Build a blog with Areto Node.js framework

Security controller

The blog's user has the following actions: sign up, sign in or sign out. All of them are united in the security controller.

controllers/AuthController.js

'use strict';
const Base = require('areto/base/Controller');
module.exports = class AuthController extends Base {
  // place methods here
};
module.exports.init(module);

Captcha

In addition to the internal methods, controller actions can be defined as a separate class. It uses a constant ACTIONS. Name of the captcha property determines the route. Prop's value determines the parameters to create the a class instance. In this case, the class action is a captcha to protect our blog from automatic registration.

controllers/AuthController.js

...
static getConstants () {
  return {
    ACTIONS: {
      'captcha': {
        Class: require('areto/captcha/CaptchaAction'),
        minLength: 3,
        maxLength: 4,
        // fixedVerifyCode: '123'
      }
    }
  };
}
...

Sign up

Registration and authentication is available for anonymous (isGuest) users only. Logged user will get the name and exit link.

The SignUpForm form model is instantiated to sign up. If the current request already contains form data (isPost), the model gets these values and calls registration method. Otherwise, the blank form is displayed.

If errors occur the current form is displayed with a warning message. If successful, the guest user is redirected to the login page.

controllers/AuthController.js

...
actionSignup () {
  if (this.user.isGuest()) {
    let Form = require('../models/SignUpForm');
    let model = new Form({controller: this});
    if (this.isPost()) {
      model.load(this.getBodyParams());
        model.signUp(this.user, err => {
          err ? this.throwError(err)
              : model.hasError() ? this.render('signup', {model, user: this.user})
                                 : this.goLogin();
      });
    } else {
      this.render('signup', {model, user: this.user});
    }
  } else {
    this.render('signed', {model: this.user.identity});
  }
}
...

Authentication

To access the blog functionality visitors use the authentication form. After successful validation, users are forwarded to the initiated page.

controllers/AuthController.js

...
actionSignin () {
  if (this.user.isGuest()) {
    let Form = require('../models/SignInForm');
    let model = new Form({controller: this});
    if (this.isPost()) {
      model.load(this.getBodyParams());
        model.login(this.user, err => {
          err ? this.throwError(err)
              : model.hasError() ? this.render('signin', {model, user: this.user})
                                 : this.goBack();
      });
    } else {
      this.render('signin', {model, user: this.user});
    }
  } else {
    this.render('signed', {model: this.user.identity});
  }
}
...

Sign out

controllers/AuthController.js

...
actionLogout () {
  this.user.logout(err => {
    err ? this.render('signed', {model: this.user.identity})
        : this.redirect('/auth/signin');
  });
}
...