esp/index.js at master · markreid/esp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
/**
 * ESP
 * Boilerplate app for combining
 * Express & Socket.IO with auth
 * from Passport.
 */


const config = require('./config');

const express = require('express');
const session = require('express-session');
const passport = require('passport');
const cookie = require('cookie');
const memoryStore = new session.MemoryStore(); // see README - don't use MemoryStore in prod
const GoogleStrategy = require('passport-google-oauth20').Strategy;


// instantiate an express app
const app = express();

// basic session configuration, use our memoryStore (see README)
app.use(session({
  secret: config.SESSION_SECRET,
  store: memoryStore,
  resave: false,
  saveUninitialized: true,
}));


// provide an http server for our app, and bind socket.io to it
const http = require('http').Server(app);
const io = require('socket.io')(http);


// time to configure passport...

// serialize the user to save in the session store.
// generally speaking, you just want to store a unique id
// to keep session storage small.
passport.serializeUser((userObject, done) => {
  done(null, userObject.id);
});

// inverse of the above. take the serialized user (their id)
// and fetch the full user object. this will be attached to
// every request as req.session.passport.user
passport.deserializeUser((userId, done) => {
  done(null, {
    id: userId
  });
});


// add passport middleware to app
app.use(passport.initialize());
app.use(passport.session());


// configure passport strategies

// Google OAuth2
passport.use(new GoogleStrategy({
    clientID: config.GOOGLE_CLIENT_ID,
    clientSecret: config.GOOGLE_CLIENT_SECRET,
    callbackURL: config.GOOGLE_AUTH_CALLBACK_URL,
  },
  function googleStrategyCallback(accessToken, refreshToken, googleProfile, callback) {
    /**
     * This is called by Passport when the user comes back from the Google OAuth2 sign-in.
     * We take the profile object returned by Google and find our matching user.
     * In a real app, this is where you'd want to look in your DB for the user, like:
     *
     *   db.users.findOne({
     *     googleProfileId: googleProfile.id
     *   }).then(user => {
     *     return callback(null, user);
     *   }).catch(err => {
     *     return callback(err);
     *   });
     *
     * But! for this basic demo, we just return an object with an id property.
     */

    return callback(null, {
      id: googleProfile.id
    });
  }
));

// add the route for signing in via Google
app.get('/auth/google', passport.authenticate('google', {
  scope: ['email'] // request specific scope/permissions from Google
}));

// callback route that Google will redirect to after a successful login
app.get('/auth/google/callback',
  passport.authenticate('google', { failureRedirect: '/login' }),
  function successfulGoogleAuthCallback(req, res) {
    // the user's now successfully authenticated.
    // their user object is now available on each subsequent request:
    console.log(req.session.passport.user);
    res.redirect('/loggedin');
  }
);


// serve the index.
// you can see this regardless of whether you're logged in or not.
app.get('/', (req, res) => {
  res.sendFile(__dirname + '/views/index.html');
});

/**
 * express auth middleware.
 * prevents access to an express route if the user isn't authed.
 *
 * this middleware will apply to any routes that match the specified
 * path - ie, /loggedin AND /loggedin/foobar
 * and will be applied to any routes declared AFTER the middleware.
 */
app.use('/loggedin', function authMiddleware(req, res, next) {
  if(!req.session.passport) {
    return res.redirect('/');
  }
  next();
});


// serve our logged-in page.
// auth middleware will prevent access to this unless you're logged in.
app.get('/loggedin', (req, res) => {
  res.sendFile(__dirname + '/views/loggedin.html');
});


/**
 * socket.io auth middleware
 * prevent socket connection if the user isn't authed.
 */
io.use((socket, next) => {
  // the same cookie that express sets is passed to the socket request
  // so we need to parse it, and try and load a session from the store.
  // this is more-or-less what app.use(passport.session()) does for our
  // express routes.
  const parsedCookie = cookie.parse(socket.request.headers.cookie);
  const sessionId = parsedCookie['connect.sid'];

  // not absolutely sure why we need to substring this, i guess MemoryStore
  // doesn't use the entire ID as a key.
  const shortId = sessionId.substr(2, 32);
  memoryStore.load(shortId, function(err, session){
    if(!session || !session.passport) {
      return next(new Error('Not authenticated'));
    }
    next();
  });
});


// socket.io connection handler
io.on('connection', (socket) => {
  console.log('a socket is now connected');

  socket.on('message', function socketMessageHandler(){
    console.log('message received');
  });
});


// start the http server
http.listen(config.PORT, () => {
  console.log(`Running on ${config.PORT}`);
});