robwormald/AuthController.js

## AuthController.js


module.exports = {


	login : function(req,res){


		res.view('login')


	},
	//verifies a login request and issues a token if valid.
	authenticate : function(req,res){

		var username = req.param('username')
		var password = req.param('password')

		if(!username || !password){
			return res.json(403,{err : 'username and password required'})
		}

		User.findOneByUsername(username,function(err,user){
			if(!user){
				return res.json(403,{err : 'invalid username or password'})
			}

			User.validPassword(password,user,function(err,valid){

				if(err){
					return res.json(403,{err : 'forbidden'})
				}

				if(!valid){
					return res.json(403,{err : 'invalid username or password'})
				}
					else{
						res.json({user : user, token : sailsTokenAuth.issueToken(user)})

					}

			})

		})


	},

	preflight : function(req,res){


		res.json({timestamp : new Date()})


	}


}

## sailsTokenAuth.js
//in api/services
var jwt = require('jsonwebtoken')
var socketjwt = require('socketio-jwt')


module.exports.issueToken = function(payload){
	var token = jwt.sign(payload,process.env.TOKEN_SECRET)
	return token;
}

module.exports.verifyToken = function(token,verified){
	return jwt.verify(token,process.env.TOKEN_SECRET,{},verified)
}


## sockets.js
//config/sockets.js

authorization: function authorizeAttemptedSocketConnection(reqObj, cb) {


        //
        // to allow the connection, call `cb(null, true)`
        // to prevent the connection, call `cb(null, false)`
        // to report an error, call `cb(err)`

        // Any data saved in `handshake` is available in subsequent requests
        // from this as `req.socket.handshake.*`
        if(reqObj.query.token){
          sailsTokenAuth.verifyToken(reqObj.query.token,function(err,tokenData){
            if(tokenData){
              reqObj.handshake = tokenData;
              cb(null,true)
            }
            else{
              cb(null,false)
            }
          })
        }
        else{
          //uncomment to allow sockets w/o tokens
          //reqObj.handshake = {authenticated : false}
          //cb(null,true)
          cb(null,false)
        }

        },





	module.exports = {


	login : function(req,res){


	res.view('login')


	},
	//verifies a login request and issues a token if valid.
	authenticate : function(req,res){

	var username = req.param('username')
	var password = req.param('password')

	if(!username \|\| !password){
	return res.json(403,{err : 'username and password required'})
	}

	User.findOneByUsername(username,function(err,user){
	if(!user){
	return res.json(403,{err : 'invalid username or password'})
	}

	User.validPassword(password,user,function(err,valid){

	if(err){
	return res.json(403,{err : 'forbidden'})
	}

	if(!valid){
	return res.json(403,{err : 'invalid username or password'})
	}
	else{
	res.json({user : user, token : sailsTokenAuth.issueToken(user)})

	}

	})

	})


	},

	preflight : function(req,res){



	res.json({timestamp : new Date()})



	}







	}
	//in api/services
	var jwt = require('jsonwebtoken')
	var socketjwt = require('socketio-jwt')


	module.exports.issueToken = function(payload){
	var token = jwt.sign(payload,process.env.TOKEN_SECRET)
	return token;
	}

	module.exports.verifyToken = function(token,verified){
	return jwt.verify(token,process.env.TOKEN_SECRET,{},verified)
	}
	//config/sockets.js

	authorization: function authorizeAttemptedSocketConnection(reqObj, cb) {


	//
	// to allow the connection, call `cb(null, true)`
	// to prevent the connection, call `cb(null, false)`
	// to report an error, call `cb(err)`

	// Any data saved in `handshake` is available in subsequent requests
	// from this as `req.socket.handshake.*`
	if(reqObj.query.token){
	sailsTokenAuth.verifyToken(reqObj.query.token,function(err,tokenData){
	if(tokenData){
	reqObj.handshake = tokenData;
	cb(null,true)
	}
	else{
	cb(null,false)
	}
	})
	}
	else{
	//uncomment to allow sockets w/o tokens
	//reqObj.handshake = {authenticated : false}
	//cb(null,true)
	cb(null,false)
	}

	},