jdposthuma/app.js

## app.js
/*jslint node: true */
'use strict';

var config = require('./config');
var db = require('./' + config.db.type);
var express = require('express');
var passport = require('passport');
var site = require('./site');
var oauth2 = require('./oauth2');
var user = require('./user');
var client = require('./client');
var token = require('./token');
var diags = require('./diagnostics');
var http = require('http');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var fs = require('fs');
var expressSession = require("express-session");
var path = require('path');
var password = require('password-hash-and-salt');
var _ = require('underscore');

//Pull in the mongo store if we're configured to use it
//else pull in MemoryStore for the session configuration
var sessionStorage;
if (config.session.type === 'MongoStore') {
  var MongoStore = require('connect-mongo')({ session: expressSession });
  console.log('Using MongoDB for the Session');
  sessionStorage = new MongoStore({
    db: config.session.dbName
  });
} else if (config.session.type === 'MemoryStore') {
  var MemoryStore = expressSession.MemoryStore;
  console.log('Using MemoryStore for the Session');
  sessionStorage = new MemoryStore();
} else if (config.session.type === 'PostgreStore') {
  var pgSession = require('connect-pg-simple')(expressSession);
  console.log('Using PostgreSQL for the Session');
  sessionStorage = new pgSession({
    conString: config.db.connection,
    tableName: config.session.tableName
  });
} else {
  //We have no idea here
  throw new Error("Within config/index.js the session.type is unknown: " + config.session.type);
}

//Pull in the mongo store if we're configured to use it else pull in MemoryStore for the database configuration
var db = require('./' + config.db.type);
if (config.db.type === 'mongodb') {
  console.log('Using MongoDB for the data store');
} else if (config.db.type === 'db') {
  console.log('Using MemoryStore for the data store');
} else if (config.db.type === 'postgres') {
  console.log('Using PostgreSQL for the data store');
} else {
  throw new Error("Within config/index.js the db.type is unknown: " + config.db.type);
}

// Express configuration
var app = express();
app.set('view engine', 'ejs');
app.use(cookieParser());

//Session Configuration
app.use(expressSession({
  saveUninitialized: true,
  resave: false,
  secret: config.session.secret,
  store: sessionStorage,
  key: "authorization.sid",
  cookie: { maxAge: config.session.maxAge }
}));

// this is a ugly hack
// we're trying to deserialize the user object for passportjs on every call,
// which duplicates what Passport is doing, however, this looks up the
// session value synchronously before moving on (req.sessionStore.get() vs req.session.user)
// Ideally, passportjs should fix this problem which is a result of express-session reads being asynchronous
app.use(function (req, res, next) {
  // console.log("looking up user");
  req.sessionStore.get(req.sessionID, function (err, mySession) {
    if (mySession && mySession.passport && mySession.passport.user) {
      db.users.find(mySession.passport.user, function (err, user) {
        req.user = user;
        // console.log("set user: " + user.username);
        next();
      });
    } else {
      next();
    }
  });
});

app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());

app.use(function (req, res, next) {
  if (_.contains(config.allowedNonSecurePaths, req.path.toLowerCase())) {
    return next();
  }
  if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] != 'https') {
    res.redirect('https://' + req.hostname + req.url);
  }
  return next();
});

require('./auth');

app.use(passport.initialize());
app.use(passport.session());

app.get('/login', site.loginForm);
app.post('/login', site.login);
app.get('/logout', site.logout);
app.get('/account', site.account);

app.get('/dialog/authorize', oauth2.authorization);
app.post('/dialog/authorize/decision', oauth2.decision);
app.post('/oauth/token', oauth2.token);

app.get('/api/userinfo', user.info);
app.get('/api/clientinfo', client.info);

app.get('/api/tokeninfo', token.info);

app.get('/status', diags.status);

app.use(express.static(path.join(__dirname, 'public')));

app.use(function (err, req, res, next) {
  if (err) {
    res.status(err.status);
    res.json(err);
  } else {
    next();
  }
});

http.createServer(app).listen(process.env.PORT || '3000');
console.log("OAuth 2.0 Authorization Server started on port " + (process.env.PORT || '3000'));
	/jslint node: true /
	'use strict';

	var config = require('./config');
	var db = require('./' + config.db.type);
	var express = require('express');
	var passport = require('passport');
	var site = require('./site');
	var oauth2 = require('./oauth2');
	var user = require('./user');
	var client = require('./client');
	var token = require('./token');
	var diags = require('./diagnostics');
	var http = require('http');
	var cookieParser = require('cookie-parser');
	var bodyParser = require('body-parser');
	var fs = require('fs');
	var expressSession = require("express-session");
	var path = require('path');
	var password = require('password-hash-and-salt');
	var _ = require('underscore');

