closes #26 - admin login

There is now a login page. Trying to access any authenticated route will redirect you to a login page if you are not logged in. Logging in works with the same hard-coded username and password & remembers you for a session. Logging in will redirect you to your original route. Flashes are present although they don't really appear in the right place.
2013-05-19 12:19:39 +01:00 · 2013-05-19 12:19:39 +01:00 · 7066593d78
commit 7066593d78
parent 27ce297b32
4 changed files with 54 additions and 13 deletions
--- a/app.js
+++ b/app.js
@ -29,9 +29,14 @@
        ghost.app().use(I18n.load(ghost));
        ghost.app().use(express.bodyParser());
        ghost.app().use(express.cookieParser('try-ghost'));
-        ghost.app().use(express.session({ cookie: { maxAge: 60000 }}));
-        ghost.app().use(flash());
+        ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000 }}));
        ghost.app().use(ghost.initTheme(ghost.app()));
+        ghost.app().use(flash());
+        // bind locals - options which appear in every view - perhaps this should be admin only
+        ghost.app().use(function (req, res, next) {
+            res.locals.messages = req.flash();
+            next();
+        });
    });

    /**
@ -40,7 +45,14 @@
     *
     * @type {*}
     */
-    auth = express.basicAuth('ghostadmin', 'Wh0YouGonnaCall?');
+    auth = function (req, res, next) {
+        if (!req.session.user) {
+            req.flash('warn', "Please login");
+            res.redirect('/ghost/login/?redirect=' + encodeURIComponent(req.path));
+        } else {
+            next();
+        }
+    };

    helpers.loadCoreHelpers(ghost);

@ -59,6 +71,10 @@
     * Admin routes..
     * @todo put these somewhere in admin
     */
+
+    ghost.app().get(/^\/logout\/?$/, admin.logout);
+    ghost.app().get('/ghost/login/', admin.login);
+    ghost.app().post('/ghost/login/', admin.auth);
    ghost.app().get('/ghost/editor/:id', auth, admin.editor);
    ghost.app().get('/ghost/editor', auth, admin.editor);
    ghost.app().get('/ghost/blog', auth, admin.blog);
@ -82,9 +98,4 @@
    ghost.app().listen(3333, function () {
        console.log("Express server listening on port " + 3333);
    });
-//    }, function (e) {
-//        console.log(e.toString());
-//    }).then(null, function (e) {
-//        console.log(e.stack);
-//    });
 }());
--- a/core/admin/controllers/index.js
+++ b/core/admin/controllers/index.js
@ -53,6 +53,26 @@
    }

    adminControllers = {
+        'login': function (req, res) {
+            res.render('login', {
+                bodyClass: 'ghost-login',
+                hideNavbar: true,
+                adminNav: setSelected(adminNavbar, 'login')
+            });
+        },
+        'auth': function (req, res) {
+            if (req.body.email === 'ghostadmin' && req.body.password === 'Wh0YouGonnaCall?') {
+                req.session.user = "ghostadmin";
+                res.redirect(req.query.redirect || '/ghost/');
+            } else {
+                res.redirect('/ghost/login/');
+            }
+        },
+        'logout': function (req, res) {
+            delete req.session.user;
+            req.flash('success', "You were successfully logged out");
+            res.redirect('/ghost/login/');
+        },
        'index': function (req, res) {
            res.render('dashboard', {
                bodyClass: 'dashboard',
@ -97,9 +117,7 @@
            index: function (req, res) {
                res.render('debug', {
                    bodyClass: 'settings',
-                    adminNav: setSelected(adminNavbar, 'settings'),
-                    messages: req.flash(),
-                    test: 'Hello world'
+                    adminNav: setSelected(adminNavbar, 'settings')
                });
            },
            'dbdelete': function (req, res) {
--- a/core/admin/views/default.hbs
+++ b/core/admin/views/default.hbs
@ -16,7 +16,6 @@
        <meta name="apple-mobile-web-app-capable" content="yes" />

        <link rel="shortcut icon" href="/favicon.ico">
-        <link rel="logo" type="image/svg" href="/core/admin/assets/img/logo.svg"/>
        <meta http-equiv="cleartype" content="on">

        <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Lato:300,400,700">
@ -32,7 +31,9 @@
        {{{block "headScripts"}}}
    </head>
    <body class="{{bodyClass}}">
-        {{> navbar}}
+        {{#unless hideNavbar}}
+            {{> navbar}}
+        {{/unless}}

        <main role="main">
            {{> flashes}}
--- a/core/admin/views/login.hbs
+++ b/core/admin/views/login.hbs
@ -0,0 +1,11 @@
+{{!< default}}
+<img class="login-logo" src="/core/admin/assets/img/logo.png" alt="" />
+<form id="login" method="post">
+    <div class="email-wrap">
+        <input class="email" type="text" placeholder="Email Address" name="email">
+    </div>
+    <div class="password-wrap">
+        <input class="password" type="password" placeholder="Password" name="password">
+    </div>
+    <button class="button-save" type="submit">Log in</button>
+</form>