brianlovin · January 20, 2017 06:43
diff --git a/index.js b/index.js
 var app = require('../app');
 var express = require('express');
 var router = express.Router();
 var mongoose = require('mongoose');
 var async = require('async');
 var jwt = require('jsonwebtoken');
 var User = require("../models/user.js");

 /*------------------------------------------------------------\*
 *             
 *                         ACCOUNT LOGIN
 *
 \*------------------------------------------------------------*/
 router.post('/user/login', function(req, res) {
  User.findOne({
    email: req.body.email
  }, function(err, user) {

    if (err) throw err;

    // if the user doesn't exist yet, create the user
    if (!user) {
      var newUser = new User({ 
        email: req.body.email, 
        password: req.body.password,
        admin: false
      });

      var payload = {
        "user": newUser._id
      }

      // create a new token for the user
      var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
        expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
      });

      // save the new user
      newUser.save(function(err) {
        if (err) throw err;

        console.log('User saved successfully');
        res.json({ success: true, token: token });
      });

    // if the user does exist, authenticate them
    } else if (user) {

      User.getAuthenticated(req.body.email, req.body.password, function(err, user, reason) {
        if (err) throw err;

        // login was successful
        if (user) {

          var payload = {
            "user": user._id
          }
          // create a new token for the user
          var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
            expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
          });

          console.log('login success');
          Item.find({owner: user._id})
            .sort({dateCreated: 1})
            .exec(function(err, items) {
            if (err) throw err;
            res.json({
                ...YOUR_STUFF_HERE
                token: token
            });
          });
        }
      });
    }
  });
 });


 /*------------------------------------------------------------\*
 *             
 *       ALL OTHER REQUESTS MUST BE VERIFIED WITH A TOKEN
 *
 \*------------------------------------------------------------*/
 router.use(function(req, res, next) {

  // check header or url parameters or post parameters for token
  var token = req.body.token || req.query.token || req.headers['x-access-token'];

  // decode token
  if (token) {

    // verifies secret and checks exp
    jwt.verify(token, app.get('YOUR_SECRET_HERE'), function(err, decoded) {      
      if (err) {
        return res.json({ success: false, message: 'Failed to authenticate token.' });    
      } else {
        // if everything is good, save to request for use in other routes
        req.decoded = decoded;    
        next();
      }
    });

  } else {

    // if there is no token
    // return an error
    return res.status(403).send({ 
        success: false, 
        message: 'No token provided.' 
    });
    
  }
 });

 module.exports = router
	var app = require('../app');
	var express = require('express');
	var router = express.Router();
	var mongoose = require('mongoose');
	var async = require('async');
	var jwt = require('jsonwebtoken');
	var User = require("../models/user.js");

	/------------------------------------------------------------\
	*
	* ACCOUNT LOGIN
	*
	\------------------------------------------------------------/
	router.post('/user/login', function(req, res) {
	User.findOne({
	email: req.body.email
	}, function(err, user) {

	if (err) throw err;

	// if the user doesn't exist yet, create the user
	if (!user) {
	var newUser = new User({
	email: req.body.email,
	password: req.body.password,
	admin: false
	});

	var payload = {
	"user": newUser._id
	}

	// create a new token for the user
	var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
	expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
	});

	// save the new user
	newUser.save(function(err) {
	if (err) throw err;

	console.log('User saved successfully');
	res.json({ success: true, token: token });
	});

	// if the user does exist, authenticate them
	} else if (user) {

	User.getAuthenticated(req.body.email, req.body.password, function(err, user, reason) {
	if (err) throw err;

	// login was successful
	if (user) {

	var payload = {
	"user": user._id
	}
	// create a new token for the user
	var token = jwt.sign(payload, app.get('YOUR_SECRET_HERE'), {
	expiresIn: 60 * 60 * 24 * 30 // expires in 30 days
	});

	console.log('login success');
	Item.find({owner: user._id})
	.sort({dateCreated: 1})
	.exec(function(err, items) {
	if (err) throw err;
	res.json({
	...YOUR_STUFF_HERE
	token: token
	});
	});
	}
	});
	}
	});
	});


	/------------------------------------------------------------\
	*
	* ALL OTHER REQUESTS MUST BE VERIFIED WITH A TOKEN
	*
	\------------------------------------------------------------/
	router.use(function(req, res, next) {

	// check header or url parameters or post parameters for token
	var token = req.body.token \|\| req.query.token \|\| req.headers['x-access-token'];

	// decode token
	if (token) {

	// verifies secret and checks exp
	jwt.verify(token, app.get('YOUR_SECRET_HERE'), function(err, decoded) {
	if (err) {
	return res.json({ success: false, message: 'Failed to authenticate token.' });
	} else {
	// if everything is good, save to request for use in other routes
	req.decoded = decoded;
	next();
	}
	});

	} else {

	// if there is no token
	// return an error
	return res.status(403).send({
	success: false,
	message: 'No token provided.'
	});

	}
	});

	module.exports = router