auth-stuff.txt

/*
 * THIS IS NOT USED
 * AldenD 09/10/13: This is a collection of the changes that Josiah
 * made to support user authentication. In the interest of stability,
 * I've temporarily pulled this work (which is not being actively
 * developed). This file contains the pulled changes for reference.
*/

/*
//===============login.html==================//
<!DOCTYPE html>
<html>
    <head>
        <title>CoArchive login</title>
    </head>
    <body>
        <form method="POST">
            Username: <input type="text" name="username" />
            Password: <input type="password" name="password" />
            <button type="submit">Submit</button>
        </form>
    </body>
</html>

//===============signup.html==================//
<html>
    <head>
        <title>CoArchive signup</title>
    </head>
    <body>
        <form method="POST" action="/signup">
            Username: <input type="text" name="username" />
            Email: <input type="text" name="email" />
            Password: <input type="password" name="password" />
            <button type="submit">Signup</button>
        </form>
    </body>
</html>

//===============index.html==================//
<div id="home-login" class="login">
    <form method="POST" action="/login">
        Username: <input type="text" name="username" />
        Password: <input type="password" name="password" />
        <button type="submit" class="small">Go</button>
    </form>
    <span>
    or <a href="/signup/">Signup</a>
    </span>
</div>
<div id="home-user-greeting" class="user-greeting">
    Hello <span id="home-greeting-username"></span>. (<a href="/logout">Logout</a>)
</div>
[...]
<div id="account">
    <a class="login" id="workspace-login">Log in</a>
    <div class="user-greeting">
        Hello <span id="workspace-greeting-username"></span> (<a id="workspace-logout">Logout</a>)
    </div>
</div>

//==============index.less=============//
body:not(.home) #home-login,
body:not(.home) #home-user-greeting,
body.logged-in  .login,
body:not(.logged-in) .user-greeting
{
    display: none;
}

#home-login,
#home-user-greeting
{
    position: absolute;
    right: 0;
    margin: 1em;

    button
    {
        display: inline-block;
    }
}


*/

//===============app.js==================//
var oPasswordHash       = require('password-hash');
var oConnect            = require('connect');

var oCookieParser = new oExpress.cookieParser('testing');
var oSessionStore = new oConnect.session.MemoryStore();
oApp.use(oCookieParser);
oApp.use(oExpress.session({secret: 'testing', store: oSessionStore}));


oApp.configure(function()
{
    oApp.use(oCookieParser);
    oApp.use(oExpress.session({secret: 'testing', store: oSessionStore}));
    //[...]

    oApp.get('^/login/?$', function(req, res)
    {
        if (req.session.sUser)
        {
            res.redirect(oUrl.parse(req.url, true).query.next || '/');
            return;
        }
        
        res.sendfile(sHTMLPath + 'login.html');
    });
    
    oApp.post('^/login/?$', function(req, res)
    {
        oDatabase.userExists(req.body.username, this, function(bExists)
        {
            var sErrorUrl = '/login?error=true'
            
            var sNext = oUrl.parse(req.url, true).query.next;
            if (sNext)
                sErrorUrl += ('&next=' + sNext)
            
            if (!bExists)
            {
                res.redirect(sErrorUrl);
                return;
            }
            
            oDatabase.getUser(req.body.username, this, function(sUser)
            {
                var oUser = new User(sUser);
                if (oUser.checkPassword(req.body.password))
                {
                    req.session.sUser = req.body.username;
                    res.redirect(sNext || '/');
                }
                else
                    res.redirect(sErrorUrl);
            });
        });
    });
    
    oApp.get('^/logout/?$', function(req, res)
    {
        req.session.sUser = null;
        res.redirect(oUrl.parse(req.url, true).query.next || '/login');
    });
    
    oApp.get('^/signup/?$', function(req, res)
    {
        if (req.session.sUser)
        {
            res.redirect('/logout');
            return;
        }
    
        res.sendfile(sHTMLPath + 'signup.html');
    });
    oApp.post('^/signup/?$', function(req, res)
    {
        oDatabase.userExists(req.body.username, this, function(bExists)
        {
            if (!bExists)
            {
                createNewUser(req.body.username, req.body.email, req.body.password, this, function()
                {
                    req.session.sUser = req.body.username;
                    res.redirect('/');
                });
                return;
            }
            res.redirect('/signup?error = That user already exists.');
        });
    });
    
    oApp.get('^/userInfo/?$', function(req, res)
    {
        if (!req.session.sUser)
        {
            res.send(JSON.stringify({bLoggedIn: false}));
            return;
        }

        var oInfo = {
            bLoggedIn: true,
            sUsername: req.session.sUser,
        };

        res.send(JSON.stringify(oInfo));
    });
});

var User = oHelpers.createClass({
    _sUsername: '',
    _sEmail: '',
    _aDocuments: null,
    _sPasswordHash: '',
    __init__: function(sData)
    {
        var oData = oHelpers.fromJSON(sData);
        this._sUsername = oData.sUsername;
        this._sEmail = oData.sEmail;
        this._aDocuments = oData.aDocuments;
        this._sPasswordHash = oData.sPasswordHash;
    },

    checkPassword: function(sPassword)
    {
        return oPasswordHash.verify(sPassword, this._sPasswordHash);
    },

