From 570cd615c4912edcefa017377ae8caaa43d1d37c Mon Sep 17 00:00:00 2001
From: UTkarsh <utkarshme96@gmail.com>
Date: Sun, 19 Feb 2017 17:33:02 +0530
Subject: [PATCH 1/2] Implement user login

---
 app.js             |  21 +-----
 config.js          |   2 +-
 db.js              |   1 +
 package.json       |   1 +
 passport_config.js |  94 +++++++++++++++++++++++++
 routes/index.js    |   6 +-
 views/login.html   | 169 +++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 273 insertions(+), 21 deletions(-)
 create mode 100644 passport_config.js
 create mode 100644 views/login.html

diff --git a/app.js b/app.js
index 8dbe221..9b33ec5 100644
--- a/app.js
+++ b/app.js
@@ -68,26 +68,9 @@ async.series([function createDatabaseDirectory(next) {
   }
   next();
 }, function setupPassport(next) {
+  //Configure passport
+  require(__dirname + '/passport_config.js')(app, passport);
 
-  passport.use(new Strategy(
-  function(username, password, cb) {
-    app.db.users.findOne({username: username}, function(err, user) {
-      if (err) { return cb(err); }
-      if (!user) { return cb(null, false, {message:"Invalid credentials"}); }
-      if (user.password != password) { return cb(null, false, {message:"Invalid credentials"}); }
-      return cb(null, user);
-    });
-  }));
-
-  // Configure Passport persistence.
-  passport.serializeUser(function(user, cb) {
-    var sessionUser = user;
-    cb(null, sessionUser);
-  });
-
-  passport.deserializeUser(function(user, cb) {
-      cb(null, user);
-  });
   next();
 }, function setupEverythingElse(next) {
   // middleware to use in the app
diff --git a/config.js b/config.js
index b542a0c..8296c33 100644
--- a/config.js
+++ b/config.js
@@ -93,7 +93,7 @@ function Config(app) {
       function (cb) {
         app.db.users.findOne({username:'admin'}, function (err, item) {
           if(!item)
-            app.db.users.insert({username:'admin',password:'admin'});
+            app.db.admins.insert({username:'admin',password:'admin'});
         });
 
         cb();
diff --git a/db.js b/db.js
index 50ecf44..1d50176 100644
--- a/db.js
+++ b/db.js
@@ -6,4 +6,5 @@ module.exports = function(app) {
   app.db.playlists = new Datastore({ filename: app.get('configDir') + '/dbs/playlists.db', autoload: true });
   app.db.settings = new Datastore({ filename: app.get('configDir') + '/dbs/settings.db', autoload: true });
   app.db.users = new Datastore({ filename: app.get('configDir') + '/dbs/users.db', autoload: true });
+  app.db.admins = new Datastore({ filename: app.get('configDir') + '/dbs/admins.db', autoload: true });
 };
diff --git a/package.json b/package.json
index d04f06f..b604f7d 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
     "song-search": "^0.1.0",
     "soundcloud-resolver": "*",
     "swig": "*",
+    "validator": "^6.2.1",
     "youtube-playlist-info": "^0.1.0",
     "ytdl-core": "*"
   },
diff --git a/passport_config.js b/passport_config.js
new file mode 100644
index 0000000..520133f
--- /dev/null
+++ b/passport_config.js
@@ -0,0 +1,94 @@
+// Configuration file for passportJS
+
+var LocalStrategy = require('passport-local').Strategy;
+var validate = require('validator');
+
+module.exports = function(app, passport){
+
+  // Specify a local strategy for passport normal user login
+  passport.use('user-login', new LocalStrategy(
+    function(username, password, cb){
+
+      // Validate user data
+      var error = 0;
+      username = validate.trim(username);
+      username = username.toLowerCase();
+      error += validate.isEmpty(username);
+      error += validate.isEmpty(password);
+
+      if (!error) {
+        app.db.users.findOne({username: username}, function(err, user) {
+          if (err) { return cb(err); }
+          if (!user) { return cb(null, false, {message:"Invalid credentials"}); }
+          if (user.password != password) { return cb(null, false, {message:"Invalid credentials"}); }
+          return cb(null, user);
+        });
+
+      } 
+      else
+        return cb(null, false);
+    }
+  ));
+
+  // Specify a local strategy for passport normal user signup
+  passport.use('user-signup', new LocalStrategy(
+    function(username, password, cb){
+
+      // Validate user data
+      var error = 0;
+      username = validate.trim(username);
+      username = username.toLowerCase();
+      error += validate.isEmpty(username);
+      error += validate.isEmpty(password);
+
+      if (!error) {
+        app.db.users.findOne({username: username}, function(err, user) {
+          if (err) {
+            return cb(err);
+          }
+          if (user) {
+            return cb(null, false, {message:"User already registered"});
+          }
+          else{
+            app.db.users.insert({username: username, password:password});
+          }
+        });
+      }else
+        return cb(null, false);
+    }
+  ));
+  
+  // Specify a local strategy for passport admin login
+  passport.use('admin-login', new LocalStrategy(
+    function(username, password, cb){
+
+      // Validate user data
+      var error = 0;
+      username = validate.trim(username);
+      username = username.toLowerCase();
+      error += validate.isEmpty(username);
+      error += validate.isEmpty(password);
+
+      if (!error) {
+        app.db.admins.findOne({username: username}, function(err, user) {
+          if (err) { return cb(err); }
+          if (!user) { return cb(null, false, {message:"Invalid credentials"}); }
+          if (user.password != password) { return cb(null, false, {message:"Invalid credentials"}); }
+          return cb(null, user);
+        });
+
+      } 
+      else
+        return cb(null, false);
+    }
+  ));
+
+  // Specify serialize and deserialize methods for passport
+  passport.serializeUser(function(user, cb){
+    var sessionUser = user;
+    cb(null, sessionUser);
+  });
+  passport.deserializeUser(function(user, cb){
+      cb(null, user);
+  });
+};
diff --git a/routes/index.js b/routes/index.js
index 579c2ad..d1b5b5e 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -34,7 +34,11 @@ exports.createRoutes = function(app_ref) {
   //adds login facility
   app.get('/admin',function (req,res) { res.render('admin',{ msg:req.flash('error'), log: req.user? true : false});});
   //auth using passport
-  app.post('/admin', passport.authenticate('local', { failureRedirect: '/admin', failureFlash: true }), function(req, res) {
+  app.post('/admin', passport.authenticate('admin-login', { failureRedirect: '/admin', failureFlash: true }), function(req, res) {
+    res.redirect('/');
+  });
+  app.get('/login', function (req,res) { res.render('login',{ msg:req.flash('error'), log: req.user? true : false});});
+  app.post('/login', passport.authenticate('user-login', { failureRedirect: '/login', failureFlash: true }), function(req, res) {
     res.redirect('/');
   });
   app.post('/logout', function(req, res) {
diff --git a/views/login.html b/views/login.html
new file mode 100644
index 0000000..170bf60
--- /dev/null
+++ b/views/login.html
@@ -0,0 +1,169 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <title>User Login</title>
+    <style>
+      @import url(https://fonts.googleapis.com/css?family=Roboto:300);
+      .login-page {
