meanjs · trainerbill · Jan 26, 2016 · Jan 27, 2016 · Jan 27, 2016 · Jan 27, 2016
diff --git a/config/env/default.js b/config/env/default.js
@@ -37,5 +37,12 @@ module.exports = {
         fileSize: 1*1024*1024 // Max file size in bytes (1 MB)
       }
     }
+  },
+  jwt: {
+    secret: process.env.TOKEN_AUTH_SECRET || 'M3@N_R0CK5!',
+    options: {  //Anything From https://www.npmjs.com/package/jsonwebtoken
+      expiresIn: process.env.TOKEN_EXPIRES || '1d'
+    }
+
   }
 };
diff --git a/config/env/development.js b/config/env/development.js
@@ -23,7 +23,7 @@ module.exports = {
       //  directoryPath: process.cwd(),
       //  fileName: 'access.log',
       //  rotatingLogs: { // for more info on rotating logs - https://github.com/holidayextras/file-stream-rotator#usage
-      //    active: false, // activate to use rotating logs 
+      //    active: false, // activate to use rotating logs
       //    fileName: 'access-%DATE%.log', // if rotating logs are active, this fileName setting will be used
       //    frequency: 'daily',
       //    verbose: false

diff --git a/config/lib/jwtAuthentication.js b/config/lib/jwtAuthentication.js
@@ -0,0 +1,30 @@
+'use strict';
+
+var config = require('../config'),
+  jwt = require('jsonwebtoken'),
+  lodash = require('lodash');
+
+
+
+// export the token auth service
+exports.signToken = function (user, options) {
+  var payload,
+    token,
+    jwtOptions;
+
+  if (!user || !user._id) {
+    return null;
+  }
+
+  options = options || {};
+
+  payload = {
+    user: user._id.toString()
+  };
+
+  jwtOptions = lodash.merge(config.jwt.options, options);
+
+  token = jwt.sign(payload, config.jwt.secret, jwtOptions);
+
+  return token;
+};
diff --git a/config/lib/socket.io.js b/config/lib/socket.io.js
@@ -85,14 +85,15 @@ module.exports = function (app, db) {
 
         // Use Passport to populate the user details
         passport.initialize()(socket.request, {}, function () {
-          passport.session()(socket.request, {}, function () {
+          passport.authenticate('jwt', { session: false })(socket.request, {}, function () {
             if (socket.request.user) {
               next(null, true);
             } else {
               next(new Error('User is not authenticated'), false);
             }
           });
         });
+
       });
     });
   });

diff --git a/modules/articles/server/policies/articles.server.policy.js b/modules/articles/server/policies/articles.server.policy.js
@@ -15,28 +15,28 @@ exports.invokeRolesPolicies = function () {
   acl.allow([{
     roles: ['admin'],
     allows: [{
-      resources: '/api/articles',
+      resources: '/',
       permissions: '*'
     }, {
-      resources: '/api/articles/:articleId',
+      resources: '/:articleId',
       permissions: '*'
     }]
   }, {
     roles: ['user'],
     allows: [{
-      resources: '/api/articles',
+      resources: '/',
       permissions: ['get', 'post']
     }, {
-      resources: '/api/articles/:articleId',
+      resources: '/:articleId',
       permissions: ['get']
     }]
   }, {
     roles: ['guest'],
     allows: [{
-      resources: '/api/articles',
+      resources: '/',
       permissions: ['get']
     }, {
-      resources: '/api/articles/:articleId',
+      resources: '/:articleId',
       permissions: ['get']
     }]
   }]);

diff --git a/modules/articles/server/routes/articles.server.routes.js b/modules/articles/server/routes/articles.server.routes.js
@@ -3,21 +3,29 @@
 /**
  * Module dependencies
  */
-var articlesPolicy = require('../policies/articles.server.policy'),
+var passport = require('passport'),
+  express = require('express'),
+  articlesPolicy = require('../policies/articles.server.policy'),
   articles = require('../controllers/articles.server.controller');
 
+
 module.exports = function (app) {
+  var router = express.Router();
+
+
   // Articles collection routes
-  app.route('/api/articles').all(articlesPolicy.isAllowed)
-    .get(articles.list)
-    .post(articles.create);
+  router.route('/')
+    .get(articlesPolicy.isAllowed, articles.list)
+    .post(passport.authenticate('jwt', { session: false }), articlesPolicy.isAllowed, articles.create);
 
   // Single article routes
-  app.route('/api/articles/:articleId').all(articlesPolicy.isAllowed)
-    .get(articles.read)
-    .put(articles.update)
-    .delete(articles.delete);
+  router.route('/:articleId')
+    .get(articlesPolicy.isAllowed, articles.read)
+    .put(passport.authenticate('jwt', { session: false }), articlesPolicy.isAllowed, articles.update)
+    .delete(passport.authenticate('jwt', { session: false }), articlesPolicy.isAllowed, articles.delete);
 