	//Pull in the mongo store if we're configured to use it
	//else pull in MemoryStore for the session configuration
	var sessionStorage;
	if (config.session.type === 'MongoStore') {
	var MongoStore = require('connect-mongo')({ session: expressSession });
	console.log('Using MongoDB for the Session');
	sessionStorage = new MongoStore({
	db: config.session.dbName
	});
	} else if (config.session.type === 'MemoryStore') {
	var MemoryStore = expressSession.MemoryStore;
	console.log('Using MemoryStore for the Session');
	sessionStorage = new MemoryStore();
	} else if (config.session.type === 'PostgreStore') {
	var pgSession = require('connect-pg-simple')(expressSession);
	console.log('Using PostgreSQL for the Session');
	sessionStorage = new pgSession({
	conString: config.db.connection,
	tableName: config.session.tableName
	});
	} else {
	//We have no idea here
	throw new Error("Within config/index.js the session.type is unknown: " + config.session.type);
	}

	//Pull in the mongo store if we're configured to use it else pull in MemoryStore for the database configuration
	var db = require('./' + config.db.type);
	if (config.db.type === 'mongodb') {
	console.log('Using MongoDB for the data store');
	} else if (config.db.type === 'db') {
	console.log('Using MemoryStore for the data store');
	} else if (config.db.type === 'postgres') {
	console.log('Using PostgreSQL for the data store');
	} else {
	throw new Error("Within config/index.js the db.type is unknown: " + config.db.type);
	}

	// Express configuration
	var app = express();
	app.set('view engine', 'ejs');
	app.use(cookieParser());

	//Session Configuration
	app.use(expressSession({
	saveUninitialized: true,
	resave: false,
	secret: config.session.secret,
	store: sessionStorage,
	key: "authorization.sid",
	cookie: { maxAge: config.session.maxAge }
	}));

	// this is a ugly hack
	// we're trying to deserialize the user object for passportjs on every call,
	// which duplicates what Passport is doing, however, this looks up the
	// session value synchronously before moving on (req.sessionStore.get() vs req.session.user)
	// Ideally, passportjs should fix this problem which is a result of express-session reads being asynchronous
	app.use(function (req, res, next) {
	// console.log("looking up user");
	req.sessionStore.get(req.sessionID, function (err, mySession) {
	if (mySession && mySession.passport && mySession.passport.user) {
	db.users.find(mySession.passport.user, function (err, user) {
	req.user = user;
	// console.log("set user: " + user.username);
	next();
	});
	} else {
	next();
	}
	});
	});

	app.use(bodyParser.urlencoded({ extended: true }));
	app.use(bodyParser.json());

	app.use(function (req, res, next) {
	if (_.contains(config.allowedNonSecurePaths, req.path.toLowerCase())) {
	return next();
	}
	if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] != 'https') {
	res.redirect('https://' + req.hostname + req.url);
	}
	return next();
	});

	require('./auth');

	app.use(passport.initialize());
	app.use(passport.session());

	app.get('/login', site.loginForm);
	app.post('/login', site.login);
	app.get('/logout', site.logout);
	app.get('/account', site.account);

	app.get('/dialog/authorize', oauth2.authorization);
	app.post('/dialog/authorize/decision', oauth2.decision);
	app.post('/oauth/token', oauth2.token);

	app.get('/api/userinfo', user.info);
	app.get('/api/clientinfo', client.info);

	app.get('/api/tokeninfo', token.info);

	app.get('/status', diags.status);

	app.use(express.static(path.join(__dirname, 'public')));

	app.use(function (err, req, res, next) {
	if (err) {
	res.status(err.status);
	res.json(err);
	} else {
	next();
	}
	});

	http.createServer(app).listen(process.env.PORT \|\| '3000');
	console.log("OAuth 2.0 Authorization Server started on port " + (process.env.PORT \|\| '3000'));