sahat / hackathon-starter Goto Github PK

I was curious why the repo uses Upsercase syntax to name the model files. Before adding unit tests for the User.js model, I wanted to understand this to know if this convention should be followed for the unit specs too.

Hi, It seems this project may turn into something we all never expected. For this reason i want to make a suggestion.

I'm thinking we should add an Administrator's Section to the app.
This will also mean that role based authentication has to be implemented.
Thanks to you all for your contribution and thanks very much to sahat.

If facebook, google, github, twitter id are already unique, there is no need to constrain it on our side. (Does anyone know?)

  facebook: { type: String, unique: true, sparse: true },
  twitter: { type: String, unique: true, sparse: true },
  google: { type: String, unique: true, sparse: true },
  github: { type: String, unique: true, sparse: true },

If that's the case, then above code could be simplified into:

  facebook: String,
  twitter: String,
  google: String,
  github: String

I like the effect on the image in the readme file. What is the effect called that makes it dim like that? I've got photoshop, but am a beginner and can't seem to get my images to look similar.

Thanks.

It would be cool to have asset concatenation and minification, for those familiar with Rails Assets Pipeline, i would suggest adding the Node counterpart: Snockets

When I was installing the dependencies, I run into an error during the building of 'zombie' dev module. The error was caused by the building of 'jsdom' which is a dependency of 'contextify' which in turn is a dependency of 'zombie'. need help.

Would be great if linkedin OAuth was also included! https://developer.linkedin.com/documents/authentication

Might be another worthy way to sign in (based on BrowserID).

Why does this show up in the URL after logging in from Facebook?

This is another issue that most starters will not implement and we can make it easy for them.

hi @sahat - i'm setup testing for a client project with the starter app. I used mocha, supertest, should, and chai. Before I make a PR in the next couple days with this setup, I wanted to see if these are good tools to pull in or you or others had been pushing a different direction for testing tools.

Thanks!

Initial page on mobile (android 4.2, google nexus, phonegap app), 'Toggle Navigation' button shows up, but press the button did not work.

After press /login or other link, page shows normal.

Would this be easy to do?

Problem: For production deployments we need to change app ID, client-secret, redirect URLs for oAuth providers.

How about having development and production as two environments support for secrets.js? Should be driven via env variable NODE_ENV, and defaults to development.

Two separate config files, loaded based on passed environment name. If there is any other better solutions, we should adopt that.

Another my own project's work fine (20-30ms)

At u live-demo about 300-400, but it's maybe heroku.

GET /logout 302 7ms - 58b
GET / 200 839ms
GET / 304 1190ms
GET /api 200 1284ms
GET /contact 200 1138ms
GET /login 200 1051ms
GET /auth/twitter 302 814ms - 252b

Hello,

when accessing http://hackathonstarter.herokuapp.com/api/paypal I'm getting

500 TypeError: Cannot read property 'returnUrl' of undefined

As this is supposed to be a bootstrap project for new developments I think would be good to add the node-inspector package by default.

What do you guys think?

Hi,
I did everything by-the-book for accessing the Twitter API, but somehow it exhibits a '500' page:

TypeError: Cannot read property 'accessToken' of undefined
at exports.getTwitter (/Users/jbonnet/src/javascript/hackathon-starter/controllers/api.js:247:24)
at callbacks (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:164:37)
at exports.isAuthenticated (/Users/jbonnet/src/javascript/hackathon-starter/config/passport.js:192:37)
at callbacks (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:164:37)
at param (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:138:11)
at pass (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:145:5)
at Router._dispatch (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:173:5)
at Object.router (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/lib/router/index.js:33:10)
at next (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/express/node_modules/connect/lib/proto.js:193:15)
at Object.handle (/Users/jbonnet/src/javascript/hackathon-starter/node_modules/less-middleware/lib/middleware.js:312:14)

Any ideas?
Tks,
jb

Im getting this as an initial error when trying to run the code for the first time. This is my first time working with node.js applications.

