Skip to content

Instantly share code, notes, and snippets.

@CiscoKidxx
Last active September 8, 2015 03:13
Show Gist options
  • Save CiscoKidxx/bc9b08afc89f6bcfcb4d to your computer and use it in GitHub Desktop.
Save CiscoKidxx/bc9b08afc89f6bcfcb4d to your computer and use it in GitHub Desktop.
/**
* UserController
*
* @description :: Server-side logic for managing users
* @help :: See http://links.sailsjs.org/docs/controllers
*/
/*
|--------------------------------------------------------------------------
| Login with Twitter
|--------------------------------------------------------------------------
*/
var qs = require('querystring');
var request = require('request');
var jwt = require('jwt-simple');
var moment = require('moment');
module.exports = {
login: function (req, res) {
var requestTokenUrl = 'https://api.twitter.com/oauth/request_token';
var accessTokenUrl = 'https://api.twitter.com/oauth/access_token';
var profileUrl = 'https://api.twitter.com/1.1/users/show.json?screen_name=';
// Part 1 of 2: Initial request from Satellizer.
if (!req.body.oauth_token || !req.body.oauth_verifier) {
var requestTokenOauth = {
consumer_key: config.TWITTER_KEY,
consumer_secret: config.TWITTER_SECRET,
callback: config.TWITTER_CALLBACK
};
// Step 1. Obtain request token for the authorization popup.
request.post({ url: requestTokenUrl, oauth: requestTokenOauth }, function(err, response, body) {
var oauthToken = qs.parse(body);
// Step 2. Send OAuth token back to open the authorization screen.
res.send(oauthToken);
});
} else {
// Part 2 of 2: Second request after Authorize app is clicked.
var accessTokenOauth = {
consumer_key: config.TWITTER_KEY,
consumer_secret: config.TWITTER_SECRET,
token: req.body.oauth_token,
verifier: req.body.oauth_verifier
};
// Step 3. Exchange oauth token and oauth verifier for access token.
request.post({ url: accessTokenUrl, oauth: accessTokenOauth }, function(err, response, accessToken) {
accessToken = qs.parse(accessToken);
var profileOauth = {
consumer_key: config.TWITTER_KEY,
consumer_secret: config.TWITTER_SECRET,
oauth_token: accessToken.oauth_token
};
// Step 4. Retrieve profile information about the current user.
request.get({
url: profileUrl + accessToken.screen_name,
oauth: profileOauth,
json: true
}, function(err, response, profile) {
// Step 5a. Link user accounts.
if (req.headers.authorization) {
User.findOne({ twitter: profile.id }, function(err, existingUser) {
if (existingUser) {
return res.status(409).send({ message: 'There is already a Twitter account that belongs to you' });
}
var token = req.headers.authorization.split(' ')[1];
var payload = jwt.decode(token, config.TOKEN_SECRET);
User.findById(payload.sub, function(err, user) {
if (!user) {
return res.status(400).send({ message: 'User not found' });
}
user.twitter = profile.id;
user.displayName = user.displayName || profile.name;
user.save(function(err) {
if (err) return res.negotiate(err);
res.send({
token: createJWT(user)
});
});
});
});
} else {
// Step 5b. Create a new user account or return an existing one.
User.findOne({ twitter: profile.id }, function(err, existingUser) {
if (existingUser) {
return res.send({ token: createJWT(existingUser) });
}
User.create({
twitter: profile.id,
displayName: profile.name,
}).exec(function (err, user) {
res.send({ token: createJWT(user) });
});
});
}
});
});
}
}
}
function createJWT(user) {
var payload = {
sub: user._id,
iat: moment().unix(),
exp: moment().add(14, 'days').unix()
};
return jwt.encode(payload, config.TOKEN_SECRET);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment