|
1
|
|
|
'use strict'; |
|
2
|
|
|
|
|
3
|
|
|
var Mongoose = require('mongoose'); |
|
4
|
|
|
var bcrypt = require('bcrypt-nodejs'); |
|
5
|
|
|
|
|
6
|
|
|
const SALT_WORK_FACTOR = 10; |
|
7
|
|
|
const DEFAULT_USER_PICTURE = "/img/user.jpg"; |
|
8
|
|
|
|
|
9
|
|
|
/** |
|
10
|
|
|
* Every user has a username, password, socialId, and a picture. |
|
11
|
|
|
* If the user registered via username and password(i.e. LocalStrategy), |
|
12
|
|
|
* then socialId should be null. |
|
13
|
|
|
* If the user registered via social authenticaton, |
|
14
|
|
|
* then password should be null, and socialId should be assigned to a value. |
|
15
|
|
|
* 2. Hash user's password |
|
16
|
|
|
* |
|
17
|
|
|
*/ |
|
18
|
|
|
var UserSchema = new Mongoose.Schema({ |
|
19
|
|
|
username: { type: String, required: true}, |
|
20
|
|
|
password: { type: String, default: null }, |
|
21
|
|
|
socialId: { type: String, default: null }, |
|
22
|
|
|
picture: { type: String, default: DEFAULT_USER_PICTURE} |
|
23
|
|
|
}); |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Before save a user document, Make sure: |
|
27
|
|
|
* 1. User's picture is assigned, if not, assign it to default one. |
|
28
|
|
|
* 2. Hash user's password |
|
29
|
|
|
* |
|
30
|
|
|
*/ |
|
31
|
|
|
UserSchema.pre('save', function(next) { |
|
32
|
|
|
var user = this; |
|
33
|
|
|
|
|
34
|
|
|
// ensure user picture is set |
|
35
|
|
|
if(!user.picture){ |
|
36
|
|
|
user.picture = DEFAULT_USER_PICTURE; |
|
37
|
|
|
} |
|
38
|
|
|
|
|
39
|
|
|
// only hash the password if it has been modified (or is new) |
|
40
|
|
|
if (!user.isModified('password')) return next(); |
|
|
|
|
|
|
41
|
|
|
|
|
42
|
|
|
// generate a salt |
|
43
|
|
|
bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) { |
|
44
|
|
|
if (err) return next(err); |
|
|
|
|
|
|
45
|
|
|
|
|
46
|
|
|
// hash the password using our new salt |
|
47
|
|
|
bcrypt.hash(user.password, salt, null, function(err, hash) { |
|
48
|
|
|
if (err) return next(err); |
|
|
|
|
|
|
49
|
|
|
|
|
50
|
|
|
// override the cleartext password with the hashed one |
|
51
|
|
|
user.password = hash; |
|
52
|
|
|
next(); |
|
|
|
|
|
|
53
|
|
|
}); |
|
|
|
|
|
|
54
|
|
|
}); |
|
|
|
|
|
|
55
|
|
|
}); |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* Create an Instance method to validate user's password |
|
59
|
|
|
* This method will be used to compare the given password with the passwoed stored in the database |
|
60
|
|
|
* |
|
61
|
|
|
*/ |
|
62
|
|
|
UserSchema.methods.validatePassword = function(password, callback) { |
|
63
|
|
|
bcrypt.compare(password, this.password, function(err, isMatch) { |
|
64
|
|
|
if (err) return callback(err); |
|
|
|
|
|
|
65
|
|
|
callback(null, isMatch); |
|
|
|
|
|
|
66
|
|
|
}); |
|
67
|
|
|
}; |
|
68
|
|
|
|
|
69
|
|
|
// Create a user model |
|
70
|
|
|
var userModel = Mongoose.model('user', UserSchema); |
|
71
|
|
|
|
|
72
|
|
|
module.exports = userModel; |
OmarElGabry /
chat.io
Omar El Gabry
Loading history...
Consider adding curly braces around all statements when they are executed conditionally. This is optional if there is only one statement, but leaving them out can lead to unexpected behaviour if another statement is added later.
Consider:
If you or someone else later decides to put another statement in, only the first statement will be executed.
In this case the statement
b = 42will always be executed, while the logging statement will be executed conditionally.ensures that the proper code will be executed conditionally no matter how many statements are added or removed.