all posts runing by token

controllers/travelController.js

@@ -52,10 +52,15 @@ exports.findAllTravelsFromUsername = function(req, res) {
 
 exports.addTravel = function(req, res) {
 	console.log('POST new travel, title: ' + req.body.title);
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		var user=users[0];
+
 		var travel = new travelModel({
 			title: req.body.title,
 		    description:   req.body.description,
-	    owner:   req.body.owner,
+		    owner:   user.username,
 		    from:   req.body.from,
 		    to:   req.body.to,
 		    date:   req.body.date,
@@ -64,8 +69,8 @@ exports.addTravel = function(req, res) {
 			seats: req.body.seats,
 			package: req.body.package,
 			icon: req.body.icon,
-		phone: req.body.phone,
-		telegram: req.body.telegram,
+			phone: user.phone,
+			telegram: user.telegram,
 			collectivized: req.body.collectivized,
 			modality: req.body.modality
 		});
@@ -82,9 +87,6 @@ exports.addTravel = function(req, res) {
 		{
 			return res.status(500).jsonp("empty inputs");
 		}else if(travel.date==undefined)
-	{
-		return res.status(500).jsonp("empty inputs");
-	}else if(travel.seats==undefined)
 		{
 			return res.status(500).jsonp("empty inputs");
 		}else if(travel.title==undefined)
@@ -100,7 +102,9 @@ exports.addTravel = function(req, res) {
 
 				res.status(200).jsonp(travels);
 			});
-	});
+		});//end of travel.save
+	});//end of usermodel.find
+
 
 };
 
@@ -124,7 +128,14 @@ exports.updateTravel = function(req, res) {
 
 //DELETE
 exports.deleteTravel = function(req, res) {
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		var user=users[0];
+
 		travelModel.findById(req.params.id, function(err, travel) {
+			if(travel.owner==user.username)
+			{
 				travel.remove(function(err) {
 					if(err) return res.send(500, err.message);
 
@@ -132,20 +143,27 @@ exports.deleteTravel = function(req, res) {
 							if(err) res.send(500, err.message);
 							res.status(200).jsonp(travels);
 					});
-		})
+				});
+			}
+		});
 	});
 };
 
 
 /* join */
 exports.addJoin = function(req, res) {
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		var user=users[0];
+
 		travelModel.findById(req.params.travelId, function(err, travel){
 			console.log(travel.title);
 			var join = {
-			joinedUserId: req.body.joinedUserId,
-			joinedUsername: req.body.joinedUsername,
+				joinedUserId: user._id,
+				joinedUsername: user.username,
 				acceptedUserId: req.body.acceptedUserId,
-			joinedAvatar: req.body.joinedAvatar
+				joinedAvatar: user.avatar
 			};
 			travel.joins.push(join);
 
@@ -158,14 +176,19 @@ exports.addJoin = function(req, res) {
 				});
 			});
 		});
+	});
 };
 
 exports.doUnjoin = function(req, res) {
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		var user=users[0];
 
 		travelModel.findById(req.params.travelId, function(err, travel){
 			for(var i=0; i<travel.joins.length; i++)
 			{
-			if(travel.joins[i].joinedUsername==req.body.joinedUsername)
+				if(travel.joins[i].joinedUsername==user.username)
 				{
 					travel.joins.splice(i, 1);
 				}
@@ -180,6 +203,7 @@ exports.doUnjoin = function(req, res) {
 				});
 			});
 		});
+	});
 };
 
 exports.getJoinsByTravelId = function(req, res) {
@@ -215,14 +239,18 @@ exports.addComment = function(req, res) {
 		if(err) return res.send(500, err.message);
     res.status(200).jsonp(comment);
 	});*/
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		var user=users[0];
 
 		travelModel.findById(req.params.travelId, function(err, travel){
 			console.log(travel.title);
 			var comment = {
-			commentUserId: req.body.commentUserId,
-			commentUsername: req.body.commentUsername,
+				commentUserId: user._id,
+				commentUsername: user.username,
 				comment: req.body.comment,
-			commentAvatar: req.body.commentAvatar
+				commentAvatar: user.avatar
 			};
 			travel.comments.push(comment);
 
