I can't seem to get my csurf token to work in my pop up strictly css modal, for authentication purposes. It works fine in a page (not in modal). I am using Pug view engine, express and cookie parser. Below is the relevant code, any suggestions would be appreciated, thank you.
layout.pug
a(href="#open-modal")
span Login
div(id="open-modal" class="modal-window")
div
a(href="#" title="Close" class="modal-close") Close
h1 Login
div
+errorSummaryList(errors)
form(method="post" action="/get" class="nav__login")
input(type="hidden" name="_csrf" value=csrfToken)
label(for="username") Username:
input(type="text" name="username" id="username")
label(for="password") Password:
input(type="password" name="password" id="password")
button Submit
button Demo User
auth.js
const { User } = require('./db/models');
function loginUser(req, res, user){
req.session.auth = {
userId: user.id
};
req.session.save(function () {
res.redirect("/");
});
console.log(req.session)
};
async function restoreUser(req, res, next){
if(req.session.auth){
let { userId }= req.session.auth;
try{
let user = await User.findByPk(userId);
if(user){
res.locals.authenticated = true;
res.locals.user = user;
console.log(res.locals)
next();
}
} catch(error){
res.locals.authenticated = false;
next(error);
}
}
res.locals.authenticated = false;
next();
}
function logoutUser(req,res){
delete req.session.auth;
}
users.js
router.get('/login', csrfProtection, asyncHandler(async(req, res, next)=> {
let user = User.build();
res.render('user-login',{user, csrfToken: req.csrfToken()})
}));
router.post('/login',loginValidators, csrfProtection, asyncHandler(async(req, res, next)=>{
const { username, password } = req.body;
let errors = [];
const validationErrors = validationResult(req);
if(validationErrors.isEmpty()){
const user = await User.findOne({
where:{
username
}
})
if(user){
console.log('found user')
const isVerified = await bcrypt.compare(password, user.password.toString())
if(isVerified){
console.log("verified")
loginUser(req, res, user)
return;
}
errors.push("Username and/or password are incorrect. Try again. ");
}
}
validationErrors.array().map(err => errors.push(err.msg));
res.render('user-login',{errors, csrfToken: req.csrfToken()})
}));
app.js
const createError = require('http-errors');
const express = require('express');
const path = require('path');
const cookieParser = require('cookie-parser');
const logger = require('morgan');
const { sequelize } = require('./db/models');
const session = require('express-session');
const SequelizeStore = require('connect-session-sequelize')(session.Store);
const indexRouter = require('./routes/index');
const usersRouter = require('./routes/users');
const { restoreUser } = require('./auth');
const { sessionSecret } = require('./config');
const app = express();
// view engine setup
app.set('view engine', 'pug');
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser(sessionSecret));
app.use(express.static(path.join(__dirname, 'public')));
// set up session middleware
const store = new SequelizeStore({ db: sequelize });
app.use(
session({
secret: sessionSecret,
store,
saveUninitialized: false,
resave: false,
})
);
Related
Everything is going great which I shared code but the problem is that when I log in the next time when I visit the website it shows me again the login form so I don't want this process repeatedly
I used there bcrypt,jwt token and cookies for user login
This is my route where I define user register and login
router.post("/api/usersave", urlencodedParser, vUserController.createUser)
router.post("/api/userlogin", urlencodedParser, vUserController.loginUser)
This is my controller of user registration and login
const express = require("express");
