github oauth almost complete, reorganize code for better structure

Author: andrewjcho84

main.js

@@ -94,8 +94,9 @@ const createWindow = () => {
     webPreferences: {
       zoomFactor: 0.7
       // for proper security measures, nodeIntegration should be set to false, but this results in a blank page when serving app
-      //nodeIntegration: false,
-      //preload: 'preload.js'
+      // nodeIntegration: false,
+      // preload: 'preload.js',
+      // enableRemoteModule: false
     },
     show: false,
     icon: path.join(__dirname, '/src/public/icons/png/256x256.png'),

package.json

@@ -143,6 +143,8 @@
     "localforage": "^1.7.2",
     "lodash.throttle": "^4.1.1",
     "material-table": "^1.57.2",
+    "passport": "^0.4.1",
+    "passport-github2": "^0.1.12",
     "prettier": "^1.19.1",
     "prismjs": "^1.19.0",
     "prop-types": "^15.6.2",

server/controllers/cookieController.js

@@ -3,8 +3,11 @@ const cookieController = {};
 // setSSIDCookie - store the user id from database in cookie
 cookieController.setSSIDCookie = (req, res, next) => {
   // set cookie with key 'ssid' and value to user's id, also set http only
+  console.log('Inside setSSIDCookie');
+
   res.cookie('ssid', res.locals.id, { maxAge: 3600000 });
-  console.log('Successful setSSIDCookie');
+
+  console.log('Successful setSSIDCookie, ssid:', res.locals.id);
   return next();
 };
 

server/controllers/sessionController.js

@@ -1,10 +1,10 @@
-const Session = require('../models/sessionModel');
+const { Sessions } = require('../models/reactypeModels');
 const sessionController = {};
 
 // isLoggedIn finds appropriate session for this request in database, then verifies whether or not the session is still valid
 sessionController.isLoggedIn = (req, res, next) => {
   // find session from request session ID in mongodb
-  Session.findOne({ cookieId: req.cookies.ssid }, (err, session) => {
+  Sessions.findOne({ cookieId: req.cookies.ssid }, (err, session) => {
     if (err) {
       return next({
         log: `Error in sessionController.isLoggedIn: ${err}`,
@@ -26,7 +26,7 @@ sessionController.isLoggedIn = (req, res, next) => {
 sessionController.startSession = (req, res, next) => {
   console.log('Inside startSession');
   // first check if user is logged in already
-  Session.findOne({ cookieId: res.locals.id }, (err, session) => {
+  Sessions.findOne({ cookieId: res.locals.id }, (err, session) => {
     if (err) {
       return next({
         log: `Error in sessionController.startSession find session: ${err}`,
@@ -37,7 +37,7 @@ sessionController.startSession = (req, res, next) => {
       // if session doesn't exist, create a session
       // if valid user logged in/signed up, res.locals.id should be user's id generated from mongodb, which we will set as this session's cookieId
     } else if (!session) {
-      Session.create({ cookieId: res.locals.id }, (err, session) => {
+      Sessions.create({ cookieId: res.locals.id }, (err, session) => {
         if (err) {
           return next({
             log: `Error in sessionController.startSession create session: ${err}`,
@@ -59,4 +59,41 @@ sessionController.startSession = (req, res, next) => {
     }
   });
 };
+
+// creates a session when logging in with github
+sessionController.githubSession = (req, res, next) => {
+  // req.user is passed in from passport js -> serializeuser/deserializeuser
+  console.log('github session req.user is', req.user);
+  const cookieId = req.user._id;
+  Sessions.findOne({ cookieId }, (err, session) => {
+    if (err) {
+      return next({
+        log: `Error in sessionController.githubSession find session: ${err}`,
+        message: {
+          err: `Error in sessionController.githubSession find session, check server logs for details`
+        }
+      });
+    } else if (!session) {
+      Sessions.create({ cookieId }, (err, session) => {
+        if (err) {
+          return next({
+            log: `Error in sessionController.githubSession create session: ${err}`,
+            message: {
+              err: `Error in sessionController.githubSession create session, check server logs for details`
+            }
+          });
+        } else {
+          console.log('Successful start githubSession');
+          res.locals.id = session.cookieId;
+          return next();
+        }
+      });
+    } else {
+      console.log('Github session exists, moving on');
+      res.locals.id = session.cookieId;
+      return next();
+    }
+  });
+};
+
 module.exports = sessionController;

server/controllers/userController.js

@@ -1,6 +1,6 @@
 // middleware functions create a new user and verify users
 
-const Users = require('../models/userModel');
+const { Users } = require('../models/reactypeModels');
 
 const userController = {};
 const bcrypt = require('bcryptjs');

