almost rebased

test/routes/index.js

@@ -0,0 +1,11 @@
+
+/*
+ * GET home page.
+ */
+
+
+module.exports = function(app) {
+	app.get('/', function(req, res){
+		res.render('index', { title: 'Express' })
+	});
+};

test/routes/middleware/load_user.js

@@ -0,0 +1,16 @@
+var User = require('../../data/models/user');
+
+function loadUser(req, res, next) {
+  User.findOne({username: req.params.name}, function(err, user) {
+    if (err) {
+      return next(err);
+    }
+    if (! user) {
+      return res.send('Not found', 404);
+    }
+    req.user = user;
+    next();
+  });
+}
+
+module.exports = loadUser;

test/routes/middleware/not_logged_in.js

@@ -0,0 +1,9 @@
+function notLoggedIn(req, res, next) {
+  if (req.session.user) {
+    res.send('Unauthorized', 401);
+  } else {
+    next();
+  }
+}
+
+module.exports = notLoggedIn;

test/routes/middleware/restrict_user_to_self.js

@@ -0,0 +1,9 @@
+function restrictUserToSelf(req, res, next) {
+  if (! req.session.user || req.session.user.username !== req.user.username) {
+    res.send('Unauthorized', 401);
+  } else {
+    next();
+  }
+}
+
+module.exports = restrictUserToSelf;

test/routes/session.js

@@ -0,0 +1,35 @@
+/*
+ * Session Routes
+ */
+
+var users = require('../data/users');
+var notLoggedIn = require('./middleware/not_logged_in');
+
+module.exports = function(app) {
+
+  app.dynamicHelpers({
+    session: function(req, res) {
+      return req.session;
+    }
+  });
+
+  app.get('/session/new', notLoggedIn, function(req, res) {
+    res.render('session/new', {title: "Log in"});
+  });
+
+  app.post('/session', notLoggedIn, function(req, res) {
+    if (users[req.body.username] &&
+      users[req.body.username].password === req.body.password) {
+        req.session.user = users[req.body.username];
+        res.redirect('/users');
+      } else {
+        res.redirect('/session/new');
+      }
+    });
+
+  app.del('/session', function(req, res, next) {
+    req.session.destroy();
+    res.redirect('/users');
+  });
+
+};

test/routes/users.js

@@ -0,0 +1,61 @@
+/*
+ * User Routes
+ */
+
+var User = require('../data/models/user');
+var notLoggedIn = require('./middleware/not_logged_in');
+var loadUser = require('./middleware/load_user');
+var restrictUserToSelf = require('./middleware/restrict_user_to_self');
+var maxUsersPerPage = 5;
+
+module.exports = function(app) {
+
+  app.get('/users', function(req, res,next){
+  var page = req.query.page && parseInt(req.query.page, 10) || 0;    
+    User.find({})
+    .sort('name', 1)
+    .skip(page * maxUsersPerPage)
+    .limit(maxUsersPerPage)
+    .exec(function(err, users) {
+      if (err) {
+        return next(err);
+      }
+      res.render('users/index', {title: 'Users', users: users});
+    });
+  });
+
+  app.get('/users/new', notLoggedIn, function(req, res) {
+    res.render('users/new', {title: "New User"});
+  });
+
+  app.get('/users/:name', loadUser, function(req, res, next){
+    res.render('users/profile', {title: 'User profile', user: req.user});
+  });
+
+  app.post('/users', notLoggedIn, function(req, res, next) {
+    User.findOne({username: req.body.username}, function(err, user) {
+      if (err) {
+        return next(err);
+      }
+      if (user) {
+        return res.send('Conflict', 409);
+      }
+      User.create(req.body, function(err) {
+        if (err) {
+          return next(err);
+        }
+        res.redirect('/users');
+      });
+    });
+  });
+
+  app.del('/users/:name', loadUser, restrictUserToSelf,
+    function(req, res, next) {
+      req.user.remove(function(err) {
+        if (err) { return next(err); }
+        res.redirect('/users');
+      });
+    
+  });
+
+};