Skip to content

Instantly share code, notes, and snippets.

@smoebody

smoebody/gist:ec7eebc200b031ec44f5 Secret

Created April 13, 2015 16:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save smoebody/ec7eebc200b031ec44f5 to your computer and use it in GitHub Desktop.
Save smoebody/ec7eebc200b031ec44f5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.js
var mongoose = require('mongoose')
, Schema = mongoose.Schema
, createdModifiedPlugin = require('mongoose-createdmodified').createdModifiedPlugin
, crypto = require('crypto')
, _ = require('underscore')
var TOKEN_SIZE = 16,
TOKEN_PATTERN = /^[0-9A-Fa-f]+$/;
var TokenSchema = new Schema({
token: {
type: String,
match: TOKEN_PATTERN,
unique: true,
index: true
},
user: {
type: Schema.ObjectId,
ref: "User",
required: true,
index: true
},
client: {
type: Schema.ObjectId,
ref: "Client",
required: true,
index: true
},
activated: {
type: Boolean,
index: true,
default: false
}
});
TokenSchema.plugin(createdModifiedPlugin);
TokenSchema.statics.newInstance = function (user, client, cb) {
if (!user || !client) return cb(new Error('[newInstance] invalid obj'));
var self = this;
this.generateToken(function (err, token) {
if (err) return cb(err);
var token = new self({
token: token,
user: user,
client: client
});
cb(err, token);
});
};
TokenSchema.statics.generateToken = function (cb) {
crypto.randomBytes(TOKEN_SIZE, function (ex, buf) {
if (ex) return cb(new Error('[generateToken] cannot generate token'));
var token = buf.toString('hex');
console.log('[generateToken] token=' + token);
return cb(null, token);
});
};
mongoose.model('Token', TokenSchema);
exports.authorize = function (req, res, next) {
if (!req.client && !req.user) {
console.log('[authorize] invalid arguments: client and user');
return res.send(400);
}
Token.findOne({ user: req.user, client: req.client, activated: true }, function (err, token) {
if (err) return next(err);
if (!token) {
// create new token
Token.newInstance(req.user, req.client, function (err, token) {
if (err) return next(err);
if (!token) return res.send(500);
token.save(function (err, token) {
if (err) return next(err);
if (!token) res.send(500);
res.json({
user: token.user,
code: token.token,
grant_type: "authorization_code"
});
});
});
} else {
// use exisiting token
res.json({
user: token.user,
code: token.token,
grant_type: "authorization_code"
});
}
});
};
@smoebody
Copy link
Author

the authorize method is called by express. the params are the request object, the response object and the next() method.

the res.body object in mongoose v3.8.x looks like this:

{ 
  user: '552bf2eb39f987bb039aaeff',
  code: 'e3d75db1c89c18d5d36b5b34711b8b72',
  grant_type: 'authorization_code' 
}

in mongoose v4.0.1 it looks like this:

{ user: 
   { _id: '552bf408e1d9daad04986570',
     name: 'Bob',
     email: 'bob@example.com',
     password_hashed: '$2a$08$ux.SZq6Q.AgqFYMU/J1AFO8inE8kddlVFxeatzUpLI8Xyz.f9FFme',
     __v: 0,
     modified: '2015-04-13T16:51:20.598Z',
     created: '2015-04-13T16:51:20.583Z',
     activated: true },
  code: '2702ce9d3f4c72e6adbc46c6b8268ee7',
  grant_type: 'authorization_code' 
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment