[
  {
    "path": ".gitignore",
    "content": ".DS_Store\nnode_modules\n"
  },
  {
    "path": ".jshintrc",
    "content": "{\n  \"node\": true,\n  \"esnext\": true,\n  \"bitwise\": true,\n  \"curly\": true,\n  \"eqeqeq\": true,\n  \"immed\": true,\n  \"indent\": 2,\n  \"latedef\": true,\n  \"newcap\": true,\n  \"noarg\": true,\n  \"quotmark\": \"single\",\n  \"regexp\": true,\n  \"undef\": true,\n  \"strict\": false,\n  \"smarttabs\": true,\n  \"expr\": true,\n\n\n  \"evil\": true,\n  \"browser\": true,\n  \"regexdash\": true,\n  \"wsh\": true,\n  \"trailing\": true,\n  \"sub\": true,\n  \"unused\": true,\n  \"laxcomma\": true,\n\n  \"globals\": {\n    \"after\": false,\n    \"before\": false,\n    \"afterEach\": false,\n    \"beforeEach\": false,\n    \"describe\": false,\n    \"it\": false,\n    \"angular\": false,\n    \"Auth0Widget\": false,\n    \"Auth0\": false\n  }\n}\n"
  },
  {
    "path": "LICENSE.txt",
    "content": "The MIT License (MIT)\n \nCopyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)\n \nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n \nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n \nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "## angular-token-auth\n\nExample of Token-based authentication in [AngularJS](http://angularjs.org) with [Express](http://expressjs.com). \n\n### Build and Run\n\nFirst, install dependencies using npm:\n\n```sh\nnpm install\n```\n\nRun the example:\n\n```sh\nnode auth.server.js\n```\n\nand go to [localhost:8080](http://localhost:8080).\n \n \n### More advanced scenarios?\n\nFor a complete example handling social providers, enterprise authentication with LDAP/Active Directory, and user/password, check out [Auth0 Angular integration](https://github.com/auth0/auth0-angular).\n\n## Issue Reporting\n\nIf you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n## Author\n\n[Auth0](auth0.com)\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n"
  },
  {
    "path": "auth.client.js",
    "content": "var myApp = angular.module('myApp', []);\n\n//this is used to parse the profile\nfunction url_base64_decode(str) {\n  var output = str.replace('-', '+').replace('_', '/');\n  switch (output.length % 4) {\n    case 0:\n      break;\n    case 2:\n      output += '==';\n      break;\n    case 3:\n      output += '=';\n      break;\n    default:\n      throw 'Illegal base64url string!';\n  }\n  return window.atob(output); //polifyll https://github.com/davidchambers/Base64.js\n}\n\nmyApp.controller('UserCtrl', function ($scope, $http, $window) {\n  $scope.user = {username: 'john.doe', password: 'foobar'};\n  $scope.isAuthenticated = false;\n  $scope.welcome = '';\n  $scope.message = '';\n\n  $scope.submit = function () {\n    $http\n      .post('/authenticate', $scope.user)\n      .success(function (data, status, headers, config) {\n        $window.sessionStorage.token = data.token;\n        $scope.isAuthenticated = true;\n        var encodedProfile = data.token.split('.')[1];\n        var profile = JSON.parse(url_base64_decode(encodedProfile));\n        $scope.welcome = 'Welcome ' + profile.first_name + ' ' + profile.last_name;\n      })\n      .error(function (data, status, headers, config) {\n        // Erase the token if the user fails to log in\n        delete $window.sessionStorage.token;\n        $scope.isAuthenticated = false;\n\n        // Handle login errors here\n        $scope.error = 'Error: Invalid user or password';\n        $scope.welcome = '';\n      });\n  };\n\n  $scope.logout = function () {\n    $scope.welcome = '';\n    $scope.message = '';\n    $scope.isAuthenticated = false;\n    delete $window.sessionStorage.token;\n  };\n\n  $scope.callRestricted = function () {\n    $http({url: '/api/restricted', method: 'GET'})\n    .success(function (data, status, headers, config) {\n      $scope.message = $scope.message + ' ' + data.name; // Should log 'foo'\n    })\n    .error(function (data, status, headers, config) {\n      alert(data);\n    });\n  };\n\n});\n\nmyApp.factory('authInterceptor', function ($rootScope, $q, $window) {\n  return {\n    request: function (config) {\n      config.headers = config.headers || {};\n      if ($window.sessionStorage.token) {\n        config.headers.Authorization = 'Bearer ' + $window.sessionStorage.token;\n      }\n      return config;\n    },\n    responseError: function (rejection) {\n      if (rejection.status === 401) {\n        // handle the case where the user is not authenticated\n      }\n      return $q.reject(rejection);\n    }\n  };\n});\n\nmyApp.config(function ($httpProvider) {\n  $httpProvider.interceptors.push('authInterceptor');\n});\n"