const app = express();
const path = require("path")
var bodyParser = require('body-parser')
const mongoose = require("mongoose")
const hbs = require('hbs');
const router = express.Router()
const bcrypt = require("bcrypt")
const jwt = require("jsonwebtoken")
const cookieparser = require("cookie-parser")
exports.createUser=(req, res)=>{
// console.log(req.body.itemname)
const oldUser = userModel.findOne({ username: req.body.username });
if (oldUser) {
return res.status(409).send("User Already Exist. Please Login");
}
const rsUsers = new userModel(req.body)
rsUsers.save().then(() => {
console.log('User: ' + req.body.username + ' Saved')
}).catch((err)=>{
console.log('User Saved Error..' + err)
});
res.render("home", {abc: req.body})
// res.send("User Created ... ")
return true
}
exports.loginUser= async (req, res)=>{
// console.log(req.body.username)
// console.log(password)
var password = req.body.password
const findUser = await userModel.findOne({username: req.body.username})
// console.log(findUser.username)
if (!findUser){
res.send("User ID Not Found")
}
else {
bcrypt.compare(req.body.password, findUser.password, function(err, result) {
if (!result){
// console.log('User Login Failed')
res.send("User Login Failed")
}
else{
console.log('User Login Successfully')
const vToken = findUser.generateJWTToken()
res.cookie("node1", vToken)
// console.log(vToken)
res.render("home", {abc: req.body})
}
});
}
}
This is my model of user registration and login
const express = require("express");
const app = express();
const path = require("path")
var bodyParser = require('body-parser')
const mongoose = require("mongoose")
const bcrypt = require('bcrypt')
const jwt = require("jsonwebtoken")
const schema2 = new mongoose.Schema({
username: {type: String, required: true},
useremail: String,
password: String,
tokens: [{
token: String
}]
})
schema2.pre('save', async function(next){
// var saltrange = bcrypt.genSalt(10)
if(this.isModified("password")){
var saltrange = 10
this.password = bcrypt.hashSync(this.password, saltrange)
next()
}
})
schema2.methods.generateJWTToken = function(){
try {
var generatedtoken = jwt.sign({id: this._id}, "FULLSTACKWEBDEVELOPMENTMEANMERNBATCH")
// console.log(generatedtoken)
this.tokens = this.tokens.concat({token: generatedtoken})
this.save()
return generatedtoken
}
catch(err){
console.log(err)
return "false"
}
}
const userModel = mongoose.model('userModel', schema2)
module.exports = userModel
enter code here
You can control this login page rendering by checking you are valid login user or not. You can check this by a middleware function in your route file
const {isLoggedIn} = require("./middleware");
app.get("/login", isLoggedIn, (req, res)=>{
res.render("login");
})
app.get("/reg", isLoggedIn, (req, res)=>{
res.render("userRegister");
})
//For Logout from this session simply hit logout url
router.get('/logout', async (req, res) => {
res.clearCookie('node1')
res.redirect("/login");
});
where isLoggedIn is a middleware function which will check if you are an existing valid user or not
middleware.js
const jwt = require('jsonwebtoken');
module.exports.isLoggedIn = async(req,res, next)=>{
try{
const token = req.cookies ? req.cookies.node1 : null;
const decoded = token ? jwt.verify(token, "FULLSTACKWEBDEVELOPMENTMEANMERNBATCH") : null
if(decoded){
return res.redirect('/home');
}
console.log(decoded);
next();
}catch(err){
res.render("login");
}
}
Hoping this may work in your case
I have read some documentation on express routing and I am trying to render the logged in user's username or identification in the url. I need help getting the routing hit in my server.js to render the pages even before authentication. Where am I messing up?
