-
-
Save vunb/8b6ce5e3da3156adacd64829383e409e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* AuthController | |
* | |
* @description :: Server-side logic for managing auths | |
* @help :: See http://links.sailsjs.org/docs/controllers | |
*/ | |
module.exports = { | |
index: function (req, res) { | |
var email = req.param('email'); | |
var password = req.param('password'); | |
if (!email || !password) { | |
return res.json(401, {err: 'email and password required'}); | |
} | |
Users.findOne({email: email}, function (err, user) { | |
if (!user) { | |
return res.json(401, {err: 'invalid email or password'}); | |
} | |
Users.comparePassword(password, user, function (err, valid) { | |
if (err) { | |
return res.json(403, {err: 'forbidden'}); | |
} | |
if (!valid) { | |
return res.json(401, {err: 'invalid email or password'}); | |
} else { | |
res.json({ | |
user: user, | |
token: jwToken.issue({id : user.id }) | |
}); | |
} | |
}); | |
}) | |
} | |
}; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* jwToken | |
* | |
* @description :: JSON Webtoken Service for sails | |
* @help :: See https://github.com/auth0/node-jsonwebtoken & http://sailsjs.org/#!/documentation/concepts/Services | |
*/ | |
var | |
jwt = require('jsonwebtoken'), | |
tokenSecret = "secretissecet"; | |
// Generates a token from supplied payload | |
module.exports.issue = function(payload) { | |
return jwt.sign( | |
payload, | |
tokenSecret, // Token Secret that we sign it with | |
{ | |
expiresInMinutes : 180 // Token Expire time | |
} | |
); | |
}; | |
// Verifies token on a request | |
module.exports.verify = function(token, callback) { | |
return jwt.verify( | |
token, // The token to be verified | |
tokenSecret, // Same token we used to sign | |
{}, // No Option, for more see https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback | |
callback //Pass errors or decoded token to callback | |
); | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* For more information on how policies work, see: | |
* http://sailsjs.org/#/documentation/concepts/Policies | |
* | |
* For more information on configuring policies, check out: | |
* http://sailsjs.org/#/documentation/reference/sails.config/sails.config.policies.html | |
*/ | |
module.exports.policies = { | |
'*': ['isAuthorized'], // Everything resctricted here | |
'UsersController': { | |
'create': true // We dont need authorization here, allowing public access | |
}, | |
'AuthController': { | |
'*': true // We dont need authorization here, allowing public access | |
} | |
}; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Users.js | |
* | |
* @description :: TODO: You might write a short summary of how this model works and what it represents here. | |
* @docs :: http://sailsjs.org/#!documentation/models | |
*/ | |
// We don't want to store password with out encryption | |
var bcrypt = require('bcrypt'); | |
module.exports = { | |
schema: true, | |
attributes: { | |
email: { | |
type: 'email', | |
required: 'true', | |
unique: true // Yes unique one | |
}, | |
encryptedPassword: { | |
type: 'string' | |
}, | |
// We don't wan't to send back encrypted password either | |
toJSON: function () { | |
var obj = this.toObject(); | |
delete obj.encryptedPassword; | |
return obj; | |
} | |
}, | |
// Here we encrypt password before creating a User | |
beforeCreate : function (values, next) { | |
bcrypt.genSalt(10, function (err, salt) { | |
if(err) return next(err); | |
bcrypt.hash(values.password, salt, function (err, hash) { | |
if(err) return next(err); | |
values.encryptedPassword = hash; | |
next(); | |
}) | |
}) | |
}, | |
comparePassword : function (password, user, cb) { | |
bcrypt.compare(password, user.encryptedPassword, function (err, match) { | |
if(err) cb(err); | |
if(match) { | |
cb(null, true); | |
} else { | |
cb(err); | |
} | |
}) | |
} | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* UsersController | |
* | |
* @description :: Server-side logic for managing users | |
* @help :: See http://links.sailsjs.org/docs/controllers | |
*/ | |
module.exports = { | |
create: function (req, res) { | |
if (req.body.password !== req.body.confirmPassword) { | |
return res.json(401, {err: 'Password doesn\'t match, What a shame!'}); | |
} | |
Users.create(req.body).exec(function (err, user) { | |
if (err) { | |
return res.json(err.status, {err: err}); | |
} | |
// If user created successfuly we return user and token as response | |
if (user) { | |
// NOTE: payload is { id: user.id} | |
res.json(200, {user: user, token: jwToken.issue({id: user.id})}); | |
} | |
}); | |
} | |
}; |
Just: npm i bcrypt jsonwebtoken
Just:
npm i bcrypt jsonwebtoken
thank you man
Thank you for straight forward and concise example, saved a bunch of time for me! So jwt, much sails, wow, 100%
Really loved the simplest way of integration, will it support Sails 1 version. Also, instead of jwt, can we do it using jwe as its more secured? Whats your suggestion? Looking forward to hear from you
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, may please say what is the dependencies of this JWT method?
can you write what word i type in "npm i" for installing dependencies?