Merge branch '0.3.0'

.csslintrc

@@ -0,0 +1,15 @@
+{
+	"adjoining-classes": false,
+	"box-model": false,
+	"box-sizing": false,
+	"floats": false,
+	"font-sizes": false,
+	"important": false,
+	"known-properties": false,
+	"overqualified-elements": false,
+	"qualified-headings": false,
+	"regex-selectors": false,
+	"unique-headings": false,
+	"universal-selector": false,
+	"unqualified-attributes": false
+}

README.md

@@ -92,6 +92,7 @@ Browse the live MEAN.JS example on [http://meanjs.herokuapp.com](http://meanjs.h
 
 ## Credits
 Inspired by the great work of [Madhusudhan Srinivasa](https://github.com/madhums/)
+The MEAN name was coined by [Valeri Karpov](http://blog.mongodb.org/post/49262866911/the-mean-stack-mongodb-expressjs-angularjs-and)
 
 ## License
 (The MIT License)

app/controllers/articles.js → app/controllers/articles.server.controller.js

@@ -7,6 +7,30 @@ var mongoose = require('mongoose'),
 	Article = mongoose.model('Article'),
 	_ = require('lodash');
 
+/**
+ * Get the error message from error object
+ */
+var getErrorMessage = function(err) {
+	var message = '';
+
+	if (err.code) {
+		switch (err.code) {
+			case 11000:
+			case 11001:
+				message = 'Article already exists';
+				break;
+			default:
+				message = 'Something went wrong';
+		}
+	} else {
+		for (var errName in err.errors) {
+			if (err.errors[errName].message) message = err.errors[errName].message;
+		}
+	}
+
+	return message;
+};
+
 /**
  * Create a article
  */
@@ -16,9 +40,8 @@ exports.create = function(req, res) {
 
 	article.save(function(err) {
 		if (err) {
-			return res.send('users/signup', {
-				errors: err.errors,
-				article: article
+			return res.send(400, {
+				message: getErrorMessage(err)
 			});
 		} else {
 			res.jsonp(article);
@@ -43,8 +66,8 @@ exports.update = function(req, res) {
 
 	article.save(function(err) {
 		if (err) {
-			res.render('error', {
-				status: 500
+			return res.send(400, {
+				message: getErrorMessage(err)
 			});
 		} else {
 			res.jsonp(article);
@@ -60,8 +83,8 @@ exports.delete = function(req, res) {
 
 	article.remove(function(err) {
 		if (err) {
-			res.render('error', {
-				status: 500
+			return res.send(400, {
+				message: getErrorMessage(err)
 			});
 		} else {
 			res.jsonp(article);
@@ -75,8 +98,8 @@ exports.delete = function(req, res) {
 exports.list = function(req, res) {
 	Article.find().sort('-created').populate('user', 'displayName').exec(function(err, articles) {
 		if (err) {
-			res.render('error', {
-				status: 500
+			return res.send(400, {
+				message: getErrorMessage(err)
 			});
 		} else {
 			res.jsonp(articles);
@@ -101,7 +124,9 @@ exports.articleByID = function(req, res, next, id) {
  */
 exports.hasAuthorization = function(req, res, next) {
 	if (req.article.user.id !== req.user.id) {
-		return res.send(403, 'User is not authorized');
+		return res.send(403, {
+			message: 'User is not authorized'
+		});
 	}
 	next();
 };

app/controllers/core.js → app/controllers/core.server.controller.js

@@ -4,7 +4,7 @@
  * Module dependencies.
  */
 exports.index = function(req, res) {
-	res.render('index.html', {
+	res.render('index', {
 		user: req.user || null
 	});
 };

app/controllers/users.js → app/controllers/users.server.controller.js

@@ -36,6 +36,9 @@ var getErrorMessage = function(err) {
  * Signup
  */
 exports.signup = function(req, res) {
+	// For security measurement we remove the roles from the req.body object
+	delete req.body.roles;
+
 	// Init Variables
 	var user = new User(req.body);
 	var message = null;
@@ -44,6 +47,7 @@ exports.signup = function(req, res) {
 	user.provider = 'local';
 	user.displayName = user.firstName + ' ' + user.lastName;
 
+	// Then save the user 
 	user.save(function(err) {
 		if (err) {
 			return res.send(400, {
@@ -96,6 +100,9 @@ exports.update = function(req, res) {
 	var user = req.user;
 	var message = null;
 
+	// For security measurement we remove the roles from the req.body object
+	delete req.body.roles;
+
 	if (user) {
 		// Merge existing user
 		user = _.extend(user, req.body);
@@ -233,7 +240,9 @@ exports.userByID = function(req, res, next, id) {
  */
 exports.requiresLogin = function(req, res, next) {
 	if (!req.isAuthenticated()) {
-		return res.send(401, 'User is not logged in');
+		return res.send(401, {
+			message: 'User is not logged in'
+		});
 	}
 
 	next();
@@ -242,12 +251,20 @@ exports.requiresLogin = function(req, res, next) {
 /**
  * User authorizations routing middleware
  */
-exports.hasAuthorization = function(req, res, next) {
-	if (req.profile.id !== req.user.id) {
-		return res.send(403, 'User is not authorized');
-	}
+exports.hasAuthorization = function(roles) {
+	var _this = this;
 