Routing (profile.js)
const express = require("express");
var router = express.Router();
const User = require("../models/user");
const passport = require("passport");
const multer = require("multer");
// Profile Avatar
const upload = multer({ dest: "upload" });
// ACCOUNT ROUTES
router
.route("/profile/:id")
.get(function (req, res) {
if (req.isAuthenticated()) {
let dateObj = req.user.createdAt;
let createdDate = dateObj.toString().slice(4, 16);
let navbarLoggedIn = "partials/loggedIn-navbar.ejs";
let id = req.params.username;
console.log(id + "\n");
res.render(
"profile",
{ id: req.params.id },
{
currentUser: req.user.username,
currentCompany: req.user.company,
currentLocation: req.user.location,
currentPosition: req.user.position,
memberStatus: createdDate,
navbar: navbarLoggedIn,
}
);
} else {
res.redirect("login");
}
})
.post(function (req, res) {});
module.exports = router;
server.js
require("dotenv").config();
const express = require("express");
const session = require("express-session");
const passport = require("passport");
const path = require("path");
const ejs = require("ejs");
const logger = require("morgan");
const main = require("./routes/main");
const about = require("./routes/about");
const contact = require("./routes/contact");
const profile = require("./routes/profile");
const pricing = require("./routes/pricing");
const help = require("./routes/help");
const login = require("./routes/login");
const signup = require("./routes/signup");
const forgot_password = require("./routes/forgot-password");
const User = require("./models/user");
const multer = require("multer");
// PORT
const port = 8080;
const app = express();
// COOKIES AND SESSION
app.use(
session({
secret: process.env.SECRET,
resave: false,
saveUninitialized: true,
})
);
app.use(passport.initialize());
app.use(passport.session());
// DATABASE
require("./config/database.js");
// PASSPORT AUTHENTICATION
require("./config/passport.js");
// MIDDLEWARE
app.use(logger("dev"));
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use("/public", express.static(path.join(__dirname + "/public")));
app.set("view engine", "ejs");
app.set("view cache", false);
// ROUTES
app.use("/", main);
app.use("/about", about);
app.use("/contact", contact);
app.use("/pricing", pricing);
app.use("/profile/:id", profile, (req, res, next) => {
next();
});
app.use("/help", help);
app.use("/login", login);
app.use("/signup", signup);
app.use("/forgot-password", forgot_password);
// Logout
app.get("/logout", function (req, res) {
res.clearCookie("connect.sid");
res.redirect("/");
});
app.listen(port, (err, done) => {
if (!err) {
console.log({ message: "success!" });
} else {
return err;
}
});
And here is my file structure.file structure.
views strucutre
When you define the profile router in your main server file, instead of defining one specific route, define a short prefix. In your case you'll use /profile. Then in your router simply define the rest of the route (/:id).
Example:
Server:
app.use("/profile", profile, (req, res, next) => {
next();
});
Router:
router
.route("/:id")
.get(function (req, res) {
if (req.isAuthenticated()) {
let dateObj = req.user.createdAt;
let createdDate = dateObj.toString().slice(4, 16);
let navbarLoggedIn = "partials/loggedIn-navbar.ejs";
let id = req.params.username;
console.log(id + "\n");
res.render(
"profile",
{
id: req.params.id
},
{
currentUser: req.user.username,
currentCompany: req.user.company,
currentLocation: req.user.location,
currentPosition: req.user.position,
memberStatus: createdDate,
navbar: navbarLoggedIn,
}
);
} else {
res.redirect("login");
}
});
I am using react and nodejs with passportjs. I called a post request to validate the username and password using local strategy. and on same page, I have a button that calls a get request to just console.log(req.user).
The issue is: on route /login - post, I am being able to console.log(req.user) while when I click on a button to make a get request to /getstatus, it gives me undefined.
If you check the /login post route, the res.send(req.user) also sends undefined, whereas the console.log(req.user) is showing the right information in the console.
I need help, do not know what I am doing wrong.
Below I have my code:
const express = require("express");
const bodyParser = require("body-parser");
require("dotenv").config();
const mongoose = require("mongoose");
const passport = require("passport");
const passportLocalMongoose = require("passport-local-mongoose");
const cookieParser = require("cookie-parser");
const expressSession = require("express-session");
const cors = require("cors");
const session = require("cookie-session");
const LocalStrategy = require("passport-local").Strategy;
//............................Initialization of middleware..........................
const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cors());
app.use(cookieParser());
app.use(passport.initialize());
app.use(passport.session());
//..............connect to a database...............................
const Users = new mongoose.Schema({
username: String,
password: String,
});
Users.plugin(passportLocalMongoose);
const MyModel = mongoose.model("MyModel", Users);
passport.use(MyModel.createStrategy());
// passport.use(new LocalStrategy(MyModel.authenticate()));
passport.serializeUser(MyModel.serializeUser());
passport.deserializeUser(MyModel.deserializeUser());
mongoose.connect(
process.env.DB_HOST,
{
useNewUrlParser: true,
useUnifiedTopology: true,
},
() => {
console.log("Database Connected");
}
);
// };
//......................Routes........................
