@@ -1,129 +1,114 @@
/**
* Created by jameshong on 6/03/2014.
*/
var express = require ( 'express' )
, passport = require ( 'passport' )
, util = require ( 'util' )
, GoogleStrategy = require ( 'passport-google' ) . Strategy ;
// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
// serialize users into and deserialize users out of the session. Typically,
// this will be as simple as storing the user ID when serializing, and finding
// the user by ID when deserializing. However, since this example does not
// have a database of user records, the complete Google profile is serialized
// and deserialized.
var express = require ( 'express' ) ;
var http = require ( 'http' ) ;
var path = require ( 'path' ) ;
var passport = require ( 'passport' ) ;
var GoogleStrategy = require ( 'passport-google-oauth' ) . OAuth2Strategy ;
var GOOGLE_CLIENT_ID = "xyz1234.apps.googleusercontent.com" ;
var GOOGLE_CLIENT_SECRET = "--google client secret" ;
// Serialized and deserialized methods when got from session
passport . serializeUser ( function ( user , done ) {
done ( null , user ) ;
done ( null , user ) ;
} ) ;
passport . deserializeUser ( function ( obj , done ) {
done ( null , obj ) ;
passport . deserializeUser ( function ( user , done ) {
done ( null , user ) ;
} ) ;
// Define a middleware function to be used for every secured routes
var ensureAuthenticated = function ( req , res , next ) {
if ( ! req . isAuthenticated ( ) )
res . send ( 401 ) ;
else
next ( ) ;
} ;
//==================================================================
// Use the GoogleStrategy within Passport.
// Strategies in passport require a `validate` function, which accept
// credentials (in this case, an OpenID identifier and profile), and invoke a
// callback with a user object.
passport . use ( new GoogleStrategy ( {
returnURL : 'http://localhost:3000/auth/google/return' ,
realm : 'http://localhost:3000/'
clientID : GOOGLE_CLIENT_ID ,
clientSecret : GOOGLE_CLIENT_SECRET ,
callbackURL : "http://127.0.0.1:3000/auth/google/return"
} ,
function ( identifier , profile , done ) {
function ( accessToken , refreshToken , profile , done ) {
// asynchronous verification, for effect...
process . nextTick ( function ( ) {
// To keep the example simple, the user's Google profile is returned to
// represent the logged-in user. In a typical application, you would want
// to associate the Google account with a user record in your database,
// and return that user instead.
profile . identifier = identifier ;
var emails = profile . emails [ 0 ] . value . split ( '@' ) ;
if ( ( emails . indexOf ( 'hello.com' ) ) >= 0 ) {
console . log ( 'user from hello.com found' ) ;
return done ( null , profile ) ;
} else {
console . log ( 'user from hello.com not found' ) ;
//reject the profile data from goolgle, passport will redirect back to login page
profile = null ;
return done ( null , profile ) ;
}
return done ( null , profile ) ;
} ) ;
}
) ) ;
var app = express . createServer ( ) ;
// configure Express
app . configure ( function ( ) {
app . set ( 'views' , __dirname + '/views' ) ;
app . set ( 'view engine' , 'ejs' ) ;
app . use ( express . logger ( ) ) ;
app . use ( express . cookieParser ( ) ) ;
app . use ( express . bodyParser ( ) ) ;
app . use ( express . methodOverride ( ) ) ;
app . use ( express . session ( { secret : 'keyboard cat' } ) ) ;
// Initialize Passport! Also use passport.session() middleware, to support
// persistent login sessions (recommended).
