Added password encryption and checking.

backend/app.js

@@ -16,9 +16,10 @@ const express          = require('express'),
       config           = require('config'),
       request          = require('request'),
       passport         = require('passport'),
+      bcrypt           = require('bcrypt'),
       LocalStrategy    = require('passport-local').Strategy,
-      GitHubStrategy    = require('passport-github').Strategy,
-	  DiscordStrategy = require('passport-discord').Strategy,
+      GitHubStrategy   = require('passport-github').Strategy,
+	  DiscordStrategy  = require('passport-discord').Strategy,
       passportSocketIo = require("passport.socketio");
 
 // global module
@@ -100,8 +101,15 @@ function setupExpress() {
 			global.db.user.findOne({"email.address": email}, (err, user) => {
 				if (err) return done(err);
 				if (!user) return done(null, false);
-				//if (!user.services.token.password == password) return done(null, false);
-				return done(null, user);
+				bcrypt.compare(password, user.services.password.password, function(err, res) {
+					if (res) {
+						return done(null, user);
+					} else if (err) {
+						return done(err);
+					} else {
+						return done(null, false);
+					}
+				});
 			});
 		});
 	}));
@@ -116,14 +124,14 @@ function setupExpress() {
 			/*User.findOrCreate({ githubId: profile.id }, function (err, user) {
 				return cb(err, user);
 			});*/
-			global.db.user.findOne({"services.github.token": profile._json.id}, (err, user) => {
+			global.db.user.findOne({"services.github.id": profile._json.id}, (err, user) => {
 				if (err) return done(err);
 				if (!user) {
 					let newUser = new global.db.user({
 						username: profile.username,
 						services: {
 							github: {
-								token: profile._json.id
+								id: profile._json.id
 							}
 						}
 					});
@@ -145,14 +153,14 @@ function setupExpress() {
 		},
 		function(accessToken, refreshToken, profile, done) {
 			console.log(accessToken, refreshToken, profile);
-			global.db.user.findOne({"services.discord.token": profile.id}, (err, user) => {
+			global.db.user.findOne({"services.discord.id": profile.id}, (err, user) => {
 				if (err) return done(err);
 				if (!user) {
 					let newUser = new global.db.user({
 						username: profile.username,
 						services: {
 							discord: {
-								token: profile.id
+								id: profile.id
 							}
 						}
 					});

backend/logic/coreHandler.js

@@ -10,6 +10,7 @@ const path   = require('path'),
 const config    = require('config'),
       request   = require('request'),
       waterfall = require('async/waterfall'),
+      bcrypt = require('bcrypt'),
 	  passport  = require('passport');
 
 // custom modules
@@ -58,17 +59,37 @@ module.exports = {
 							else {
 								//TODO Email verification code, send email
 								//TODO Encrypt password
-								let newUser = new global.db.user({
-									username: username,
-									email: {
-										address: email,
-										verificationToken: "Code"
+
+								bcrypt.genSalt(10, function (err, salt) {
+									if (err) {
+										return cb(err);
+									} else {
+										//Hashing the password with the salt
+										bcrypt.hash(password, salt, function (err, hash) {
+											if (err) {
+												//TODO Throw error
+												return cb(err);
+											} else {
+												let newUser = new global.db.user({
+													username: username,
+													email: {
+														address: email,
+														verificationToken: global.generateRandomString("64")
+													},
+													services: {
+														password: {
+															password: hash
+														}
+													}
+												});
+												newUser.save(function (err) {
+													if (err) throw err;
+													return cb(null, newUser);
+												});
+											}
+										});
 									}
 								});
-								newUser.save(function (err) {
-									if (err) throw err;
-									return cb(null, newUser);
-								});
 							}
 						});
 					}

backend/logic/global.js

@@ -41,11 +41,24 @@ class Timer {
 	}
 }
 
+function getRandomNumber(min, max) {
+	return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
 module.exports = {
 	io: null, // Socket.io
 	db: null, // Database
 	htmlEntities: str => {
 		return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
 	},
+	getRandomNumber,
+	generateRandomString: len => {
+		let chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split("");
+		let result = [];
+		for (let i = 0; i < len; i++) {
+			result.push(chars[getRandomNumber(0, chars.length - 1)]);
+		}
+		return result.join("");
+	},
 	Timer
 };

backend/package.json

@@ -7,6 +7,7 @@
   "repository": "https://github.com/Musare/MusareNode",
   "dependencies": {
     "async": "2.0.1",
+    "bcrypt": "^0.8.7",
     "body-parser": "^1.15.2",
     "config": "^1.21.0",
     "connect-mongo": "^1.3.2",

backend/schemas/user.js

@@ -11,13 +11,13 @@ module.exports = mongoose => {
         },
         services: {
             password: {
-                token: String
+                password: String
             },
             github: {
-                token: String
+                id: String
             },
             discord: {
-                token: String
+                id: String
             }
         },
         ban: {

bootstrap.sh

@@ -10,6 +10,22 @@ else
 	sudo apt-get install -y mosh
 fi
 
+# install python
+if command_exists "py"; then
+	echo "Skipping python install"
+else
+	echo "Installing python"
+	sudo apt-get install -y python2.7
+fi
+
+# install build-essential
+if command_exists "build-essential"; then
+	echo "Skipping build-essential install"
+else
+	echo "Installing build-essential"
+	sudo apt-get install -y build-essential
+fi
+
 # install NodeJS
 if command_exists "nodejs"; then
 	echo "Skipping nodejs install"