server/models/reactypeModels.js

@@ -0,0 +1,58 @@
+const mongoose = require('mongoose');
+require('dotenv').config();
+
+// connect to mongo db
+mongoose
+  .connect(process.env.MONGO_URI, {
+    // options for the connect method to parse the URI
+    useNewUrlParser: true,
+    useUnifiedTopology: true,
+    useCreateIndex: true,
+    // stop deprecation warning for findOneAndUpdate and findOneAndDelete queries
+    useFindAndModify: false,
+    // sets the name of the DB that our collections are part of
+    dbName: 'ReacType'
+  })
+  .then(() => console.log('Connected to Mongo DB.'))
+  .catch(err => console.log(err));
+
+const Schema = mongoose.Schema;
+
+const userSchema = new Schema({
+  username: { type: String, required: true, unique: true },
+  email: { type: String, required: false, unique: true },
+  password: { type: String, required: true },
+  projects: { type: Array, default: [] }
+});
+
+// salt will go through 10 rounds of hashing
+const SALT_WORK_FACTOR = 10;
+const bcrypt = require('bcryptjs');
+
+// mongoose middleware that will run before the save to collection happens (user gets put into database)
+// cannot use arrow function here as context of 'this' is important
+userSchema.pre('save', function(next) {
+  // within this context, 'this' refers to the document (new user) about to be saved, in our case, it should have properties username, password, and projects array
+  bcrypt.hash(this.password, SALT_WORK_FACTOR, (err, hash) => {
+    if (err) {
+      return next({
+        log: `bcrypt password hashing error: ${err}`,
+        message: {
+          err: `bcrypt hash error: check server logs for details`
+        }
+      });
+    }
+    this.password = hash;
+    return next();
+  });
+});
+
+const sessionSchema = new Schema({
+  cookieId: { type: String, required: true, unique: true },
+  createdAt: { type: Date, expires: 3600, default: Date.now }
+});
+
+const Users = mongoose.model('Users', userSchema);
+const Sessions = mongoose.model('Sessions', sessionSchema);
+
+module.exports = { Users, Sessions };

server/models/sessionModel.js

@@ -1,10 +1,10 @@
-const mongoose = require('mongoose');
-const Schema = mongoose.Schema;
+// const mongoose = require('mongoose');
+// const Schema = mongoose.Schema;
 
-// Mongo has an automatic document expiration service that we can use via the 'expires' property in the schema. This sets it so each session can only last an hour
-const sessionSchema = new Schema({
-  cookieId: { type: String, required: true, unique: true },
-  createdAt: { type: Date, expires: 3600, default: Date.now }
-});
+// // Mongo has an automatic document expiration service that we can use via the 'expires' property in the schema. This sets it so each session can only last an hour
+// const sessionSchema = new Schema({
+//   cookieId: { type: String, required: true, unique: true },
+//   createdAt: { type: Date, expires: 3600, default: Date.now }
+// });
 
-module.exports = mongoose.model('Sessions', sessionSchema);
+// module.exports = mongoose.model('Sessions', sessionSchema);

server/models/userModel.js

@@ -1,35 +1,35 @@
-const mongoose = require('mongoose');
-require('dotenv').config();
+// const mongoose = require('mongoose');
+// require('dotenv').config();
 
-const Schema = mongoose.Schema;
+// const Schema = mongoose.Schema;
 
-const userSchema = new Schema({
-  username: { type: String, required: true, unique: true },
-  email: { type: String, required: true, unique: true },
-  password: { type: String, required: true },
-  projects: Array
-});
+// const userSchema = new Schema({
+//   username: { type: String, required: true, unique: true },
+//   email: { type: String, required: false, unique: true },
+//   password: { type: String, required: true },
+//   projects: Array
+// });
 
-// salt will go through 10 rounds of hashing
-const SALT_WORK_FACTOR = 10;
-const bcrypt = require('bcryptjs');
+// // salt will go through 10 rounds of hashing
+// const SALT_WORK_FACTOR = 10;
+// const bcrypt = require('bcryptjs');
 
-// mongoose middleware that will run before the save to collection happens (user gets put into database)
-// cannot use arrow function here as context of 'this' is important
-userSchema.pre('save', function(next) {
-  // within this context, 'this' refers to the document (new user) about to be saved, in our case, it should have properties username, password, and projects array
-  bcrypt.hash(this.password, SALT_WORK_FACTOR, (err, hash) => {
-    if (err) {
-      return next({
-        log: `bcrypt password hashing error: ${err}`,
-        message: {
-          err: `bcrypt hash error: check server logs for details`
-        }
-      });
-    }
-    this.password = hash;
-    return next();
-  });
-});
+// // mongoose middleware that will run before the save to collection happens (user gets put into database)
+// // cannot use arrow function here as context of 'this' is important
+// userSchema.pre('save', function(next) {
+//   // within this context, 'this' refers to the document (new user) about to be saved, in our case, it should have properties username, password, and projects array
+//   bcrypt.hash(this.password, SALT_WORK_FACTOR, (err, hash) => {
+//     if (err) {
+//       return next({
+//         log: `bcrypt password hashing error: ${err}`,
+//         message: {
+//           err: `bcrypt hash error: check server logs for details`
+//         }
+//       });
+//     }
+//     this.password = hash;
+//     return next();
+//   });
+// });
 