app . use ( passport . initialize ( ) ) ;
app . use ( passport . session ( ) ) ;
app . use ( app . router ) ;
app . use ( express . static ( __dirname + '/../../public' ) ) ;
} ) ;
// Start express application
var app = express ( ) ;
// all environments
app . set ( 'port' , process . env . PORT || 3000 ) ;
app . set ( 'views' , __dirname + '/views' ) ;
app . set ( 'view engine' , 'ejs' ) ;
app . use ( express . favicon ( ) ) ;
app . use ( express . logger ( 'dev' ) ) ;
app . use ( express . cookieParser ( ) ) ;
app . use ( express . bodyParser ( ) ) ;
app . use ( express . methodOverride ( ) ) ;
app . use ( express . session ( { secret : 'securedsession' } ) ) ;
app . use ( passport . initialize ( ) ) ; // Add passport initialization
app . use ( passport . session ( ) ) ; // Add passport initialization
app . use ( app . router ) ;
app . use ( express . static ( path . join ( __dirname , 'public' ) ) ) ;
// development only
if ( 'development' == app . get ( 'env' ) ) {
app . use ( express . errorHandler ( ) ) ;
}
//==================================================================
// routes
app . get ( '/' , function ( req , res ) {
res . render ( 'index' , { user : req . user } ) ;
res . render ( 'index' , { title : 'Express' } ) ;
} ) ;
app . get ( '/account ' , ensureAuthenticated , function ( req , res ) {
res . render ( 'account' , { user : req . user } ) ;
app . get ( '/users ' , ensureAuthenticated , function ( req , res ) {
res . send ( [ { name : "user1" } , { name : "user2" } ] ) ;
} ) ;
//==================================================================
app . get ( '/login' , function ( req , res ) {
res . render ( 'login' , { user : req . user } ) ;
//==================================================================
// route to test if the user is logged in or not
app . get ( '/loggedin' , function ( req , res ) {
res . send ( req . isAuthenticated ( ) ? req . user : '0' ) ;
} ) ;
// GET /auth/google
// Use passport.authenticate() as route middleware to authenticate the
// request. The first step in Google authentication will involve redirecting
// the user to google.com. After authenticating, Google will redirect the
// user back to this application at /auth/google/return
app . get ( '/auth/google' ,
passport . authenticate ( 'google' , { failureRedirect : '/login' } ) ,
function ( req , res ) {
res . redirect ( '/' ) ;
//using "prompt" option in passport-google-oauth
app . get ( '/login-google' ,
passport . authenticate ( 'google' , { prompt :'select_account' , scope : [ 'https://www.googleapis.com/auth/userinfo.profile' ,
'https://www.googleapis.com/auth/userinfo.email' ] } ) ,
function ( req , res ) {
// The request will be redirected to Google for authentication, so this
// function will not be called.
} ) ;
// GET /auth/google/return
// Use passport.authenticate() as route middleware to authenticate the
// request. If authentication fails, the user will be redirected back to the
// login page. Otherwise, the primary route function function will be called,
// which, in this example, will redirect the user to the home page.
app . get ( '/auth/google/return' ,
passport . authenticate ( 'google' , { failureRedirect : '/login ' } ) ,
passport . authenticate ( 'google' , { failureRedirect : '/#/loginfailure ' } ) ,
function ( req , res ) {
res . redirect ( '/' ) ;
} ) ;
app . get ( '/logout' , function ( req , res ) {
req . logout ( ) ;
res . redirect ( '/' ) ;
// route to log out
app . post ( '/logout' , function ( req , res ) {
req . logOut ( ) ;
res . send ( 200 ) ;
} ) ;
//==================================================================
app . listen ( 3000 ) ;
// Simple route middleware to ensure user is authenticated.
// Use this route middleware on any resource that needs to be protected. If
// the request is authenticated (typically via a persistent login session),
// the request will proceed. Otherwise, the user will be redirected to the
// login page.
function ensureAuthenticated ( req , res , next ) {
if ( req . isAuthenticated ( ) ) { return next ( ) ; }
res . redirect ( '/login' )
}
http . createServer ( app ) . listen ( app . get ( 'port' ) , function ( ) {
console . log ( 'Express server listening on port ' + app . get ( 'port' ) ) ;
} ) ;
Greyeye revised this gist