From b852af593e7f3e945c9c7b7751b421631efe9f69 Mon Sep 17 00:00:00 2001
From: nau <idoctnef@openmailbox.org>
Date: Wed, 31 Aug 2016 17:58:39 +0200
Subject: [PATCH] post with token runs now

---
 config.js                       |  6 ++++--
 controllers/travelController.js |  4 +---
 controllers/userController.js   | 14 +++++++++++++-
 package.json                    | 14 +++++++-------
 server.js                       |  5 +++--
 5 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/config.js b/config.js
index fe847a7..e83b101 100644
--- a/config.js
+++ b/config.js
@@ -1,7 +1,9 @@
 module.exports = {
 
-    'secret': process.env.SECRET,
-    'database': process.env.MONGO_DSN,
+    /*'secret': process.env.SECRET,
+    'database': process.env.MONGO_DSN,*/
+    'secret': 'secretfortoken',
+    'database': 'mongodb://localhost/comunalcar',
     "port" : process.env.PORT || 3000
 
 };
diff --git a/controllers/travelController.js b/controllers/travelController.js
index daaed42..1baaebb 100644
--- a/controllers/travelController.js
+++ b/controllers/travelController.js
@@ -47,9 +47,7 @@ exports.findAllTravelsFromUsername = function(req, res) {
 };
 
 exports.addTravel = function(req, res) {
-	console.log('POST new travel, content: ' + req.body.content);
-	console.log(req.body);
-
+	console.log('POST new travel, title: ' + req.body.title);
 	var travel = new travelModel({
 		title: req.body.title,
 	    description:   req.body.description,
diff --git a/controllers/userController.js b/controllers/userController.js
index e9ef907..9846848 100644
--- a/controllers/userController.js
+++ b/controllers/userController.js
@@ -15,6 +15,13 @@ exports.findAllUsers = function(req, res) {
 	userModel.find(function(err, users) {
     if(err) res.send(500, err.message);
 
+	//password deletion
+	for(var i=0; i<users.length; i++)
+	{
+		users[i].password="";
+		console.log(users[i].password);
+	}
+
     console.log('GET /users');
 		res.status(200).jsonp(users);
 	});
@@ -26,6 +33,9 @@ exports.findById = function(req, res) {
     if(err) return res.send(500, err.message);
 
     console.log('GET /users/' + req.params.id);
+	//password deletion
+
+		user.password="";
 		res.status(200).jsonp(user);
 	});
 };
@@ -40,9 +50,10 @@ exports.findUserByUsername = function(req, res) {
       if (!user) {
         res.json({ success: false, message: 'no user found' });
     } else if (user) {
-        console.log(user);
           // return the information including token as JSON
           //res.jsonp(user);
+		  user.password="";
+          console.log(user);
 	  		res.status(200).jsonp(user[0]);
 
 
@@ -85,6 +96,7 @@ exports.updateUser = function(req, res) {
 
 		user.save(function(err) {
 			if(err) return res.send(500, err.message);
+			user.password="";
       	res.status(200).jsonp(user);
 		});
 	});
diff --git a/package.json b/package.json
index 5c5da62..48d6fa8 100644
--- a/package.json
+++ b/package.json
@@ -4,14 +4,14 @@
   "description": "comunalCar, carsharing",
   "main": "server.js",
   "scripts": {
-    "start": "node server.js"  
+    "start": "node server.js"
   },
   "dependencies": {
-      "mongoose": "^4.5.6",
-      "express": "^4.7.1",
-      "method-override": "^2.1.2",
-      "body-parser": "^1.5.1",
-      "jsonwebtoken" : "latest",
-      "morgan" : "latest"
+    "body-parser": "latest",
+    "express": "^4.7.1",
+    "jsonwebtoken": "latest",
+    "method-override": "^2.1.2",
+    "mongoose": "latest",
+    "morgan": "latest"
   }
 }
diff --git a/server.js b/server.js
index 2ba4a27..62099d6 100755
--- a/server.js
+++ b/server.js
@@ -9,7 +9,7 @@ var morgan      = require('morgan');
 var jwt    = require('jsonwebtoken'); // used to create, sign, and verify tokens
 var config = require('./config'); // get our config file
 
-
+mongoose.Promise = global.Promise;
 // Connection to DB
 mongoose.connect(config.database, function(err, res) {
   if(err) throw err;
@@ -45,7 +45,7 @@ app.use(express.static(__dirname + '/web'));
 app.use(function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
-  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Access-Token");
   next();
 });
 
@@ -88,6 +88,7 @@ apiRoutes.use(function(req, res, next) {
       } else {
         // if everything is good, save to request for use in other routes
         req.decoded = decoded;
+        //console.log("decoded " + decoded);
         next();
       }
     });