+          width: 410px;
+          padding: 8% 0 0;
+          margin: auto;
+      }
+
+      h1 {
+        color: white;
+        font-size: 50px;
+        font-weight: 130;
+        text-align: center;
+        margin: 15px;
+      }
+      .form {
+          position: relative;
+          z-index: 1;
+          background: #FFFFFF;
+          max-width: 360px;
+          margin: 0 auto 100px;
+          padding: 45px;
+          text-align: center;
+          box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.2), 0 5px 5px 0 rgba(0, 0, 0, 0.24);
+      }
+
+      .form input {
+          font-family: "Roboto", sans-serif;
+          outline: 0;
+          background: #f2f2f2;
+          width: 100%;
+          border: 0;
+          margin: 0 0 15px;
+          padding: 15px;
+          box-sizing: border-box;
+          font-size: 14px;
+      }
+
+      .form button {
+          font-family: "Roboto", sans-serif;
+          text-transform: uppercase;
+          outline: 0;
+          background: #022a50;
+          width: 100%;
+          border: 0;
+          padding: 15px;
+          color: #FFFFFF;
+          font-size: 14px;
+          -webkit-transition: all 0.3 ease;
+          transition: all 0.3 ease;
+          cursor: pointer;
+      }
+
+      .form button:hover,
+      .form button:active,
+      .form button:focus {
+          background: #022a50;
+      }
+
+      .form .message {
+          margin: 15px 0 0;
+          color: #b3b3b3;
+          font-size: 12px;
+      }
+
+      .form .message a {
+          color: #022a50;
+          text-decoration: none;
+      }
+
+      .form .register-form {
+          display: none;
+      }
+
+      .container {
+          position: relative;
+          z-index: 1;
+          max-width: 300px;
+          margin: 0 auto;
+      }
+
+      .container:before,
+      .container:after {
+          content: "";
+          display: block;
+          clear: both;
+      }
+
+      .container .info {
+          margin: 50px auto;
+          text-align: center;
+      }
+
+      .container .info h1 {
+          margin: 0 0 15px;
+          padding: 0;
+          font-size: 36px;
+          font-weight: 300;
+          color: #1a1a1a;
+      }
+
+      .container .info span {
+          color: #4d4d4d;
+          font-size: 12px;
+      }
+
+      .container .info span a {
+          color: #000000;
+          text-decoration: none;
+      }
+
+      .container .info span .fa {
+          color: #EF3B3A;
+      }
+
+      .alert{
+        margin: 5px auto;
+        text-align: center;
+        color: red;
+        border: 2px;
+      }
+
+      body {
+          background: #022a50;
+          font-family: "Roboto", sans-serif;
+          -webkit-font-smoothing: antialiased;
+          -moz-osx-font-smoothing: grayscale;
+      }
+    </style>
+</head>
+
+<body>
+    <div class="login-page">
+      <h1>Login</h1>
+      {% if msg %}
+        <div class="alert">
+          <p>{{msg}}</p>
+        </div>
+      {% endif %}
+        <div class="form">
+            <!-- <form class="register-form">
+          <input type="text" placeholder="name" />
+          <input type="password" placeholder="password" />
+          <input type="text" placeholder="email address" />
+          <button>create</button>
+          <p class="message">Already registered? <a href="#">Sign In</a></p>
+      </form> -->
+            {% if log %}
+                <form action="/logout" method="post" class="login-form">
+                 <button type="submit">Logout</button>
+            {% else %}
+            <form action="/login" method="post" class="login-form">
+                <input type="text" placeholder="username" name="username" />
+                <input type="password" placeholder="password" name="password" />
+                <button type="submit">login</button>
+                <!-- <p class="message">Not registered? <a href="#">Create an account</a></p> -->
+            {% endif %}
+            </form>
+        </div>
+    </div>
+</body>
+
+</html>

From 4f84f9b7af899f8a96209f06e3de39b4e22fd5e4 Mon Sep 17 00:00:00 2001
From: UTkarsh <utkarshme96@gmail.com>
Date: Sat, 4 Mar 2017 21:07:27 +0530
Subject: [PATCH 2/2] Users must be different from admins

---
 passport_config.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/passport_config.js b/passport_config.js
index 520133f..6303cb5 100644
--- a/passport_config.js
+++ b/passport_config.js
@@ -50,7 +50,18 @@ module.exports = function(app, passport){
             return cb(null, false, {message:"User already registered"});
           }
           else{
-            app.db.users.insert({username: username, password:password});
+            // Must not be the same as admins
+            app.db.admins.findOne({username: username}, function(err, user) {
+              if (err) {
+                return cb(err);
+              }
+              if (user) {
+                return cb(null, false, {message:"User already registered"});
+              }
+              else{
+                app.db.users.insert({username: username, password:password});
+              }
+            });
           }
         });
       }else