Staging

.coveralls.yml

@@ -0,0 +1,2 @@
+service_name: travis-ci
+repo_token: Us3RCO6VIKHWZVKBsUOymzK7JPJl020Hb

.eslintrc

@@ -0,0 +1,21 @@
+{
+  "rules": {
+    "no-console": "off",
+    "indent": [ "error", 2 ],
+    "quotes": [ "error", "single" ],
+    "semi": ["error", "always"],
+    "linebreak-style": [ "error", "unix" ]
+  },
+  "env": {
+    "es6": true,
+    "node": true,
+    "mocha": true,
+    "jasmine": true
+  },
+  "ecmaFeatures": {
+    "modules": true,
+    "experimentalObjectRestSpread": true,
+    "impliedStrict": true
+  },
+  "extends": "eslint:recommended"
+}

.gitignore

@@ -0,0 +1,93 @@
+
+# Created by https://www.gitignore.io/api/node,macos
+
+### macOS ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Typescript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+
+# End of https://www.gitignore.io/api/node,macos

.sample_env

@@ -0,0 +1,5 @@
+MONGODB_URI=' '
+APP_SECRET=' '
+AWS_BUCKET=' '
+AWS_ACCESS_KEY_ID=' '
+AWS_SECRET_ACCESS_KEY=' '

.travis.yml

@@ -0,0 +1,18 @@
+language: node_js
+node_js:
+  - 'node'
+services:
+  - mongodb
+addons:
+  apt:
+    sources:
+      - ubuntu-toolchain-r-test
+    packages:
+      - gcc-4.8
+      - g++-4.8
+env:
+  - CXX=g++-4.8
+sudo: required
+before_script: npm i
+script:
+  - npm run test

README.md

@@ -1,59 +1,27 @@
 ![cf](https://i.imgur.com/7v5ASc8.png) Lab 16 - Basic Auth
 ======
+After cloning down the repository, in the root directory run:
 
-## To Submit this Assignment
-  * fork this repository
-  * write all of your code in a directory named `lab-` + `<your name>` **e.g.** `lab-brian`
-  * push to your repository
-  * submit a pull request to this repository
-  * submit a link to your PR in canvas
-  * write a question and observation on canvas
+```sh
+$ node setup
+```
+Then, copy the values submitted with this pull request and paste them in the newly created `.env` file copy inside of the quotes:
+```sh
+MONGODB_URI='<secret mongodb env var goes here>'
+APP_SECRET='<token goes here>'
+```
+Now you'll have the necessary environment variables needed for authentication.
 
-## Include
-  * `package.json`
-  * `.eslintrc`
-  * `gulpfile.js`
-  * `.gitignore`
-  * `.env`
-  * `README.md`
-
-## Description
-  * Create the following directories to organize your code:
-    * **lib**
-    * **model**
-    * **route**
-    * **test**
-  * Create an HTTP server using `express`
-  * Using `mongoose`, create a **User** model with the following properties and options:
-    * `username` - *required and unique*
-    * `email` - *required and unique*
-    * `password` - *required - this must be hashed and can not stored as plain text*
-    * `findHash` - *unique*
-  * Use the **npm** `debug` module to log function calls that are used within your application
-  * Use the **express** `Router` to create a custom router for allowing users to **sign up** and **sign in**
-  * Use the **npm** `dotenv` module to house the following environment variables:
-    * `PORT`
-    * `MONGODB_URI`
-    * `APP_SECRET` *(used for signing and verify tokens)*
-
-## Server Endpoints
-### `/api/signup`
-* `POST` request
-  * the client should pass the username and password in the body of the request
-  * the server should respond with a token (generated using `jwt` and `findHash`
-  * the server should respond with **400 Bad Request** to a failed request
-
-### `/api/signin`
-* `GET` request
-  * the client should pass the username and password to the server using a `Basic:` authorization header
-  * the server should respond with a token for authenticated users
-  * the server should respond with **401 Unauthorized** for non-authenticated users
-
-## Tests
-* Create a test that will ensure that your API returns a status code of **404** for any routes that have not been registered
-* `/api/signup`
-  * `POST` - test **400**, if no request body has been provided or the body is invalid
-  * `POST` - test **200**, if the request body has been provided and is valid
-* `/api/signin`
- * `GET` - test **401**, if the user could not be authenticated
- * `GET` - test **200**, responds with token for a request with a valid basic authorization header
+After that's done, install the dependency modules using the command line:
+```
+$ npm install
+```
+Once they're all loaded up, to run tests use:
+```
+$ npm test
+```
+Or to run the app use:
+```
+$ npm start
+```
+Current existing routes allow user to sign up and sign in using an unique username, a password of their choice (which is encrypted using bcrypt before storage) and an email. 