   // Finish by binding the article middleware
-  app.param('articleId', articles.articleByID);
+  router.param('articleId', articles.articleByID);
+
+  app.use('/api/articles', router);
 };
diff --git a/modules/articles/tests/server/article.server.routes.tests.js b/modules/articles/tests/server/article.server.routes.tests.js
@@ -45,7 +45,7 @@ describe('Article CRUD tests', function () {
     });
 
     // Save a user to the test db and create new article
-    user.save(function () {
+    user.save(function (err, user) {
       article = {
         title: 'Article Title',
         content: 'Article Content'
@@ -56,6 +56,7 @@ describe('Article CRUD tests', function () {
   });
 
   it('should be able to save an article if logged in', function (done) {
+
     agent.post('/api/auth/signin')
       .send(credentials)
       .expect(200)
@@ -66,10 +67,12 @@ describe('Article CRUD tests', function () {
         }
 
         // Get the userId
-        var userId = user.id;
+        var userId = signinRes.body.user._id;
+
 
         // Save a new article
         agent.post('/api/articles')
+          .set('Authorization', 'JWT ' + signinRes.body.token)
           .send(article)
           .expect(200)
           .end(function (articleSaveErr, articleSaveRes) {
@@ -103,7 +106,7 @@ describe('Article CRUD tests', function () {
   it('should not be able to save an article if not logged in', function (done) {
     agent.post('/api/articles')
       .send(article)
-      .expect(403)
+      .expect(401)
       .end(function (articleSaveErr, articleSaveRes) {
         // Call the assertion callback
         done(articleSaveErr);
@@ -124,10 +127,11 @@ describe('Article CRUD tests', function () {
         }
 
         // Get the userId
-        var userId = user.id;
+        var userId = signinRes.body.user._id;
 
         // Save a new article
         agent.post('/api/articles')
+          .set('Authorization', 'JWT ' + signinRes.body.token)
           .send(article)
           .expect(400)
           .end(function (articleSaveErr, articleSaveRes) {
@@ -151,10 +155,11 @@ describe('Article CRUD tests', function () {
         }
 
         // Get the userId
-        var userId = user.id;
+        var userId = signinRes.body.user._id;
 
         // Save a new article
         agent.post('/api/articles')
+          .set('Authorization', 'JWT ' + signinRes.body.token)
           .send(article)
           .expect(200)
           .end(function (articleSaveErr, articleSaveRes) {
@@ -168,6 +173,7 @@ describe('Article CRUD tests', function () {
 
             // Update an existing article
             agent.put('/api/articles/' + articleSaveRes.body._id)
+              .set('Authorization', 'JWT ' + signinRes.body.token)
               .send(article)
               .expect(200)
               .end(function (articleUpdateErr, articleUpdateRes) {
@@ -258,10 +264,11 @@ describe('Article CRUD tests', function () {
         }
 
         // Get the userId
-        var userId = user.id;
+        var userId = signinRes.body.user._id;
 
         // Save a new article
         agent.post('/api/articles')
+          .set('Authorization', 'JWT ' + signinRes.body.token)
           .send(article)
           .expect(200)
           .end(function (articleSaveErr, articleSaveRes) {
@@ -272,6 +279,7 @@ describe('Article CRUD tests', function () {
 
             // Delete an existing article
             agent.delete('/api/articles/' + articleSaveRes.body._id)
+              .set('Authorization', 'JWT ' + signinRes.body.token)
               .send(article)
               .expect(200)
               .end(function (articleDeleteErr, articleDeleteRes) {
@@ -301,11 +309,9 @@ describe('Article CRUD tests', function () {
     articleObj.save(function () {
       // Try deleting article
       request(app).delete('/api/articles/' + articleObj._id)
-        .expect(403)
+        .expect(401)
         .end(function (articleDeleteErr, articleDeleteRes) {
-          // Set message assertion
-          (articleDeleteRes.body.message).should.match('User is not authorized');
-
+
           // Handle article error error
           done(articleDeleteErr);
         });
@@ -351,6 +357,7 @@ describe('Article CRUD tests', function () {
 
           // Save a new article
           agent.post('/api/articles')
+            .set('Authorization', 'JWT ' + signinRes.body.token)
             .send(article)
             .expect(200)
             .end(function (articleSaveErr, articleSaveRes) {

diff --git a/modules/core/client/app/init.js b/modules/core/client/app/init.js
@@ -13,30 +13,33 @@ angular.module(ApplicationConfiguration.applicationModuleName).config(['$locatio
 ]);
 
 angular.module(ApplicationConfiguration.applicationModuleName).run(function ($rootScope, $state, Authentication) {
+  Authentication.ready
+    .then(function (auth) {
+      // Check authentication before changing state
+      $rootScope.$on('$stateChangeStart', function (event, toState, toParams, fromState, fromParams) {
+        if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
+          var allowed = false;
+          toState.data.roles.forEach(function (role) {
+            if ((role === 'guest') || (Authentication.user && Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1)) {
+              allowed = true;
+              return true;
+            }
+          });
 