Also, it would be ultra-awesome if you (OP) would consider doing screencasts of tutorials on effectively using this tool. I would love to advocate your project at future hackathons.

I would like to improve API examples by making them more interesting and creative.

Take Facebook API for instance in API Browser. It does not show anything interesting - just your basic info and list of your friends. I would like API examples to be not just a starting point, but also an inspiration to see what's possible.

So, I am open to any suggestions you may have on any of the APIs. You don't have to submit any code, an idea would suffice. Or even a link to a really cool project that uses that API.

Currently there isn't a way to recover the password for an account (those created "locally" using email-password).

I think it would help to add a table of contents to the readme.

Thoughts?

I'd love to take responsibility for working this issue to completition. Feel free to assign this to me.

When will you start making releases? eg v0.0.1

Please support a way to login via mozilla persona using the BrowserID protocol. There's a plugin that does this. https://github.com/jaredhanson/passport-browserid

In my Maverick with npm -v 1.3.14 , these comes up while installing node packages.

[email protected] install /Users/tal/projects/LAB/NLAB/node_modules/bcrypt
node-gyp rebuild

CXX(target) Release/obj.target/bcrypt_lib/src/blowfish.o
make: c++: No such file or directory
make: *** [Release/obj.target/bcrypt_lib/src/blowfish.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: make failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:267:23)
gyp ERR! stack at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:789:12)
gyp ERR! System Darwin 13.0.0
gyp ERR! command "node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/tal/projects/LAB/NLAB/node_modules/bcrypt
gyp ERR! node -v v0.10.22
gyp ERR! node-gyp -v v0.11.0
gyp ERR! not ok
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is most likely a problem with the bcrypt package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! node-gyp rebuild
npm ERR! You can get their info via:
npm ERR! npm owner ls bcrypt
npm ERR! There is likely additional logging output above.

npm ERR! System Darwin 13.0.0
npm ERR! command "node" "/usr/local/bin/npm" "install"
npm ERR! cwd /Users/tal/projects/LAB/NLAB
npm ERR! node -v v0.10.22
npm ERR! npm -v 1.3.14
npm ERR! code ELIFECYCLE
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /Users/tal/projects/LAB/NLAB/npm-debug.log
npm ERR! not ok code 0

I am trying to add login with Facebook and Twitter. Regular login with e-mail and password works fine. However, when I try to login with Facebook, it asks for permission (from Facebook), and I am redirected to the main page ("/") without getting logged in. The text in the upper right corner still tells me I am able of logging in. I've been scanning through the whole code base, but I am not able of locating the error. I am providing correct clientId and clientSecret. The callbackUrl is set to http:myIP:3000 both in the facebook-console and in the secret.js-file. The same scenario occurs with Twitter-login.

Any idea where my error might be? Thanks!

Steps to reproduce:

1. Login with GitHub strategy
2. Navigate to: "My Account"

Seems the app is unable to get the Gravatar img:
profile.jade:37 = img(src="#{user.gravatar()}", class='profile', width='100', height='100')

The full error I get is:
Express
500 TypeError: /home/dev/gits/lequeso/hackathon-starter/views/account/profile.jade:37
35| label.col-sm-2.control-label(for='gravatar') Gravatar
36| .col-sm-4
> 37| img(src="#{user.gravatar()}", class='profile', width='100', height='100')
38| .form-group
39| .col-sm-offset-2.col-sm-4
40| button.btn.btn.btn-primary(type='submit')

Not a string or buffer

The authentication strategy with Tumblr doesn't appear to be working correctly.

defining a token, secret, and callback will yield an express error:

