Source: app/controllers/AuthController.js

var dao = require('../model/dao/DAOs.js')
  , qbox = require('qbox')
  , crypto = require('crypto');

var AuthController;

/**
 * REST API - Authentication controller. Provides authentication and authorization of users.
 *
 * @param {Connection} db
 * @constructor
 */
AuthController = function(db)
{
  this.db = db;
  this.users = new dao.UserDAO(db);
}

/**
 * POST /api/auth/login
 * Login and authorization.
 *
 * @param req
 * @param res
 * @param next
 */
AuthController.prototype.login = function(req, res, next)
{
  var username = req.body.username
    , password = req.body.password
    , response = {message: 'Successfully logged in.'};

  this.users.findByUsername(username, function(user) {

    if (user) {
      var md5sum = crypto.createHash('md5').update(password);
      var hashedPassword = md5sum.digest('hex');

      if (hashedPassword == user.password) {
        req.session.authenticated = true;
        req.session.userId = user.getId();
        req.session.role = user.getRole();

        res.cookie('r', user.getRole(), {path: '/admin', httpOnly: false});
        res.cookie('n', user.getName(), {path: '/admin', httpOnly: false});
        res.cookie('i', user.getId(), {path: '/admin', httpOnly: false});

        response.role = user.getRole();
        response.name = user.getName();
        response.userid = user.getId();
        res.status(200);
      } else {
        response.message = 'Wrong password, try again.';
        res.status(403);
      }
    } else {
      response.message = 'User does not exists.';
      res.status(403);
    }

    res.json(response);
  });
}


/**
 * POST /api/auth/logout
 * Logout.
 *
 * @param req
 * @param res
 * @param next
 */
AuthController.prototype.logout = function(req, res, next)
{
  req.session.authenticated = false;
  res.clearCookie('r', {path: '/admin'});
  res.clearCookie('n', {path: '/admin'});
  res.clearCookie('i', {path: '/admin'});
  res.status(200).send('Logged out');
}

exports.AuthController = AuthController;