1 files changed, 27 insertions, 12 deletions

diff --git a/protoype/app.js b/protoype/app.js
index 0a698c2..82f2ec2 100644
--- a/protoype/app.js
+++ b/protoype/app.js
@@ -8,6 +8,7 @@
  *   - redis for active users
  *   - load from db once, and refetch when necessary
  *   - if (verbose) log; can choose to use process.env and/or app.settings.env
+ *   - jsdoc?
  *
  */
 
@@ -19,7 +20,6 @@ var express = require('express');
 var RedisStore = require('connect-redis')(express);
 
 var db = require('./mydb.js');
-var driver = require('./router/driver.js');
 var myplatform = require('./router/myplatform.js');
 var user = require('./router/user.js');
 var index = require('./router/index.js');
@@ -27,15 +27,30 @@ var index = require('./router/index.js');
 var app = express();
 
 function deadend(req, res, next) {
-    util.log('[deadend] couldn\'t serve');
+    util.log('[deadend] couldn\'t serve, requested path: ' + req.url);
     /* collect possible info here */
     /* if (critical_wrong) then; throw new Error('da fuck this entity is doing!'); */
-    res.send(404, 'page not found');
+    res.send(404, 'page not found\n');
 }
 
 function error_handler(err, req, res, next) { /* error handling, arity of 4 */
     console.error(err.stack);
-    res.send(500, 'something broke!');
+    res.send(500, 'something broke!\n');
+}
+
+/* delete req.session.user on close connection? */
+function restrict(req, res, next) {
+    if (req.session.user)
+    {
+        util.log('[restrict] granted ' + req.session.user);
+        next();
+    }
+    else
+    {
+        util.log('[restrict] blocked access');
+        res.send(401, 'access restricted\n');
+        /* res.redirect(/login); */
+    }
 }
 
 app.configure(function() {
@@ -47,22 +62,22 @@ app.configure(function() {
     app.use(express.favicon());
     app.use(express.compress());  /* gzip */
     app.use(express.bodyParser()); /* creates req.body which req.param() uses */
-    app.use(express.cookieParser()); /* req.session can be populated with user defined vars */
-    app.use(express.session({ secret: "keyboard cat", store: new RedisStore() }));
+    app.use(express.cookieParser()); /* req.session.* can be populated with user defined vars */
+    app.use(express.session({ secret: "keyboard cat", store: new RedisStore() })); /* populates req.session */
     app.use(app.router); /* when there's no match, we go static file handling below */
     app.use(require('stylus').middleware(__dirname + '/public'));
     app.use(express.static(path.join(__dirname, 'public'))); /* GET /stylesheets/style.css */
     app.use(deadend); /* we get here if we couldn't serve */
+    app.use(error_handler); /* is this correct? */
 });
 
+app.get('/', index.root);
+app.get('/create', user.create_get);
 app.post('/create', user.create_post);
+app.get('/login', user.login_get);
 app.post('/login', user.login_post);
-app.get('/sys/:id([a-z]+)', myplatform.system);
-
-/* routing to handlers that can drive the server's functionality */
-app.get('/create', driver.create_get);
-
-app.get('/', index.root);
+//app.all('*', auth.check); /* not applicable, I want router list to hit the end in case auth fails */
+app.get('/sys/:id([a-z]+)', restrict, myplatform.system);
 
 app.listen(8081, function() {
     util.log(util.format('[server] listening on port %d in %s mode', this.address().port, app.settings.env));