500 TypeError: Cannot read property '_id' of undefined

the request argument in the callback doesn't have a user property with an _id value

i'm checking out passport-tumblr but that's giving me an error:

failed to obtain request token (status: 401 data: oauth_consumer_key not recognized) at /Users/b/Public/sape/passport-tumblr/examples/login/node_modules/passport-tumblr/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth.js:196:36 at /Users/b/Public/sape/passport-tumblr/examples/login/node_modules/passport-tumblr/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:530:17 at passBackControl (/Users/b/Public/sape/passport-tumblr/examples/login/node_modules/passport-tumblr/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:386:13) at IncomingMessage.<anonymous> (/Users/b/Public/sape/passport-tumblr/examples/login/node_modules/passport-tumblr/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:398:9) at IncomingMessage.EventEmitter.emit (events.js:117:20) at _stream_readable.js:920:16 at process._tickCallback (node.js:415:13)

has the Tumblr API changed? is this project easy to configure and implement stories from Tumblr?

Thanks!

@sahat What do you think about this approach. this will work with auth logins, signup, and regular login. In fact if user goes to login page then goes to signup page to register new account we can redirect him back to his original url.

// Middleware stores current url on each request except auth/login/logout/signup
app.use(function(req, res, next) {
  if(req.method !== 'GET') return next();

  var path = req.path.split('/')[1];  // get first path

  // if is on any of these pages don't add path to session
  if (/^(auth|login|logout|signup)$/.test(path)) return next();

  req.session.redirectTo = req.path;
  next();
});

Thats it. on successful login OR signup we can redirect user back.

res.redirect(req.session.redirectTo || '/');

For auth callbacks we can redirect user back to /login and the first if statement will do remaining work. Here's getLogin()

if (req.user) return res.redirect(req.session.redirectTo || '/');

I have tested this with facebook auth and it seems fine.

I found that radio buttons in 'My Account' page are not shown correctly.
In ios7.less, the theme uses '../../img/checkmark.png' but the file is not in there.

ios7.less line 789~792

input[type="checkbox"]:checked + span:before {
  background: #007aff url("../../img/checkmark.png") no-repeat center center;
  border-color: #007aff;
}

Maybe I'm missing something, but when I resize the My Account page, the horizontal form stays the same, it should turn to vertical form

my application routes section in app.js file just get bigger and bigger. I want to move them out to a separate page just for route. not sure how to do that.

/**

• Load controllers.
  */

var homeController = require('./controllers/home');
var userController = require('./controllers/user');
//var apiController = require('./controllers/api');
var contactController = require('./controllers/contact');
var forgotController = require('./controllers/forgot');
var resetController = require('./controllers/reset');
var connectController = require('./controllers/connect');
var dropboxController = require('./controllers/dropbox');

/**

• Application routes.
  */

app.get('/', homeController.index);
app.get('/login', userController.getLogin);
app.post('/login', userController.postLogin);
app.get('/logout', userController.logout);
app.get('/forgot', forgotController.getForgot);
app.post('/forgot', forgotController.postForgot);
app.get('/reset/:token', resetController.getReset);
app.post('/reset/:token', resetController.postReset);
app.get('/signup', userController.getSignup);
app.post('/signup', userController.postSignup);
app.get('/contact', contactController.getContact);
app.post('/contact', contactController.postContact);
app.get('/account', passportConf.isAuthenticated, userController.getAccount);
app.post('/account/profile', passportConf.isAuthenticated, userController.postUpdateProfile);
app.post('/account/password', passportConf.isAuthenticated, userController.postUpdatePassword);
app.post('/account/delete', passportConf.isAuthenticated, userController.postDeleteAccount);
app.get('/account/unlink/:provider', passportConf.isAuthenticated, userController.getOauthUnlink);

app.get('/connect', connectController.index);
app.get('/connect/dropbox', dropboxController.GetRequestToken);
app.get('/auth/dropbox', dropboxController.GetAccessToken);
app.get('/dropbox/list', dropboxController.List);
app.get('/test', dropboxController.Test);

/**

• OAuth routes for sign-in.
  */

app.get('/auth/facebook', passport.authenticate('facebook', { scope: ['email', 'user_location'] }));
app.get('/auth/facebook/callback', passport.authenticate('facebook', { successRedirect: '/', failureRedirect: '/login' }));
app.get('/auth/google', passport.authenticate('google', { scope: 'profile email' }));
app.get('/auth/google/callback', passport.authenticate('google', { successRedirect: '/', failureRedirect: '/login' }));

Related to issue #21.