-module.exports = mongoose.model('Users', userSchema);
+// module.exports = mongoose.model('Users', userSchema);

server/passport-setup.js

@@ -0,0 +1,62 @@
+const passport = require('passport');
+const githubStrategy = require('passport-github2').Strategy;
+const { Users } = require('./models/reactypeModels');
+
+passport.serializeUser((user, done) => {
+  /*
+  From the user take just the id (to minimize the cookie size) and just pass the id of the user
+  to the done callback
+  PS: You dont have to do it like this its just usually done like this
+  */
+  done(null, user);
+});
+
+passport.deserializeUser((user, done) => {
+  /*
+  Instead of user this function usually recives the id
+  then you use the id to select the user from the db and pass the user obj to the done callback
+  PS: You can later access this data in any routes in: req.user
+  PS: For this project, the entire user was passed
+  */
+  done(null, user);
+});
+
+passport.use(
+  new githubStrategy(
+    {
+      clientID: process.env.GITHUB_ID,
+      clientSecret: process.env.GITHUB_SECRET,
+      callbackURL: 'https://localhost:8080/github/callback',
+      scope: ['user:email']
+    },
+    (accessToken, refreshToken, profile, next) => {
+      const { username } = profile;
+      const password = profile._json.node_id;
+      const email = profile.emails[0].value;
+
+      console.log('Username, pw, email are', username, password, email);
+      // check database to see if user exists
+      Users.findOne({ username }, (err, user) => {
+        console.log('Inside find User');
+        if (!user) {
+          console.log('User not found, creating new user in DB...');
+          // if new user, create user account with following variables given to us from github oauth
+          Users.create(
+            {
+              username,
+              password: profile.id,
+              email: profile.emails[0].value
+            },
+            (err, user) => {
+              console.log('Creating user from github', user);
+              return next(err, user);
+            }
+          );
+        } else {
+          console.log('User already in DB, moving on...');
+          return next(err, user);
+        }
+      });
+    }
+  )
+);

server/server.js

@@ -1,30 +1,34 @@
 const express = require('express');
 const https = require('https');
 const fs = require('fs');
-const mongoose = require('mongoose');
 const path = require('path');
+const passport = require('passport');
+require('./passport-setup');
 const cookieParser = require('cookie-parser');
 const userController = require('./controllers/userController');
 const cookieController = require('./controllers/cookieController');
 const sessionController = require('./controllers/sessionController');
-const { session } = require('electron');
 const app = express();
+
 const PORT = 8080;
 
-// connect to mongo db
-mongoose
-  .connect(process.env.MONGO_URI, {
-    // options for the connect method to parse the URI
-    useNewUrlParser: true,
-    useUnifiedTopology: true,
-    useCreateIndex: true,
-    // stop deprecation warning for findOneAndUpdate and findOneAndDelete queries
-    useFindAndModify: false,
-    // sets the name of the DB that our collections are part of
-    dbName: 'ReacType'
-  })
-  .then(() => console.log('Connected to Mongo DB.'))
-  .catch(err => console.log(err));
+// initializes passport and passport sessions
+app.use(passport.initialize());
+app.use(passport.session());
+
+// routes for initial github oauth and callback
+app.get('/github', passport.authenticate('github'));
+
+app.get(
+  '/github/callback',
+  passport.authenticate('github', { failureRedirect: '/login' }),
+  sessionController.githubSession,
+  cookieController.setSSIDCookie,
+  (req, res) => {
+    console.log('At the end of github oauth process');
+    return res.redirect('/');
+  }
+);
 
 // handle parsing request body
 app.use(express.json());
@@ -33,6 +37,10 @@ app.use(cookieParser());
 
 // statically serve everything in build folder
 app.use('/', express.static(path.resolve(__dirname, '../build')));
+app.use(
+  '/images',
+  express.static(path.resolve(__dirname, '..src/public/images'))
+);
 
 app.get('/', (req, res) => {
   res.status(200).sendFile(path.resolve(__dirname, '../build/index.html'));
@@ -76,10 +84,6 @@ app.get(
   }
 );
 
-app.get('/github/callback', sessionController.startSession, (req, res) => {
-  return res.status(200);
-});
-
 // catch-all route handler
 app.use('*', (req, res) => {
   return res.status(404).send('Page not found');