-	next();
+	return function(req, res, next) {
+		_this.requiresLogin(req, res, function() {
+			if (_.intersection(req.user.roles, roles).length) {
+				return next();
+			} else {
+				return res.send(403, {
+					message: 'User is not authorized'
+				});
+			}
+		});
+	};
 };
 
 /**
@@ -339,7 +356,7 @@ exports.removeOAuthProvider = function(req, res, next) {
 		// Delete the additional provider
 		if (user.additionalProvidersData[provider]) {
 			delete user.additionalProvidersData[provider];
-			
+
 			// Then tell mongoose that we've updated the additionalProvidersData field
 			user.markModified('additionalProvidersData');
 		}

app/models/user.js → app/models/user.server.model.js

@@ -68,6 +68,13 @@ var UserSchema = new Schema({
 	},
 	providerData: {},
 	additionalProvidersData: {},
+	roles: {
+		type: [{
+			type: String,
+			enum: ['user', 'admin']
+		}],
+		default: ['user']
+	},
 	updated: {
 		type: Date
 	},
@@ -114,8 +121,10 @@ UserSchema.statics.findUniqueUsername = function(username, suffix, callback) {
 	var _this = this;
 	var possibleUsername = username + (suffix || '');
 
-	_this.findOne({username: possibleUsername}, function(err, user) {
-		if(!err) {
+	_this.findOne({
+		username: possibleUsername
+	}, function(err, user) {
+		if (!err) {
 			if (!user) {
 				callback(possibleUsername);
 			} else {

app/routes/articles.server.routes.js

@@ -0,0 +1,22 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+var users = require('../../app/controllers/users'),
+	articles = require('../../app/controllers/articles');
+
+module.exports = function(app) {
+	// Article Routes
+	app.route('/articles')
+		.get(articles.list)
+		.post(users.requiresLogin, articles.create);
+
+	app.route('/articles/:articleId')
+		.get(articles.read)
+		.put(users.requiresLogin, articles.hasAuthorization, articles.update)
+	    .delete(users.requiresLogin, articles.hasAuthorization, articles.delete);
+
+	// Finish by binding the article middleware
+	app.param('articleId', articles.articleByID);
+};

app/routes/core.js → app/routes/core.server.routes.js

@@ -3,5 +3,5 @@
 module.exports = function(app) {
 	// Root routing
 	var core = require('../../app/controllers/core');
-	app.get('/', core.index);
+	app.route('/').get(core.index);
 };

app/routes/users.server.routes.js

@@ -0,0 +1,46 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+var passport = require('passport');
+
+module.exports = function(app) {
+	// User Routes
+	var users = require('../../app/controllers/users');
+	app.route('/users/me').get(users.me);
+	app.route('/users').put(users.update);
+	app.route('/users/password').post(users.changePassword);
+	app.route('/users/accounts').delete(users.removeOAuthProvider);
+
+	// Setting up the users api
+	app.route('/auth/signup').post(users.signup);
+	app.route('/auth/signin').post(users.signin);
+	app.route('/auth/signout').get(users.signout);
+
+	// Setting the facebook oauth routes
+	app.route('/auth/facebook').get(passport.authenticate('facebook', {
+		scope: ['email']
+	}));
+	app.route('/auth/facebook/callback').get(users.oauthCallback('facebook'));
+
+	// Setting the twitter oauth routes
+	app.route('/auth/twitter').get(passport.authenticate('twitter'));
+	app.route('/auth/twitter/callback').get(users.oauthCallback('twitter'));
+
+	// Setting the google oauth routes
+	app.route('/auth/google').get(passport.authenticate('google', {
+		scope: [
+			'https://www.googleapis.com/auth/userinfo.profile',
+			'https://www.googleapis.com/auth/userinfo.email'
+		]
+	}));
+	app.route('/auth/google/callback').get(users.oauthCallback('google'));
+
+	// Setting the linkedin oauth routes
+	app.route('/auth/linkedin').get(passport.authenticate('linkedin'));
+	app.route('/auth/linkedin/callback').get(users.oauthCallback('linkedin'));
+
+	// Finish by binding the user middleware
+	app.param('userId', users.userByID);
+};

app/views/404.html → app/views/404.server.view.html

@@ -1,4 +1,4 @@
-{% extends 'layout.html' %}
+{% extends 'layout.server.view.html' %}
 
 {% block content %}
 <h1>Page Not Found</h1>

app/views/500.html → app/views/500.server.view.html

@@ -1,4 +1,4 @@
-{% extends 'layout.html' %}
+{% extends 'layout.server.view.html' %}
 
 {% block content %}
 <h1>Server Error</h1>

app/views/index.html → app/views/index.server.view.html

@@ -1,4 +1,4 @@
-{% extends 'layout.html' %}
+{% extends 'layout.server.view.html' %}
 
 {% block content %}
 	<section data-ui-view></section>