Please take a look at this commit: 535fd2d

I would love to hear some feedback on it, before continuing on with other authentication providers: google, twitter, github, local.

It's unfortunate that the code has to be so hard to read with multiple nested if statements, but that is the price for handling all edge cases when you have local authentication plus multiple third-party authentication.

/**
* Sign in with Facebook.
*
* Possible authentication states:
*
* 1. User is logged in.
*   a. Already signed in with Facebook before. (MERGE ACCOUNTS, EXISTING ACCOUNT HAS PRECEDENCE)
*   b. First time signing in with Facebook. (ADD FACEBOOK ID TO EXISTING USER)
* 2. User is not logged in.
*   a. Already signed with Facebook before. (LOGIN)
*   b. First time signing in with Facebook. (CREATE ACCOUNT)
*/

Did I miss any edge cases above?

If you have any suggestions on how to refactor it please submit a pull-request. I would really appreciate it.

Possible complication: If I have a Facebook account with email [email protected], and then I log out and create a new local account with email [email protected]. Then I proceed to linking Facebook account. At this point, since a user with Facebook account has been created first it will merge local account into a user with Facebook account. But which email should take precedence? Should user be able to still sign in with the email he/she used during local account registration - [email protected] or should it be now [email protected]? And what if a user with Facebook account has created a password from Account Management page, which password should take precedence?

@jedireza do you have any suggestions?

I was entertaining the idea of including Fabric in the hackathon-starter. Fabric would allow us to create customized build options and be able to change dependencies on the fly.

Imagine having different _forms_ that the hackathon-starter can take. We can use fabric to implement and change to any of these forms via the command line.

https://github.com/twilio/twilio-node

http://www.twilio.com/docs/api/rest

http://www.twilio.com/docs/node/install

Nice app, great work. I am learning a lot of Express, Javascript and Node.js with your Hackathon Starter Boilerplate. But I have an issue that I don't know if it is my problem or some bug in the code. When I deploy to Heroku everything seems to be cool, but then the app crashed: http://calm-shelf-8699.herokuapp.com/

Application Error
An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details.

When I do run nodeman or foreman in Localhost I don't have any problem and the App works just perfectly. Doing some research trough inspecting the heroku logs I've found the message MongoDB Connection Error. Please make sure MongoDB is running. So I don't know if my problem is in the app.js file or is in the Heroku environment or that I don't know enough code to set the Mongolab conection.

Thanks for the great work @sahat!

feature request: How about adding static resource caching.

app.use(express.static(__dirname + '/public',
{ maxAge: 864000000} // 10 days!
));

And sometimes required to brust cache for each restart.

I love the concept that this apps allows devs to get up and running within minutes.

I would suggest adding a paragraph to the README stating that:

• anyone is free to clone the repo
• anyone is free to use the code for open/closed projects
• parties should explicitly mention the MIT license applies to the original codebase
• parties should explicitly mention that all derived works are covered by another license of their choosing.

Before writing this paragraph, can I get feedback on this?

I'd love to take responsibility for working this issue to completition. Feel free to assign this to me.

I'm only using local authentication and am pulling out everything related to the other auth strategies and the API examples, but I'm not really sure what the various modules are being used for. Could you add some comments specifying what they're each used for so folks like me know which are safe to remove? Thanks!

Add step by step deployment instructions (with screenshots if it helps) for a few major PaaS providers.

• Nodejitsu
• Heroku
• OpenShift
• Azure

And MongoLab.

I see that branch you made. Does the 'Forgot Password' feature work on that branch?

Yeoman generators allow for a standard way to create scaffolding and config wizards :)

Please add res.status(404) on app.js

app.use(function(req, res) {
res.status(404).render('404', { status: 404 });
});