gulpfile.js

@@ -0,0 +1,23 @@
+'use strict';
+
+const gulp = require('gulp');
+const eslint = require('gulp-eslint');
+const mocha = require('gulp-mocha');
+
+gulp.task('lint', function() {
+  return gulp.src(['**/*.js', '!node_modules'])
+    .pipe(eslint())
+    .pipe(eslint.format())
+    .pipe(eslint.failAfterError());
+});
+
+gulp.task('test', function() {
+  gulp.src('./test/*-test.js', { read: false })
+    .pipe(mocha({ reporter: 'spec'}));
+});
+
+gulp.task('dev', function() {
+  gulp.watch(['**/*.js', '!node_modules'], ['lint', 'test']);
+});
+
+gulp.task('default', ['lint', 'test']);

lib/basic-auth-middleware.js

@@ -0,0 +1,36 @@
+'use strict';
+
+const debug = require('debug')('cfgram:basic-auth-middleware');
+const createError = require('http-errors');
+
+module.exports = function(req, res, next) {
+  debug('basic auth');
+
+  let authHeader = req.headers.authorization;
+  if (!authHeader) {
+    return next(createError(401, 'auth header required'));
+  }
+
+  let base64str = authHeader.split('Basic ')[1];
+  if (!base64str) {
+    return next(createError(401, 'username and password required'));
+  }
+
+  let utf8str = new Buffer(base64str, 'base64').toString();
+  let authArr = utf8str.split(':');
+
+  req.auth = {
+    username: authArr[0],
+    password: authArr[1]
+  };
+
+  if (!req.auth.username) {
+    return next(createError(401, 'username required'));
+  }
+
+  if (!req.auth.password) {
+    return next(createError(401, 'password required'));
+  }
+
+  next();
+};

lib/bearer-auth-middleware.js

@@ -0,0 +1,32 @@
+'use strict';
+
+const jwt = require('jsonwebtoken');
+const createError = require('http-errors');
+const debug = require('debug')('cfgram:bearer-auth-middleware');
+
+const User = require('../model/user.js');
+
+module.exports = function(req, res, next) {
+  debug('bearer auth');
+
+  var authHeader = req.headers.authorization;
+  if (!authHeader) {
+    return next(createError(401, 'authorization header required'));
+  }
+
+  var token = authHeader.split('Bearer ')[1];
+  if (!token) {
+    return next(createError(401, 'token required'));
+  }
+
+  jwt.verify(token, process.env.APP_SECRET, (err, decoded) => {
+    User.findOne({ findHash: decoded.token })
+    .then( user => {
+      req.user = user;
+      next();
+    })
+    .catch(err => {
+      next(createError(401, err.message));
+    });
+  });
+};

lib/error-middleware.js

@@ -0,0 +1,28 @@
+'use strict';
+
+const createError = require('http-errors');
+const debug = require('debug')('cfgram:error-middleware');
+
+module.exports = function(err, req, res, next) {
+  debug('error middleware');
+
+  console.error('msg:', err.message);
+  console.error('name:', err.name);
+
+  if (err.status) {
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  if (err.name === 'ValidationError') {
+    err = createError(400, err.message);
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  err = createError(500, err.message);
+  res.status(err.status).send(err.name);
+  next();
+};

model/gallery.js

@@ -0,0 +1,13 @@
+'use strict';
+
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+const gallerySchema = Schema({
+  name: { type: String, required: true },
+  desc: { type: String, required: true },
+  created: { type: Date, required: true, default: Date.now },
+  userID: { type: Schema.Types.ObjectId, required: true }
+});
+
+module.exports = mongoose.model('gallery', gallerySchema);

model/pic.js

@@ -0,0 +1,16 @@
+'use strict';
+
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+const picSchema = Schema({
+  name: { type: String, required: true },
+  desc: { type: String, required: true },
+  userID: { type: Schema.Types.ObjectId, required: true },
+  galleryID: { type: Schema.Types.ObjectId, required: true },
+  imageURI: { type: String, required: true, unique: true },
+  objectKey: { type: String, required: true, unique: true },
+  created: { type: Date, default: Date.now }
+});
+
+module.exports = mongoose.model('pic', picSchema);