freekrai/AuthController.js

## application.js
// config/application.js

var passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy;

// some static users
var users = [
    { id: 1, username: 'bob', password: 'secret', email: 'bob@example.com' }
  , { id: 2, username: 'joe', password: 'birthday', email: 'joe@example.com' }
];

// helper functions
function findById(id, fn) {
  var idx = id - 1;
  if (users[idx]) {
    fn(null, users[idx]);
  } else {
    fn(new Error('User ' + id + ' does not exist'));
  }
}

function findByUsername(username, fn) {
  for (var i = 0, len = users.length; i < len; i++) {
    var user = users[i];
    if (user.username === username) {
      return fn(null, user);
    }
  }
  return fn(null, null);
}


// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
// serialize users into and deserialize users out of the session. Typically,
// this will be as simple as storing the user ID when serializing, and finding
// the user by ID when deserializing.
passport.serializeUser(function(user, done) {
  done(null, user.id);
});

passport.deserializeUser(function(id, done) {
  findById(id, function (err, user) {
    done(err, user);
  });
});


// Use the LocalStrategy within Passport.
// Strategies in passport require a `verify` function, which accept
// credentials (in this case, a username and password), and invoke a callback
// with a user object. In the real world, this would query a database;
// however, in this example we are using a baked-in set of users.
passport.use(new LocalStrategy(
  function(username, password, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {

      // Find the user by username. If there is no user with the given
      // username, or the password is not correct, set the user to `false` to
      // indicate failure and set a flash message. Otherwise, return the
      // authenticated `user`.
      findByUsername(username, function(err, user) {
        if (err) { return done(err); }
        if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
        if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
        return done(null, user);
      })
    });
  }
));

// export

module.exports = {

	// Name of the application (used as default <title>)
	appName: "Sails Application",

	// Port this Sails application will live on
	port: 1337,

	// The environment the app is deployed in
	// (`development` or `production`)
	//
	// In `production` mode, all css and js are bundled up and minified
	// And your views and templates are cached in-memory.  Gzip is also used.
	// The downside?  Harder to debug, and the server takes longer to start.
	environment: 'development',

  // Custom express middleware - we use this to register the passport middleware
	express: {
		customMiddleware: function(app)
		{
			app.use(passport.initialize());
			app.use(passport.session());
		}
	}

};

## AuthController.js
// api/controllers/AuthController.js

var passport = require('passport');

var AuthController = {

  login: function (req,res)
	{
		res.view();
	},

	process: function(req, res)
	{
		passport.authenticate('local', function(err, user, info)
		{
			if ((err) || (!user))
			{
				res.redirect('/login');
				return;
			}

			req.logIn(user, function(err)
			{
				if (err)
				{
					res.view();
					return;
				}

				res.redirect('/');
				return;
			});
		})(req, res);
	},

	logout: function (req,res)
	{
		req.logout();
		res.redirect('/');
	}

};

module.exports = AuthController;

## authenticated.js
// api/policies/authenticated.js

// We use passport to determine if we're authenticated
module.exports = function(req, res, next)
{
  if (req.isAuthenticated())
		return next();

	res.redirect('/login')
}

## login.ejs
// views/auth/login.ejs


<form action="/login" method="post">
<div>
<label>Username:</label>
<input type="text" name="username"/><br/>
</div>
<div>
<label>Password:</label>
<input type="password" name="password"/>
</div>
<div>
<input type="submit" value="Submit"/>
</div>
</form>
<p><small>Hint - bob:secret</small></p>

## policies.js
// config/policies.js

/**
* Policy defines middleware that is run before each controller/controller.
* Any policy dropped into the /middleware directory is made globally available through sails.middleware
* Below, use the string name of the middleware
*/
module.exports.policies = {
  // default require authentication
  // see api/policies/authenticated.js
	'*': 'authenticated',

  // whitelist the auth controller
	'auth':
	{
		'*': true
	}
};
	// config/application.js

	var passport = require('passport')
	, LocalStrategy = require('passport-local').Strategy;

