robwormald · August 29, 2015 13:56
diff --git a/AuthController.js b/AuthController.js





 module.exports = {


 	login : function(req,res){


 		res.view('login')


 	},
 	//verifies a login request and issues a token if valid.
 	authenticate : function(req,res){

 		var username = req.param('username')
 		var password = req.param('password')

 		if(!username || !password){
 			return res.json(403,{err : 'username and password required'})
 		}

 		User.findOneByUsername(username,function(err,user){
 			if(!user){
 				return res.json(403,{err : 'invalid username or password'})
 			}

 			User.validPassword(password,user,function(err,valid){
 				
 				if(err){
 					return res.json(403,{err : 'forbidden'})
 				}

 				if(!valid){
 					return res.json(403,{err : 'invalid username or password'})
 				}
 					else{
 						res.json({user : user, token : sailsTokenAuth.issueToken(user)})

 					}

 			})

 		})


 	},

 	preflight : function(req,res){



 		res.json({timestamp : new Date()})



 	}	





 

 }
diff --git a/sailsTokenAuth.js b/sailsTokenAuth.js
 //in api/services
 var jwt = require('jsonwebtoken')
 var socketjwt = require('socketio-jwt')


 module.exports.issueToken = function(payload){
 	var token = jwt.sign(payload,process.env.TOKEN_SECRET)
 	return token;
 }

 module.exports.verifyToken = function(token,verified){
 	return jwt.verify(token,process.env.TOKEN_SECRET,{},verified)
 }



diff --git a/sockets.js b/sockets.js
 //config/sockets.js

 authorization: function authorizeAttemptedSocketConnection(reqObj, cb) {

        
        //  
        // to allow the connection, call `cb(null, true)`
        // to prevent the connection, call `cb(null, false)`
        // to report an error, call `cb(err)`

        // Any data saved in `handshake` is available in subsequent requests
        // from this as `req.socket.handshake.*`
        if(reqObj.query.token){
          sailsTokenAuth.verifyToken(reqObj.query.token,function(err,tokenData){
            if(tokenData){
              reqObj.handshake = tokenData;
              cb(null,true)
            }
            else{
              cb(null,false)
            }
          })
        }
        else{
          //uncomment to allow sockets w/o tokens
          //reqObj.handshake = {authenticated : false}
          //cb(null,true)
          cb(null,false)
        }
        
        },





	module.exports = {


	login : function(req,res){


	res.view('login')


	},
	//verifies a login request and issues a token if valid.
	authenticate : function(req,res){

	var username = req.param('username')
	var password = req.param('password')

	if(!username \|\| !password){
	return res.json(403,{err : 'username and password required'})
	}

	User.findOneByUsername(username,function(err,user){
	if(!user){
	return res.json(403,{err : 'invalid username or password'})
	}

	User.validPassword(password,user,function(err,valid){

	if(err){
	return res.json(403,{err : 'forbidden'})
	}

	if(!valid){
	return res.json(403,{err : 'invalid username or password'})
	}
	else{
	res.json({user : user, token : sailsTokenAuth.issueToken(user)})

	}

	})

	})


	},

	preflight : function(req,res){



	res.json({timestamp : new Date()})



	}







	}
	//in api/services
	var jwt = require('jsonwebtoken')
	var socketjwt = require('socketio-jwt')


	module.exports.issueToken = function(payload){
	var token = jwt.sign(payload,process.env.TOKEN_SECRET)
	return token;
	}

	module.exports.verifyToken = function(token,verified){
	return jwt.verify(token,process.env.TOKEN_SECRET,{},verified)
	}
	//config/sockets.js

	authorization: function authorizeAttemptedSocketConnection(reqObj, cb) {


	//
	// to allow the connection, call `cb(null, true)`
	// to prevent the connection, call `cb(null, false)`
	// to report an error, call `cb(err)`

	// Any data saved in `handshake` is available in subsequent requests
	// from this as `req.socket.handshake.*`
	if(reqObj.query.token){
	sailsTokenAuth.verifyToken(reqObj.query.token,function(err,tokenData){
	if(tokenData){
	reqObj.handshake = tokenData;
	cb(null,true)
	}
	else{
	cb(null,false)
	}
	})
	}
	else{
	//uncomment to allow sockets w/o tokens
	//reqObj.handshake = {authenticated : false}
	//cb(null,true)
	cb(null,false)
	}

	},