@@ -235,6 +263,7 @@ exports.addComment = function(req, res) {
 				});
 			});
 		});
+	});//end of userModel.find
 };
 
 exports.getCommentsByTravelId = function(req, res) {

controllers/userController.js

@@ -21,6 +21,7 @@ exports.findAllUsers = function(req, res) {
 	for(var i=0; i<users.length; i++)
 	{
 		users[i].password="";
+		users[i].token="";
 		console.log(users[i].password);
 	}
 
@@ -38,6 +39,7 @@ exports.findById = function(req, res) {
 	//password deletion
 	if(user!=null){
 		user.password="";
+		users.token="";
 	}
 		res.status(200).jsonp(user);
 	});
@@ -56,6 +58,7 @@ exports.findUserByUsername = function(req, res) {
           // return the information including token as JSON
           //res.jsonp(user);
 		  user.password="";
+			users.token="";
           console.log(user);
 	  		res.status(200).jsonp(user[0]);
 
@@ -104,13 +107,19 @@ exports.addUser = function(req, res) {
 
 /* fav */
 exports.addFav = function(req, res) {
+	var tokenuser;
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		tokenuser=users[0];
+	});
 	userModel.findById(req.params.userId, function(err, user){
 
 		// first search if user have already said like
 		var favRepeated=false;
 		for(var i=0; i<user.favs.length; i++)
 		{
-			if(user.favs[i].username==req.body.username)
+			if(user.favs[i].username==tokenuser.username)
 			{
 				favRepeated=true;
 			}
@@ -119,9 +128,9 @@ exports.addFav = function(req, res) {
 		if(favRepeated==false)
 		{
 			var fav = {
-				userId: req.body.userId,
-				username: req.body.username,
-				avatar: req.body.avatar
+				userId: tokenuser._id,
+				username: tokenuser.username,
+				avatar: tokenuser.avatar
 			};
 			user.favs.push(fav);
 
@@ -143,11 +152,17 @@ exports.addFav = function(req, res) {
 	});
 };
 exports.doUnfav = function(req, res) {
+	var tokenuser;
+	userModel.find({
+		token: req.headers['x-access-token']
+	}, function(err, users){
+		tokenuser=users[0];
+	});
 
 	userModel.findById(req.params.userId, function(err, user){
 		for(var i=0; i<user.favs.length; i++)
 		{
-			if(user.favs[i].username==req.body.username)
+			if(user.favs[i].username==tokenuser.username)
 			{
 				user.favs.splice(i, 1);
 			}
@@ -178,6 +193,7 @@ exports.updateUser = function(req, res) {
 		user.save(function(err) {
 			if(err) return res.send(500, err.message);
 			user.password="";
+			users.token="";
       	res.status(200).jsonp(user);
 		});
 	});
@@ -221,7 +237,11 @@ exports.login = function(req, res) {
           //expiresInMinutes: 1440 // expires in 24 hours
 		  //expiresIn: '60m'
         });
-console.log(user);
+				user.token=token;
+				user.save(function(err, user) {
+					if(err) return res.send(500, err.message);
+					//res.status(200).jsonp(travel);
+					console.log(user);
 	        // return the information including token as JSON
 					user.password="";
 	        res.json({
@@ -232,6 +252,8 @@ console.log(user);
 					  userid: user._id,
 						userdata: user
 	        });
+				});
+
       }
 
     }

models/userModel.js

@@ -7,6 +7,7 @@ var mongooseUniqueValidator = require('mongoose-unique-validator');
 var userSchema = new Schema({
     username: { type: String, unique: true },
     password: { type: String },
+    token: { type: String },
     description:   { type: String },
     avatar:   { type: String },
     mail:   { type: String },