app.post(
"/login",
cors(),
passport.authenticate("local", {
failureRedirect: "/failure",
}),
function (req, res, next) {
res.send(req.user);
console.log(req.user);
}
);
app.get("/failure", (req, res) => {
res.send({
name: "fff",
age: 23,
status: 500,
msg: "Invalid Username or Password",
color: "danger",
});
});
app.post("/reg", cors(), (req, res) => {
let username = req.body.username;
let password = req.body.password;
// connectdb();
MyModel.register({ username: username, active: false }, password, function (
err,
user
) {
if (err) {
console.log(err);
} else {
res.send("Success");
}
});
});
app.get("/getstatus", (req, res) => {
console.log(req.user);
});
//...........Start Server..........................
app.listen(5000, () => {
console.log("Server Started on Port 5000");
});
I got the solution, the issue is not with passportJS. it is with Axios.
This line of code is needed:
Axios.defaults.withCredentials = true;
i have a Problem with my project. I want to make a little download system for pictures, so i made a router for /download/:filename. I have the pictures in /userdata/${userId}/ and if i request /download/ with a param like test it logs in my console, but if i use a param wich exists in the userdata folder like Download.jpg it redirects me back to the homepath of the user: /file/${userId} here is my code:
app.js
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var index = require('./routes/index');
const admin = require("./routes/admin");
import file from "./routes/file";
import download from "./routes/download";
const session = require("express-session");
var app = express();
app.set("trust proxy", 1);
app.use(session({
secret: "bla",
resave: false,
cookie: {
maxAge: 120000000
},
saveUninitialized: false
}));
function checkIfLoggedin(req,res,next){
if(!(req.originalUrl === "/") && !req.session.loggedIn){
res.redirect('/');
return;
}
next();
};
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use(checkIfLoggedin);
app.use('/', index);
app.use("/admin", admin);
app.use("/file", file);
app.use("/download", download);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
index.js router
var express = require('express');
var router = express.Router();
const bcrypt = require('bcrypt-nodejs');
var dbPassword;
import mysql from "mysql";
//
/* GET home page. */
router.get('/', function(req, res, next) {
if (req.session.user != undefined) {
res.redirect("/file/"+req.session.user.userId);
}
else{
res.render('index', {});
}
});
router.post('/', function(req,res,next) {
console.log("1");
const enteredUsername = req.body.username;
const enteredPassword = req.body.password;
const con = mysql.createConnection({
host: "localhost",
user: "user",
password: "pass",
database: "db"
});
con.query('SELECT * FROM users WHERE username = ?;', [`${enteredUsername}`], (error, results, fields) => {
if (results.length > 0) {
console.log("2");
console.log(error);
let dbPassword = results[0].password;
bcrypt.compare(enteredPassword, dbPassword, (err,response) => {
console.log(err);
console.log(response);
console.log("3");
if (response == true) {
req.session.user = {
userId: results[0].userId,
username: results[0].username,
isAdmin: results[0].isAdmin,
};
req.session.loggedIn = true;
console.log("file");
if (req.session.user.isAdmin) {
res.redirect("/admin");
}
else{
res.redirect("/file/" + req.session.user.userId);
}
}
else{
req.session.loggedIn = false;
console.log("false");
res.send("Falsches Passwort");
}
});
}
else{
res.send("Falsche Daten");
}
});
});
router.get("/logout", (req,res,next) => {
if (req.session.user.userId) {
req.session.destroy();
res.redirect("/");
}
});
module.exports = router;
file.js
import express from "express";
import fs from "fs";
const router = express.Router();
const userDataPath = "/srv/www/www.precode.tech/www/userdata/";
router.get("/:userId", (req,res,next) => {
//console.log(req.params.userId == req.session.user.userId);
if (req.params.userId == req.session.user.userId) {
const userDataFiles = fs.readdirSync(userDataPath+req.session.user.userId);
res.render("file", {files : userDataFiles, user: req.session.user});
}
else{
res.status(403).render("unauthorized");
}
//res.send(`${req.params.userId} ${req.session.user.userId}`);
});
/*router.get("/:userId/download/:filename", (req,res,next) => {
console.log(req.params.filename);
if (req.params.userId == req.session.user.userId) {
let filePath = `${__dirname}/../userdata/${req.session.user.userId}/`;
res.download(filePath, req.params.filename);
next();
};
});*/
export default router;
download.js
import express from "express";
const router = express.Router();
/*router.get("/", (req,res,next) => {
res.send("download");
});*/
router.get("/:filename", (req,res,next) =>{
console.log(req.params.filename);
});
export default router;
It would be very nice, if you have ideas or see the problem.