-  // Check authentication before changing state
-  $rootScope.$on('$stateChangeStart', function (event, toState, toParams, fromState, fromParams) {
-    if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
-      var allowed = false;
-      toState.data.roles.forEach(function (role) {
-        if ((role === 'guest') || (Authentication.user && Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1)) {
-          allowed = true;
-          return true;
+          if (!allowed) {
+            event.preventDefault();
+            if (Authentication.user !== undefined && typeof Authentication.user === 'object') {
+              $state.go('forbidden');
+            } else {
+              $state.go('authentication.signin').then(function () {
+                storePreviousState(toState, toParams);
+              });
+            }
+          }
         }
       });
+    });
 
-      if (!allowed) {
-        event.preventDefault();
-        if (Authentication.user !== undefined && typeof Authentication.user === 'object') {
-          $state.go('forbidden');
-        } else {
-          $state.go('authentication.signin').then(function () {
-            storePreviousState(toState, toParams);
-          });
-        }
-      }
-    }
-  });
 
   // Record previous state
   $rootScope.$on('$stateChangeSuccess', function (event, toState, toParams, fromState, fromParams) {
@@ -45,7 +48,7 @@ angular.module(ApplicationConfiguration.applicationModuleName).run(function ($ro
 
   // Store previous state
   function storePreviousState(state, params) {
-    // only store this state if it shouldn't be ignored 
+    // only store this state if it shouldn't be ignored
     if (!state.data || !state.data.ignoreState) {
       $state.previous = {
         state: state,

diff --git a/modules/core/client/services/interceptors/auth.interceptor.client.service.js b/modules/core/client/services/interceptors/auth.interceptor.client.service.js
@@ -1,14 +1,15 @@
 'use strict';
 
-angular.module('core').factory('authInterceptor', ['$q', '$injector', 'Authentication',
-  function ($q, $injector, Authentication) {
+angular.module('core').factory('authInterceptor', ['$q', '$injector',
+  function ($q, $injector) {
     return {
       responseError: function(rejection) {
         if (!rejection.config.ignoreAuthModule) {
           switch (rejection.status) {
             case 401:
               // Deauthenticate the global user
-              Authentication.user = null;
+              var auth = $injector.get('Authentication');
+              auth.signout();
               $injector.get('$state').transitionTo('authentication.signin');
               break;
             case 403:

diff --git a/modules/core/client/services/socket.io.client.service.js b/modules/core/client/services/socket.io.client.service.js
@@ -7,7 +7,7 @@ angular.module('core').service('Socket', ['Authentication', '$state', '$timeout'
     this.connect = function () {
       // Connect only when authenticated
       if (Authentication.user) {
-        this.socket = io();
+        this.socket = io('', { query: 'auth_token=' + Authentication.token });
       }
     };
     this.connect();

diff --git a/modules/core/client/views/header.client.view.html b/modules/core/client/views/header.client.view.html
@@ -41,7 +41,7 @@
           </li>
           <li class="divider"></li>
           <li>
-            <a href="/api/auth/signout" target="_self">Signout</a>
+            <a href="#" ng-click="authentication.signout()">Signout</a>
           </li>
         </ul>
       </li>

diff --git a/modules/core/server/views/layout.server.view.html b/modules/core/server/views/layout.server.view.html
@@ -42,12 +42,7 @@
       {% block content %}{% endblock %}
     </section>
   </section>
-
-  <!--Embedding The User Object-->
-  <script type="text/javascript">
-    var user = {{ user | json | safe }};
-  </script>
-
+
   <!--Load The Socket.io File-->
   <script type="text/javascript" src="/socket.io/socket.io.js"></script>
 

diff --git a/modules/users/client/controllers/authentication.client.controller.js b/modules/users/client/controllers/authentication.client.controller.js
@@ -24,7 +24,8 @@ angular.module('users').controller('AuthenticationController', ['$scope', '$stat
 
       $http.post('/api/auth/signup', $scope.credentials).success(function (response) {
         // If successful we assign the response to the global user model
-        $scope.authentication.user = response;
+        //$scope.authentication.user = response;
+        Authentication.login(response.user, response.token);
 
         // And redirect to the previous or home page
         $state.go($state.previous.state.name || 'home', $state.previous.params);
@@ -44,7 +45,8 @@ angular.module('users').controller('AuthenticationController', ['$scope', '$stat
 
       $http.post('/api/auth/signin', $scope.credentials).success(function (response) {
         // If successful we assign the response to the global user model
-        $scope.authentication.user = response;
+        //$scope.authentication.user = response;
+        Authentication.login(response.user, response.token);
 
         // And redirect to the previous or home page
         $state.go($state.previous.state.name || 'home', $state.previous.params);
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,7 +41,7 @@ @@
               </li>
               <li class="divider"></li>
               <li>
-                <a href="/api/auth/signout" target="_self">Signout</a>
+                <a href="#" ng-click="authentication.signout()">Signout</a>
               </li>
             </ul>
           </li>
@@ Expand Down @@