
+			const token = jwt.sign(JSON.stringify(payload), passportConfig.secret);
+
+			/** assign our jwt to the cookie */
+			res.cookie('jwt', token, { path: '/', httpOnly: true, maxAge: 604800000 }); //7 days
+			res.status(200).send({success: true});
+		});
+	})(req, res);
+};
+
+module.exports = {
+	doLoginCheck, validateLogin, validateRegistration
+};

models/user.js

@@ -0,0 +1,10 @@
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+const User = new Schema ({
+	username: { type: String, required: true, index: true, unique: true },
+	passwordHash: { type: String, required: true }
+});
+
+module.exports = mongoose.model('User', User, 'user'); //3rd param is collection name
+