cmilfont/app-controllers-users.js

## app-controllers-users.js
'use strict';

export class Users {
    constructor(app, models) {

        this.app = app;
        this.models = models;

        app.get('/login',
            function (req, res) {
                var messages = "";
                var flashs = req.flash();
                if (flashs.error) {
                    messages = flashs.error.join(" ");
                }
                res.render('login', {title: "Biohacking", messages: messages});
            });

        app.post('/login',
            app.get("passport").authenticate('local', {successRedirect: '/', failureRedirect: '/login', failureFlash: true})
        );

        app.get('/logout', function (req, res) {
            req.logout();
            res.redirect('/');
        });

        app.get("/register", function(req, res){
            var messages = "";
            var flashs = req.flash();
            if (flashs.error) {
                messages = flashs.error.join(" ");
            }
            res.render('register', {title: "Biohacking", messages: messages})
        });

        app.post("/register", function(req, res){

            models.User.findOne({
                where: {
                    username: req.body.username
                }
            }).then(function(user){

                if( !user ) {

                    user = models.User.build({
                        username: req.body.username,
                        email: req.body.email
                    });

                    user.setPassword(req.body.password, function(){
                        user.save().then(
                            function() {
                                res.redirect('/');
                            }
                        );
                    });
                }

            });


        });

    }
}

## express.js
module.exports = function(express, app, path) {

  app.use(express.static(path + '/public'));
  //app.set('view engine', 'jade');

  app.set('views', path + '/views');
  app.set('view engine', 'jsx');
  app.engine('jsx', require('express-react-views').createEngine());

};

## models-user.js
'use strict';

var crypto = require('crypto');

module.exports = function (sequelize, DataTypes) {
    var User = sequelize.define('User', {
        username: DataTypes.STRING,
        hash: DataTypes.STRING,
        salt: DataTypes.STRING,
        email: DataTypes.STRING,
        activationKey: DataTypes.STRING,
        resetPasswordKey: DataTypes.STRING,
        verified: DataTypes.BOOLEAN
    }, {
        classMethods: {
            associate: function (models) {
                // associations can be defined here
            }
        },
        instanceMethods: {
            setPassword: function (password, callback) {

                var self = this;

                crypto.randomBytes(32, function (err, buf) {

                    var salt = buf.toString('hex');

                    crypto.pbkdf2(password, salt, 12000, 512, function (err, hashRaw) {

                        self.set("hash", new Buffer(hashRaw, 'binary').toString('hex'));
                        self.set("salt", salt);

                        callback(null, self);

                    });
                });


            }
        }
    });
    return User;
};

## passport.js
'use strict';
var passport = require('passport'),
    crypto = require('crypto'),
    bodyParser = require('body-parser'),
    Strategy = require('passport-local').Strategy;

module.exports = function (express, app, path, models) {

    passport.use(new Strategy(
        function (username, password, done) {

            models.User.findOne({
                where: {username: username}
            }).then(function (user) {

                if (!user) {
                    return done(null, false, {message: "userDontExist"});
                }

                // https://adambard.com/blog/3-wrong-ways-to-store-a-password/
                // https://gist.github.com/skeggse/52672ddee97c8efec269
                crypto.pbkdf2(password, user.get("salt"), 12000, 512, function (err, hashRaw) {

                    if (err) {
                        return done(null, false, {message: err.message});
                    }

                    var hash = new Buffer(hashRaw, 'binary').toString('hex');

                    if (hash === user.get("hash")) {
                        return done(null, user);
                    } else {
                        return done(null, false, {message: "incorrectPasswordError"});
                    }
                });

            }).catch(function (error) {
                return done(null, false, {message: error.message});
            });

        }));

    passport.serializeUser(function (user, cb) {
        cb(null, user.id);
    });

    passport.deserializeUser(function (id, done) {
        models.User.findById(id).then(function (user) {
            done(null, user);
        }).catch(function (error) {
            return done(null, false, {message: error.message});
        });
    });

    app.use(require('morgan')('combined'));
    app.use(require('cookie-parser')());
    app.use(bodyParser.urlencoded({extended: true}));
    app.use(bodyParser.json());
    app.use(require('express-session')({secret: 'keyboard cat', resave: false, saveUninitialized: false}));
    app.use(require('connect-flash')());
    app.use(passport.initialize());
    app.use(passport.session());

    app.set("passport", passport);