Thank you :)
EDIT: It should not redirect to the base path of the user, the get request on download should allways console.log the item
I did not find the flaw, but let's cleanup the code and fix middleware attaching sequence (at least I saw cookie parser attached after session middleware, I suspect only that part) and check.
But let's check my code review / cleanup.
Really hope it helps.
app.js:
const express = require('express');
const path = require('path');
//const favicon = require('serve-favicon');
const logger = require('morgan');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const session = require("express-session");
const mysql = require('mysql');
const db = mysql.createConnection({
host: "localhost",
user: "user",
password: "pass",
database: "db"
});
const app = express();
app.set("trust proxy", 1);
// set view engine and renderer
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
// serve static files
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))); // no need for it since express static will serve all static files in public folder
app.use(express.static(path.join(__dirname, 'public')));
// connect morgan to profile requests
app.use(logger('dev'));
// parse cookies first
app.use(cookieParser());
// then handle session
app.use(session({
secret: "bla",
resave: false,
cookie: {
maxAge: 120000000
},
saveUninitialized: true
}));
// handle requests data
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use((req, res, next) => {
req.db = db; // attach db connection to request context
next();
});
// public routes that does not need auth check
app.use('/', require('./routes/index'));
const checkIfLoggedin = (req, res, next) => {
if (!req.session.loggedIn) {
return res.redirect('/');
}
res.locals.user = req.session.user;
next();
};
// internal routes that needs auth check
app.use(
'/admin',
checkIfLoggedin,
require('./routes/admin'));
app.use(
'/files',
checkIfLoggedin,
require('./routes/files'));
/* no need for this route, it's covered in files.js
app.use(
'/download',
checkIfLoggedin,
download);
*/
// catch 404 and forward to error handler
app.use((error, req, res, next) => {
if (error) return next(error);
const err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
app.use((error, req, res, next) => {
// set locals, only providing error in development
res
.status(error.status || 500)
.render('error', {
message: error.message,
error: req.app.get('env') === 'development' ? error : {}
});
});
module.exports = app;
routes/index.js:
const express = require('express');
const router = express.Router();
const logger = require('winston');
const bcrypt = require('bcrypt-nodejs');
const _ = require('lodash'); // install it: npm i --save lodash
/* GET home page. */
router.get('/', (req, res) => {
if (_.get(req, 'session.user.userId')) {
return res.redirect("/files/" + req.session.user.userId);
}
res.render('index', {});
});
router.post('/auth', (req, res, next) => {
const {username, password} = req.body;
const db = req.db;
const query = 'SELECT * FROM users WHERE username = ? LIMIT 1';
const fields = [username];
db.query(
query,
fields,
(err, result) => {
if (err) {
logger.error(err);
const error = new Error('System fehler');
return next(error);
}
const user = _.get(result, '0');
if (!user) {
req.session.loggedIn = false;
const error = new Error('Benutzer nicht gefunden');
error.status = 403;
return next(error);
}
bcrypt.compare(password, user.password,
(err, isEqual) => {
if(err || !isEqual) {
if (err) logger.error('Error in password compare:', err);
const error = new Error('Passwort ungültig');
error.status = 403;
return next(error);
}
req.session.user = _.pick(user, ['id', 'userId', 'username', 'isAdmin']);
req.session.loggedIn = true;
if (user.isAdmin) {
return res.redirect("/admin");
}
res.redirect("/files/" + user.userId);
});
});
});
router.get("/logout", (req, res) => {
// simply destroy session and redirect,
// no need for session check
req.session.destroy();
res.redirect("/");
});
module.exports = router;
routes/files.js:
const express = require('express');
const router = express.Router();
const logger = require('winston');
const fs = require('fs');
const path = require('path');
const async = require('async');
const userDataPath = path.join(__dirname, '..', 'userdata');
// no need to check userId with session.user.userId