	// some static users
	var users = [
	{ id: 1, username: 'bob', password: 'secret', email: 'bob@example.com' }
	, { id: 2, username: 'joe', password: 'birthday', email: 'joe@example.com' }
	];

	// helper functions
	function findById(id, fn) {
	var idx = id - 1;
	if (users[idx]) {
	fn(null, users[idx]);
	} else {
	fn(new Error('User ' + id + ' does not exist'));
	}
	}

	function findByUsername(username, fn) {
	for (var i = 0, len = users.length; i < len; i++) {
	var user = users[i];
	if (user.username === username) {
	return fn(null, user);
	}
	}
	return fn(null, null);
	}


	// Passport session setup.
	// To support persistent login sessions, Passport needs to be able to
	// serialize users into and deserialize users out of the session. Typically,
	// this will be as simple as storing the user ID when serializing, and finding
	// the user by ID when deserializing.
	passport.serializeUser(function(user, done) {
	done(null, user.id);
	});

	passport.deserializeUser(function(id, done) {
	findById(id, function (err, user) {
	done(err, user);
	});
	});


	// Use the LocalStrategy within Passport.
	// Strategies in passport require a `verify` function, which accept
	// credentials (in this case, a username and password), and invoke a callback
	// with a user object. In the real world, this would query a database;
	// however, in this example we are using a baked-in set of users.
	passport.use(new LocalStrategy(
	function(username, password, done) {
	// asynchronous verification, for effect...
	process.nextTick(function () {

	// Find the user by username. If there is no user with the given
	// username, or the password is not correct, set the user to `false` to
	// indicate failure and set a flash message. Otherwise, return the
	// authenticated `user`.
	findByUsername(username, function(err, user) {
	if (err) { return done(err); }
	if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
	if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
	return done(null, user);
	})
	});
	}
	));

	// export

	module.exports = {

	// Name of the application (used as default <title>)
	appName: "Sails Application",

	// Port this Sails application will live on
	port: 1337,

	// The environment the app is deployed in
	// (`development` or `production`)
	//
	// In `production` mode, all css and js are bundled up and minified
	// And your views and templates are cached in-memory. Gzip is also used.
	// The downside? Harder to debug, and the server takes longer to start.
	environment: 'development',

	// Custom express middleware - we use this to register the passport middleware
	express: {
	customMiddleware: function(app)
	{
	app.use(passport.initialize());
	app.use(passport.session());
	}
	}

	};
	// api/controllers/AuthController.js

	var passport = require('passport');

	var AuthController = {

	login: function (req,res)
	{
	res.view();
	},

	process: function(req, res)
	{
	passport.authenticate('local', function(err, user, info)
	{
	if ((err) \|\| (!user))
	{
	res.redirect('/login');
	return;
	}

	req.logIn(user, function(err)
	{
	if (err)
	{
	res.view();
	return;
	}

	res.redirect('/');
	return;
	});
	})(req, res);
	},

	logout: function (req,res)
	{
	req.logout();
	res.redirect('/');
	}

	};

	module.exports = AuthController;
	// api/policies/authenticated.js

	// We use passport to determine if we're authenticated
	module.exports = function(req, res, next)
	{
	if (req.isAuthenticated())
	return next();

	res.redirect('/login')
	}
	// views/auth/login.ejs


	<form action="/login" method="post">
	<div>
	<label>Username:</label>
	<input type="text" name="username"/><br/>
	</div>
	<div>
	<label>Password:</label>
	<input type="password" name="password"/>
	</div>
	<div>
	<input type="submit" value="Submit"/>
	</div>
	</form>
	<p><small>Hint - bob:secret</small></p>
	// config/policies.js

	/**
	* Policy defines middleware that is run before each controller/controller.
	* Any policy dropped into the /middleware directory is made globally available through sails.middleware
	* Below, use the string name of the middleware
	*/
	module.exports.policies = {
	// default require authentication
	// see api/policies/authenticated.js
	'*': 'authenticated',

	// whitelist the auth controller
	'auth':
	{
	'*': true
	}
	};