};
	'use strict';

	export class Users {
	constructor(app, models) {

	this.app = app;
	this.models = models;

	app.get('/login',
	function (req, res) {
	var messages = "";
	var flashs = req.flash();
	if (flashs.error) {
	messages = flashs.error.join(" ");
	}
	res.render('login', {title: "Biohacking", messages: messages});
	});

	app.post('/login',
	app.get("passport").authenticate('local', {successRedirect: '/', failureRedirect: '/login', failureFlash: true})
	);

	app.get('/logout', function (req, res) {
	req.logout();
	res.redirect('/');
	});

	app.get("/register", function(req, res){
	var messages = "";
	var flashs = req.flash();
	if (flashs.error) {
	messages = flashs.error.join(" ");
	}
	res.render('register', {title: "Biohacking", messages: messages})
	});

	app.post("/register", function(req, res){

	models.User.findOne({
	where: {
	username: req.body.username
	}
	}).then(function(user){

	if( !user ) {

	user = models.User.build({
	username: req.body.username,
	email: req.body.email
	});

	user.setPassword(req.body.password, function(){
	user.save().then(
	function() {
	res.redirect('/');
	}
	);
	});
	}

	});



	});

	}
	}
	module.exports = function(express, app, path) {

	app.use(express.static(path + '/public'));
	//app.set('view engine', 'jade');

	app.set('views', path + '/views');
	app.set('view engine', 'jsx');
	app.engine('jsx', require('express-react-views').createEngine());

	};
	'use strict';

	var crypto = require('crypto');

	module.exports = function (sequelize, DataTypes) {
	var User = sequelize.define('User', {
	username: DataTypes.STRING,
	hash: DataTypes.STRING,
	salt: DataTypes.STRING,
	email: DataTypes.STRING,
	activationKey: DataTypes.STRING,
	resetPasswordKey: DataTypes.STRING,
	verified: DataTypes.BOOLEAN
	}, {
	classMethods: {
	associate: function (models) {
	// associations can be defined here
	}
	},
	instanceMethods: {
	setPassword: function (password, callback) {

	var self = this;

	crypto.randomBytes(32, function (err, buf) {

	var salt = buf.toString('hex');

	crypto.pbkdf2(password, salt, 12000, 512, function (err, hashRaw) {

	self.set("hash", new Buffer(hashRaw, 'binary').toString('hex'));
	self.set("salt", salt);

	callback(null, self);

	});
	});


	}
	}
	});
	return User;
	};
	'use strict';
	var passport = require('passport'),
	crypto = require('crypto'),
	bodyParser = require('body-parser'),
	Strategy = require('passport-local').Strategy;

	module.exports = function (express, app, path, models) {

	passport.use(new Strategy(
	function (username, password, done) {

	models.User.findOne({
	where: {username: username}
	}).then(function (user) {

	if (!user) {
	return done(null, false, {message: "userDontExist"});
	}

	// https://adambard.com/blog/3-wrong-ways-to-store-a-password/
	// https://gist.github.com/skeggse/52672ddee97c8efec269
	crypto.pbkdf2(password, user.get("salt"), 12000, 512, function (err, hashRaw) {

	if (err) {
	return done(null, false, {message: err.message});
	}

	var hash = new Buffer(hashRaw, 'binary').toString('hex');

	if (hash === user.get("hash")) {
	return done(null, user);
	} else {
	return done(null, false, {message: "incorrectPasswordError"});
	}
	});

	}).catch(function (error) {
	return done(null, false, {message: error.message});
	});

	}));

	passport.serializeUser(function (user, cb) {
	cb(null, user.id);
	});

	passport.deserializeUser(function (id, done) {
	models.User.findById(id).then(function (user) {
	done(null, user);
	}).catch(function (error) {
	return done(null, false, {message: error.message});
	});
	});

	app.use(require('morgan')('combined'));
	app.use(require('cookie-parser')());
	app.use(bodyParser.urlencoded({extended: true}));
	app.use(bodyParser.json());
	app.use(require('express-session')({secret: 'keyboard cat', resave: false, saveUninitialized: false}));
	app.use(require('connect-flash')());
	app.use(passport.initialize());
	app.use(passport.session());

	app.set("passport", passport);

	};