// since middleware attached in app.js will guard this route
// and redirect user to '/'
router.get('/:userId', (req, res, next) => {
if(req.params.userId != req.session.user.userId) {
const error = new Error("You cannot access other user's files");
error.status = 403;
return next(error);
}
const directory = path.join(userDataPath, req.params.userId);
logger.info('Reading directory:', directory);
fs.readdir(
directory,
(err, entries) => {
if (err) {
logger.error(err);
const error = new Error('System error');
return next(error);
}
const directories = [];
const files = [];
async.eachLimit(
entries, 10,
(entry, done) => {
fs.stat(path.join(dir, entry), (error, stat) => {
if (stat.isFile()) files.push(entry);
if (stat.isDirectory()) directories.push(entry);
done();
});
},
() => {
res.render("files", {
directories,
files
});
});
});
});
router.get('/:userId/download/:filename', (req, res, next) => {
if(req.params.userId != req.session.user.userId) {
const error = new Error("You cannot access other user's files");
error.status = 403;
return next(error);
}
res.download(path.join(userDataPath, req.params.userId, req.params.filename));
});
module.exports = router;
P.S. If it works behind nginx, apache and etc make sure userdata folder is not accessible publicly.
eI'm using:
framework: express
template engine :handlebars
authentification: passport / passport-local
So login process goes well, but in logout i have a problem:
//routes/users.js
//logout
router.get("/logout",(req,res)=>{
req.logout();
req.flash("success_msg","You are logged out");
console.log(req.user);
res.render("users/login");
});
//views/users/login.js
{{user}}
//app.js:
// Setting Global variables:
app.use(function(req,res,next){
res.locals.success_msg = req.flash("success_msg");
res.locals.error_msg = req.flash("error_msg");
res.locals.error = req.flash("error");
res.locals.user = req.user || null;
next();
});
So the probleme is that when i clic on logout, i'm redirected to login view but the user object still there(not null),and when I refresh the user is initialised to null,
So my problem why the user haven't been set to null before refirection ?
Full files codes :(app.js, routes/users.js, /config/passport.js)
* app.js
const express = require('express');
const methodOverride = require('method-override');
const mongoose = require('mongoose');
const exphbs = require('express-handlebars');
const bodyParser = require('body-parser');
const flash = require('connect-flash');
const session = require('express-session');
//const path = require("path");
const passport = require('passport');
const app=express();
// load routes :
const ideas = require("./routes/ideas");
const users = require("./routes/users");
//---------------Mongoose Connect-----------------------
//Map global promise = get rid of warning
mongoose.Promise = global.Promise;
//Connect to mongoose
mongoose.connect('mongodb://localhost/vidjot-db',{
useMongoClient: true
})
.then(function(){
console.log("MongoDB connected ...");
})
.catch(err => console.log(err));
//----------------Middlewares set in Use-----------------
// Static folder Set:
//app.use(express.static(path.join(__dirname,'public')));
app.use(express.static('public'));
// Session middleware :
app.use(session({
secret: 'mySecret',
resave: true,
saveUninitialized: true,
//cookie: { secure: true }
}));
// passport middleware :
app.use(passport.initialize());
app.use(passport.session());
// handlebars middleware :
app.engine('handlebars', exphbs({defaultLayout: 'main'}));
app.set('view engine', 'handlebars');
// body parser middleware :
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }));
// parse application/json
app.use(bodyParser.json());
//methodOverride middleware:
app.use(methodOverride('_method'));
//Connect flash middleware:
app.use(flash());
//----------------My Own Middlewares-----------------
// Setting Global variables:
app.use(function(req,res,next){
res.locals.success_msg = req.flash("success_msg");
res.locals.error_msg = req.flash("error_msg");
res.locals.error = req.flash("error");
console.log("res.locals.user");
res.locals.user = req.user || null;
next();
});
/* app.use(function(req,res,next){
console.log("3ale rou7i");
console.log(Date.now());
req.att_x="karim";
next();
}) */
app.use(function(req,res,next){
console.log("hani ne5dem");
next();
});
