Changeset 466 for Dev/trunk/src/server

Timestamp:

06/26/13 14:43:57 (12 years ago)

Author:

hendrikvanantwerpen

Message:

Added authentication (fixed user now).

Location:

Dev/trunk/src/server

Files:

• app.js (modified) (3 diffs)
• config/config-couchdb.js (modified) (6 diffs)
• util (added)
• util/request.js (added)
• util/simple-http-proxy.js (moved) (moved from Dev/trunk/src/server/simple-http-proxy.js)

Dev/trunk/src/server/app.js

@@ -4 +4 @@
 var fs = require("fs");
 var path = require("path");
-var proxy = require("./simple-http-proxy");
+var proxy = require("./util/simple-http-proxy");
 var _ = require("underscore");
 
@@ -31 +31 @@
         }
     }));
+    passport.serializeUser(function(user, done) {
+        done(null, user.username);
+    });
+    passport.deserializeUser(function(id, done) {
+        done(null, {username: id});
+    });
 
     var app = express();
@@ -56 +62 @@
     });
 
+    
     // url to login (might work on others as well?)
     // you should then have a session to work with
-    app.post('/api/login');
+    // should return a user info object
+    function returnUser(req,res) {
+        res.send(200, req.user);
+    }
+    app.post(
+        '/api/login',
+        passport.authenticate('local'),
+        returnUser);
 
+    // ensure we're authenticated on API calls
+    app.use('/api', function(req,res,next){
+        if (!req.user) {
+            return res.send(401,{error:"Login before accessing API."});
+        } else {
+            return next();
+        }
+    });
+    
+    app.get(
+        '/api/login',
+        returnUser);
+
+    app.post(
+        '/api/logout', function(req,res){
+            req.logout();
+            res.send(200,{});
+        });
+
+    app.get('/api/surveyRun/:id/response/csv',
+            function(req, res) {
+                var id = req.params.id;
+                // query CouchDB and build the CSV file
+                res.set({
+                    'Content-Type': 'text/csv',
+                    'Content-Disposition': 'attachment; filename=responses-'+id+'.csv'
+                });
+                res.send(200, "Response for surveyRun "+id);
+            });
+    
     // forward to couch
-    app.use('/data/couch', proxy(settings.couchDbURL));
+    app.use('/api/data', proxy(settings.couchDbURL));
 
     return app;

Dev/trunk/src/server/config/config-couchdb.js

@@ -1 +1 @@
 var q = require('q');
-var HTTP = require('q-io/http');
-var URL = require('url');
+var request = require('../util/request');
 var _ = require('underscore');
 var util = require('util');
@@ -27 +26 @@
     }
 
-    function request(method,path,content) {
+    function dbRequest(method,path,content) {
         var url = couchDbURL+path;
-        var parsedURL = URL.parse(url);
         var options = {
-            url: url,
             method: method,
             headers: {
@@ -37 +34 @@
                 'accept': 'application/json'
             },
-            body: {
-                forEach: function(callback) {
-                    callback(JSON.stringify(content || {}));
-                }
-            }
+            body: content
         };
-        // because q-io doesn't support auth properly, we have to
-        // build the f*ing wheel again.
-        if ( parsedURL.auth ) {
-            var auth = new Buffer(parsedURL.auth).toString("base64");
-            options.headers.authorization = 'Basic '+auth;
-        }
-        return HTTP.request(options)
-        .then(function(res){
-            return res.body.read().then(function(content){
-                return JSON.parse(content.toString() || "{}");
-            });
-        },function(res){
-            return res.body.read().then(function(error){
-                console.warn(error); // q.all doesn't do errors, so let's show them here
-                return JSON.parse(error.toString() || "{}");
-            });
-        });
+        return request(url,options);
     }
 
     console.log("Configuring CouchDB for QED");
     console.log("Checking CouchDB version");
-    return request('GET','')
+    return dbRequest('GET','')
     .then(function(res){
         if (res.version !== "1.2.0" ) {
@@ -73 +50 @@
     }).then(function(res){
         console.log("Checking database 'qed'");
-        return request('GET','qed')
+        return dbRequest('GET','qed')
         .then(function(res){
             console.log("Database 'qed' found.");
         },function(err){
             console.log("Creating database 'qed'");
-            return request('PUT','qed');
+            return dbRequest('PUT','qed');
         });
     }).then(function(){
@@ -92 +69 @@
                 case "update":
                     console.log(docUrl+" updating.");
-                    return request('GET',docUrl)
+                    return dbRequest('GET',docUrl)
                     .then(function(oldDoc){
                         _.extend(oldDoc,doc);
-                        return request('PUT',docUrl,oldDoc);
+                        return dbRequest('PUT',docUrl,oldDoc);
                     },function(){
-                        return request('PUT',docUrl,doc);
+                        return dbRequest('PUT',docUrl,doc);
                     });
                 break;
@@ -103 +80 @@
                 default:
                     console.log(docUrl+" replacing.");
-                    return request('GET',docUrl)
+                    return dbRequest('GET',docUrl)
                     .then(function(oldDoc){
                         _.extend(doc,_.pick(oldDoc,'_id','_rev'));
-                        return request('PUT',docUrl,doc);
+                        return dbRequest('PUT',docUrl,doc);
                     },function(){
-                        return request('PUT',docUrl,doc);
+                        return dbRequest('PUT',docUrl,doc);
                     });
                 break;