This is a simple authentication server template using express with mongoose.

Sam Razi · Sam Razi · commit baf7e5bc16fe · 2017-04-16T02:39:33.000-07:00
Also users passport, with JWT and local strategies.
- Built as part of Advanced React/Redux course by Stephen Grider
diff --git a/controllers/authentication.js b/controllers/authentication.js
@@ -0,0 +1,49 @@
+const jwt = require('jwt-simple');
+const User = require('../models/user');
+const config = require('../config');
+
+function tokenForUser(user) {
+	const timestamp = new Date().getTime()
+	return jwt.encode({ sub: user.id, iat: timestamp }, config.secret);
+}
+
+exports.signin = function(req, res, next) {
+	// User has already had their email and password auth'd
+	// We just need to give them a token
+	res.send({ token: tokenForUser(req.user)});
+
+}
+
+
+exports.signup = function(req, res, next) {
+	const email = req.body.email;
+	const password = req.body.password;
+
+	if (!email || !password)  {
+		return res.status(422).send({ error: 'You must provide email and password'});
+	}
+
+	// See if a user with the given email exists
+	User.findOne({ email: email }, function(err, existingUser) {
+		if (err) { return next(err); }
+
+		// If a user with email does exist, return an error	
+		if (existingUser) {
+			return res.status(422).send({ error: 'Email is in use' });
+		}
+
+		// If a user with email does NOT exist, create and save record
+		const user = new User({
+			email: email,
+			password: password
+		});
+
+		// this will actually save the newly created user object to the mongodb database
+		user.save(function(err) {
+			if (err) { return next(err); }
+			// Respond to request indicating that the user was created
+			res.json({ token: tokenForUser(user) });
+
+		});
+	});
+}
diff --git a/index.js b/index.js
@@ -0,0 +1,26 @@
+// Application Controller / Start-point
+const express = require('express');
+const http = require('http');
+const bodyParser = require('body-parser');
+const morgan = require('morgan');
+const app = express();
+const router = require('./router');
+const mongoose = require('mongoose');
+
+// DB Setup
+mongoose.connect('mongodb://localhost:auth/auth');
+
+
+// App Setup
+app.use(morgan('combined'));
+app.use(bodyParser.json({ type: '*/*'}));
+router(app);
+
+// Server Setup
+
+const port = process.env.PORT || 3090;
+const server = http.createServer(app);
+server.listen(port);
+
+console.log('Server listening on:', port);
+
diff --git a/models/user.js b/models/user.js
@@ -0,0 +1,42 @@
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+const bcrypt = require('bcrypt-nodejs');
+
+// Define our model
+const userSchema = new Schema({
+	email: { type: String, unique: true, lowercase: true },
+	password: String
+});
+
+// On Save Hook, encrypt password
+userSchema.pre('save', function(next) {
+	const user = this;
+
+	bcrypt.genSalt(10, function(err, salt) { 
+		if (err) { return next(err); }
+
+		bcrypt.hash(user.password, salt, null, function(err, hash) {
+			if (err) { return next(err); }
+
+			user.password = hash;
+			next();
+		});
+	});
+});
+
+userSchema.methods.comparePassword = function(candidatePassword, callback) {
+	bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
+		if (err) { return callback(err); }
+
+		callback(null, isMatch);
+	});
+}
+
+// Create the model class
+const ModelClass = mongoose.model('user', userSchema);
+
+
+
+// Export the model
+module.exports = ModelClass;
+
diff --git a/package.json b/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "server",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "dev": "nodemon index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "bcrypt-nodejs": "0.0.3",
+    "body-parser": "^1.17.1",
+    "express": "^4.15.2",
+    "jwt-simple": "^0.5.1",
+    "mongoose": "^4.9.4",
+    "morgan": "^1.8.1",
+    "nodemon": "^1.11.0",
+    "passport": "^0.3.2",
+    "passport-jwt": "^2.2.1",
+    "passport-local": "^1.0.0"
+  }
+}
diff --git a/router.js b/router.js
@@ -0,0 +1,14 @@
+const Authentication = require('./controllers/authentication');
+const passportService = require('./services/passport');
+const passport = require('passport');
+
+const requireAuth = passport.authenticate('jwt', { session: false });
+const requireSignin = passport.authenticate('local', { session: false });
+
+module.exports = function(app) {
+	app.get('/', requireAuth, function(req, res) {
+		res.send({ thisisajourney: 'into sound' });
+	});
+	app.post('/signin', requireSignin, Authentication.signin);
+	app.post('/signup', Authentication.signup);
+}
diff --git a/services/passport.js b/services/passport.js
@@ -0,0 +1,53 @@
+const passport = require('passport');
+const User = require('../models/user');
+const config = require('../config');
+const JwtStrategy = require('passport-jwt').Strategy;
+const ExtractJwt = require('passport-jwt').ExtractJwt;
+const LocalStragegy = require('passport-local');
+
+// Create Local Strategy
+const localOptions = { usernameField: 'email' };
+const localLogin = new LocalStragegy(localOptions, function(email, password, done){
+	// Verify this username and password, call done with the user
+	// if it is the correct email and password
+	// otherwise, call done with false
+	User.findOne({ email: email }, function(err, user) {
+		if (err) { return done(err); }
+		if (!user) { return done(null, false); }
+
+		// compare passwords - is `password` equal to user.password?
+		user.comparePassword(password, function(err, isMatch) {
+			if (err) { return done(err); }
+			if (!isMatch) { return done(null, false); }
+
+			return done(null, user);
+		})
+	});
+});
+
+// Setup options for JWT Strategy
+const jwtOptions = {
+	jwtFromRequest: ExtractJwt.fromHeader('authorization'),
+	secretOrKey: config.secret
+};
+
+// Create JWT Strategy
+const jwtLogin = new JwtStrategy(jwtOptions, function(payload, done) {
+	// See if the user ID in the payload exists in our database
+	// If it does, call 'done' with that user
+	// otherwise, call down without a user object
+	User.findById(payload.sub, function(err, user) {
+		if (err) { return done(err, false); }
+
+		if (user) { 
+			done(null, user);
+		} else {
+			done(null, false);
+		}
+	});
+});
+
+// Tell passport to use this strategy
+passport.use(jwtLogin);
+passport.use(localLogin);
+