//-----------------Routes-----------------------------
// Index Route:
app.get("/",(req,res) => {
res.render('index');
//console.log("get callback");
});
// about Route:
app.get("/about",(req,res)=>{
res.render("about",{title:"about1"});
});
// Use routes :
app.use("/ideas",ideas);
app.use("/users",users);
//--------------------------------------------------
//call local-strategy:
require("./config/passport")(passport);
//--------------------------------------------------
const port=5000;
app.listen(port,()=>{
console.log(`server started on port ${port}`);
});
* routes/users.js:
const express = require("express");
const mongoose = require("mongoose");
const bcrypt = require('bcryptjs');
const passport = require("passport");
const router = express.Router();
//--------------------------------------------------
// Load User Model:
require('../models/User');
const User = mongoose.model('Users');
//--------------------------------------------------
//login form
router.get("/login",(req,res)=>{
res.render("users/login");
});
//handle login form:
router.post('/login',
passport.authenticate('local', {
successRedirect: '/ideas',
failureRedirect: '/users/login',
failureFlash:true,
})
);
//logout
router.get("/logout",(req,res)=>{
req.logout();
req.flash("success_msg","You are logged out");
console.log("routes users",req.user);
res.render("users/login");
});
//register form
router.get("/register",(req,res)=>{
res.render("users/register");
});
// handle register form
router.post("/register",(req,res)=>{
let errors=[];
if(req.body.password != req.body.password2)
errors.push({"text":"password do not match"});
if(req.body.password.length < 4)
errors.push({"text":"password must be at least 8 characters"});
if(errors.length > 0)
res.render("users/register",{
errors:errors,
name:req.body.name,
email:req.body.email,
});
else{
User.findOne({email:req.body.email})
.then(user=>{
if(user){
req.flash("error_msg","email already registred");
res.render("/users/login");
}else{
const newUser = new User({
name:req.body.name,
email:req.body.email,
password:req.body.password,
date:req.body.date,
});
bcrypt.hash(newUser.password, 10, function(err, hash) {
if (err) throw err;
newUser.password=hash;
newUser
.save()
.then(user=>{
req.flash("success_msg","You are registered, You can connect Now");
res.redirect("/users/login");
}).catch(err=>{
console.log(err);
return;
});
});
}
})
}
});
//--------------------------------------------------
module.exports = router;
* config/passport.js :
const mongoose = require('mongoose');
const bcrypt = require("bcryptjs");
const LocalStrategy = require("passport-local").Strategy;
const passport = require("passport");
//-------------------------------------------------------
// Load User Model:
require('../models/User');
const User = mongoose.model('Users');
//-------------------------------------------------------
module.exports=function(passport){
passport.use(
new LocalStrategy({usernameField:'email'},function(email, password, done){
User.findOne({'email':email},function(err, user) {
if (err)
return done(err);
if (!user)
return done(null, false,{message:"You are not registred"});
if (!bcrypt.compareSync(password,user.password) ){
return done(null, false,{message:"Missing email or password !"});
}
return done(null, user);
});
}));
passport.serializeUser(function(user, done) {
console.log("SERIALIZE");
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
console.log("DESERIALIZE");
User.findById(id, function(err, user) {
done(err, user);
});
});
}
You have middleware that set res.locals based on a logged in user for every request.
Your res.render() template uses that res.locals data when rendering the page.
When you call req.logout(), nobody clears the res.locals that were already set when the user was still logged in so res.locals.user is now inaccurate.
So, when res.render() gets called after the logout, res.locals are still set as if the user is logged in and thus the page renders that way.
A simple solution is to clear the locals when you logout so they don't wrongly indicate the user is still logged in:
//routes/users.js
//logout
router.get("/logout",(req,res)=>{
req.logout();
// clear user before rendering to indicate logged out
res.locals.user = null;
req.flash("success_msg","You are logged out");
console.log(req.user);
res.render("users/login");
});