loginRoutes.js

var jwt = require("jsonwebtoken");
var async = require("async");
var dbCollections = require('../../config/db/dbCollections');

function loginRoutes(app, routeOptions) {
    // List of collections available
    var DB = dbCollections(routeOptions.database);

    app.post('/auth/user/login', function(req, res) {
        var user = {};
        var userinfo = {
            username: req.body.username,
            password: req.body.password
        };
        DB.UserClln.findOne(userinfo, {_id: 0, token: 1}, function(err, result) {
            if (result !== null) {
                res.json({
                    success: true,
                    message: 'Authentication successful',
                    token: result.token
                });
            }
            else {
                res.json({
                    success: false,
                    message: 'Authentication failed'
                });
            }
        });
    });

    // route for user signup completion
    app.post('/auth/user/signup', function(req, res) {
        var user = {
            username: req.body.username,
            password: req.body.password,
            email:  req.body.email
        };
        // TODO encrypt password before storing in DB
        var userinfo = {
            firstName: req.body.firstName,
            lastName: req.body.lastName,
            username: req.body.username,
            password: req.body.password,
            email: req.body.email,
            token: jwt.sign(user, process.env.JWT_SECRET),
            modifiedAt: null,
            registeredAt: new Date().getTime()
        };

        var error =
        {
            email: false,
            username: false,
            invite: false
        };

        async.parallel([
            function(callback) {
                // Check if email already exists
                DB.UserClln.findOne({email: user.email}, {_id: 0, email: 1}, function (err, result) {
                    if (result !== null) {
                        error.email = true;
                    } else {
                        error.email = false;
                    }
                    console.log('email already exists: ' + error.email);
                    callback(null, 'one');
                });
            },
            function(callback) {
                DB.UserClln.findOne({username: user.username}, {_id: 0, username: 1}, function (err, result) {
                    if (result !== null) {
                        error.username = true;
                    } else {
                        error.username = false;
                    }
                    console.log('username already exists: ' + error.username);
                    callback(null, 'two');
                });
            }
        ],
        function(err, results) {
            if(!(error.email && error.username)) {
                console.log('Username and Email doesnt exist already');
                // Insert user if no existing record already exists
                DB.UserClln.insert(userinfo, function (err, data) {
                    res.json({
                        success: true,
                        message: 'Registeration successful'
                    });
                });
            }
            else {
                console.log('Error in Username/Email');
                // Send error details in case email or username already exist
                console.log(error);
                var message;
                if(error.email && error.username) {
                    message = 'email and username already exist';
                }
                else if(error.email) {
                    message = 'email already exist';
                }
                else {
                    message = 'username already exist';
                }

                res.json({
                    success: false,
                    message: message
                });
            }
        });
    });

    // NOTE: This has to be after unprotected routes
    // route middleware to verify a token
    app.use(function(req, res, next) {
        // check header or url parameters or post parameters for token
        var token = req.body.token || req.query.token || req.headers['x-auth-token'];

        if (token) {
            // verifies secret and checks exp
            jwt.verify(token, process.env.JWT_SECRET, function(err, decoded) {
                if (err) {
                    console.log('Failed to authenticate token.');
                    return res.json({ success: false, message: 'Failed to authenticate token.' });
                } else {
                    console.log('Token verifed successfully');
                    // if everything is good, save to request for use in next middleware
                    req.decoded = decoded;

                    // TODO Add action to user collection

                    next();
                }
            });
        } else {
            // if there is no token
            // return an error
            return res.status(403).send({
                success: false,
                message: 'No token provided.'
            });
        }
    });

    // route for logging out
    app.get('/auth/user/logout', function(req, res) {
        res.redirect('/');
    });
}

module.exports = loginRoutes;