    save: function(oScope, fnOnResponse)
    {
         oDatabase.saveUser(this._sUsername, oHelpers.toJSON({
            sUsername: this._sUsername,
            sEmail: this._sEmail,
            aDocuments: this._aDocuments,
            sPasswordHash: this._sPasswordHash
        }), oScope, fnOnResponse);
    }
});

function createNewUser(sUsername, sEmail, sPassword, oScope, fnOnResponse)
{
    var oData = {
        sUsername: sUsername,
        sEmail: sEmail,
        aDocuments: [],
        sPasswordHash: oPasswordHash.generate(sPassword, {algorithm: 'sha256'})
    };

    var oUser = new User(oHelpers.toJSON(oData));
    oUser.save(this, function(sError)
    {
        // Handle error.
        oHelpers.createCallback(oScope, fnOnResponse)(oUser);
    });
}

// Instantiate websocket listener.
var oWsServer = new oWS.Server({server: oServer});
oWsServer.on('connection', function(oSocket)
{
    oCookieParser(oSocket.upgradeReq, null, function(err)
    {
        if ('connect.sid' in oSocket.upgradeReq.signedCookies)
        {
            oSessionStore.get(oSocket.upgradeReq.signedCookies['connect.sid'], function(err, oSession)
            {
                var sUser = oSession.sUser || '';
                new Client(oSocket, sUser);
            });
        }
        else
            new Client(oSocket, '');
    });
});

//======================public/javascripts/session-proxy.js===================//

define(function(require)
{
    // Dependencies.
    var $        = require('lib/jquery'),
        oHelpers = require('helpers/helpers-web');
        
    var setSessionInfoCallback = (function ()
    {
        var bIsSet = false;
        var sLocalKey = 'codr-io/local'
    
        function setSessionInfoCallback(oScope, fnOnResponse)
        {
            if (bIsSet)
            {
                oHelpers.assert(false, 'You can not call setSessionInfoCallback twice.');
                return;
            }
    
            var fnCallback = oHelpers.createCallback(oScope, fnOnResponse);
    
            // Call the callback now with possible stale data.
            if (getFromLocal() !== null)
                fnCallback(getFromLocal());
    
    
            // The data we sent wasn't clean. We need to update it, then call the callback a second time.
            getServerSessionInfo(fnCallback);
        }
    
        function supportsLocalStorage() {
            try {
                return 'localStorage' in window && window['localStorage'] !== null;
            } catch (e) {
                return false;
            }
        }
    
    
        function getFromLocal()
        {
            if (supportsLocalStorage())
            {
                var ret = window.localStorage.getItem(sLocalKey);
                if (ret)
                    return JSON.parse(ret);
                return null;
            }
    
            return null;
        }
    
        function setLocal(oNewInfo)
        {
            if (supportsLocalStorage())
                window.localStorage.setItem(sLocalKey, JSON.stringify(oNewInfo));
        }
    
        function getServerSessionInfo(fnCallback)
        {
            $.getJSON('/userInfo/', function(oResponse)
            {
                setLocal(oResponse);
                fnCallback(oResponse);
            });
        }
    
        return setSessionInfoCallback;
    })();
    
    function onAccountInfo(oInfo)
    {
        $('body').toggleClass('logged-in', oInfo.bLoggedIn);
    
        if (oInfo.bLoggedIn)
        {
            $('#home-greeting-username').text(oInfo.sUsername);
            $('#workspace-greeting-username').text(oInfo.sUsername);
        }
    }
    
    setSessionInfoCallback(this, onAccountInfo);
});

//=================edit-session.js====================//
module.exports = oHelpers.createClass(
{
    // [...]
    _generateNewClientID: function(sOptionalPrefix)
    {
        if (sOptionalPrefix)
        {
            var iNumFound = 0;
            for (var i = 0; i < this._aClients.length; i++)
            {
                if (this._aClients[i].getClientID().indexOf(sOptionalPrefix) === 0)
                    iNumFound++;
            }
            if (iNumFound > 0)
                return sOptionalPrefix + ' (' + iNumFound + ')';
            else
                return sOptionalPrefix;
        }
        
        this._iGeneratedClientNames++;
        return 'User ' + this._iGeneratedClientNames;
    }
}

//=================database.js====================//

saveUser: function(sUsername, sData, oScope, fnOnResponse)
{
    oFS.writeFile(oPath.join(sUserDataPath, sUsername), sData, oHelpers.createCallback(oScope, fnOnResponse));
},

getUser: function(sUsername, oScope, fnOnResponse)
{
    oFS.readFile(oPath.join(sUserDataPath, sUsername), function(sIgnoredErr, oFileData)
    {
        oHelpers.createCallback(oScope, fnOnResponse)(oFileData);
    });
},

userExists: function(sUsername, oScope, fnOnResponse)
{
    oFS.exists(oPath.join(sUserDataPath, sUsername), oHelpers.createCallback(oScope, fnOnResponse));
}

//=================Other Changes======================//
/*
  - The "connect" event sent by the sever contained a
    "bIsLoggedIn" value as well as the sClientID.

  - Anonymous users had a username in the form of "User #"
    Logged in users shouldn't be allowed to start their user
    Name with "User". That way, there won't be a collision.
*/