  },
  {
    "path": "auth.server.js",
    "content": "var express = require('express');\nvar bodyParser = require('body-parser');\n\nvar jwt = require('jsonwebtoken');  //https://npmjs.org/package/node-jsonwebtoken\nvar expressJwt = require('express-jwt'); //https://npmjs.org/package/express-jwt\n\n\nvar secret = 'this is the secret secret secret 12356';\n\nvar app = express();\n\n// We are going to protect /api routes with JWT\napp.use('/api', expressJwt({secret: secret}));\n\napp.use(bodyParser.json());\napp.use('/', express.static(__dirname + '/'));\n\napp.use(function(err, req, res, next){\n  if (err.constructor.name === 'UnauthorizedError') {\n    res.status(401).send('Unauthorized');\n  }\n});\n\napp.post('/authenticate', function (req, res) {\n  //TODO validate req.body.username and req.body.password\n  //if is invalid, return 401\n  if (!(req.body.username === 'john.doe' && req.body.password === 'foobar')) {\n    res.status(401).send('Wrong user or password');\n    return;\n  }\n\n  var profile = {\n    first_name: 'John',\n    last_name: 'Doe',\n    email: 'john@doe.com',\n    id: 123\n  };\n\n  // We are sending the profile inside the token\n  var token = jwt.sign(profile, secret, { expiresInMinutes: 60*5 });\n\n  res.json({ token: token });\n});\n\napp.get('/api/restricted', function (req, res) {\n  console.log('user ' + req.user.email + ' is calling /api/restricted');\n  res.json({\n    name: 'foo'\n  });\n});\n\napp.listen(8080, function () {\n  console.log('listening on http://localhost:8080');\n});\n"
  },
  {
    "path": "index.html",
    "content": "<!DOCTYPE html>\n<html>\n  <head>\n    <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\n    <title>Angular Authentication</title>\n    <script src=\"//ajax.googleapis.com/ajax/libs/angularjs/1.2.7/angular.min.js\"></script>\n    <script src=\"./auth.client.js\"></script>\n  </head>\n  <body ng-app=\"myApp\">\n    <div ng-controller=\"UserCtrl\">\n      <span ng-show=\"isAuthenticated\">{{welcome}}</span>\n      <form ng-show=\"!isAuthenticated\" ng-submit=\"submit()\">\n        <input ng-model=\"user.username\" type=\"text\" name=\"user\" placeholder=\"Username\" />\n        <input ng-model=\"user.password\" type=\"password\" name=\"pass\" placeholder=\"Password\" />\n        <input type=\"submit\" value=\"Login\" />\n      </form>\n      <div>{{error}}</div>\n      <div ng-show=\"isAuthenticated\">\n        <a ng-click=\"callRestricted()\" href=\"\">Shh, this is private!</a>\n        <br>\n        <div>{{message}}</div>\n        <a ng-click=\"logout()\" href=\"\">Logout</a>\n      </div>\n    </div>\n  </body>\n</html>\n"
  },
  {
    "path": "package.json",
    "content": "{\n  \"name\": \"angular-token-auth\",\n  \"version\": \"0.1.0\",\n  \"dependencies\": {\n    \"body-parser\": \"^1.9.0\",\n    \"express\": \"~4.9.0\",\n    \"express-jwt\": \"~0.2.1\",\n    \"jsonwebtoken\": \"~0.4.0\"\n  },\n  \"description\": \"Example of Token-based authentication in [AngularJS](http://angularjs.org) with [Express](http://expressjs.com).\",\n  \"main\": \"auth.server.js\",\n  \"devDependencies\": {},\n  \"scripts\": {\n    \"test\": \"echo \\\"Error: no test specified\\\" && exit 1\"\n  },\n  \"repository\": {\n    \"type\": \"git\",\n    \"url\": \"https://github.com/auth0/angular-token-auth.git\"\n  },\n  \"keywords\": [\n    \"angular\",\n    \"auth\",\n    \"jwt\",\n    \"express\"\n  ],\n  \"author\": \"\",\n  \"license\": \"MIT\",\n  \"bugs\": {\n    \"url\": \"https://github.com/auth0/angular-token-auth/issues\"\n  },\n  \"homepage\": \"https://github.com/auth0/angular-token-auth\"\n}\n"
  }
]