First Commit FreePlanet_ServerSide

2018-12-24 20:31:02 +01:00
commit e39a6d714f
24 changed files with 6844 additions and 0 deletions
--- a/.directory
+++ b/.directory
@@ -0,0 +1,6 @@
+[Dolphin]
+Timestamp=2018,10,26,14,54,10
+Version=4
+
+[Settings]
+HiddenFilesShown=true
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
+node_modules/
+.env.test
+.env.development
+ESEMPI/
+.idea
--- a/emails/registration/en/html.pug
+++ b/emails/registration/en/html.pug
@@ -0,0 +1,10 @@
+p Welcome #{user} to the portal #{nomeapp}!
+p Your access data to remember are:
+span Username:&nbsp;
+    strong #{user}<br>
+span Forgot your Password? :&nbsp;
+    strong  <a href=#{forgetpwd} target="_blank">Find it here</a><br>
+span Email:&nbsp;
+    strong #{emailto}<br>
+p To confirm registration <a href=#{strlinkreg} target="_blank">Click Here</a>
+p You could enter to the site and Login.
--- a/emails/registration/en/subject.pug
+++ b/emails/registration/en/subject.pug
@@ -0,0 +1 @@
+=`Confirm Registration to ${nomeapp}`
--- a/emails/registration/it/html.pug
+++ b/emails/registration/it/html.pug
@@ -0,0 +1,10 @@
+p Benvenuto #{user} nel portale di #{nomeapp}!
+p I tuoi dati di accesso da ricordare sono:
+span Username:&nbsp;
+    strong  #{user}<br>
+span hai dimenticato la Password? :&nbsp;
+    strong  <a href=#{forgetpwd} target="_blank">Trovala qui</a><br>
+span Email:&nbsp;
+    strong  #{emailto}<br>
+p Per confermare la registrazione <a href=#{strlinkreg} target="_blank">Clicca qui per confermare</a>
+p Potrai cosi' accedere al sito digitando i tuoi dati di accesso.
--- a/emails/registration/it/subject.pug
+++ b/emails/registration/it/subject.pug
@@ -0,0 +1 @@
+=`Confermare la Registrazione a ${nomeapp}`
--- a/emails/resetpwd/en/html.pug
+++ b/emails/resetpwd/en/html.pug
@@ -0,0 +1,9 @@
+p Hi #{user},
+p #{nomeapp} recently received a request for a forgotten password.
+
+p To change your #{nomeapp} password, please click on this <a href=#{strlinksetpassword} target="_blank">Click Here</a>.
+p If you did not request this change, you do not need to do anything.
+p This link will expire in 4 hours.
+
+p Thanks,
+p #{nomeapp} Support
--- a/emails/resetpwd/en/subject.pug
+++ b/emails/resetpwd/en/subject.pug
@@ -0,0 +1 @@
+=`Forgotten password request`
--- a/emails/resetpwd/it/html.pug
+++ b/emails/resetpwd/it/html.pug
@@ -0,0 +1,11 @@
+p Ciao #{user},
+p #{nomeapp} recentemente ha ricevuto una richiesta per una password dimenticata.
+
+p Per
+ strong cambiare la tua password
+    span di #{nomeapp}, <a href=#{strlinksetpassword} target="_blank">Clicca qui</a>.
+p Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
+p Questo link scadrà tra 4 ore.<br>
+
+p Cordiali Saluti
+p Supporto #{nomeapp}
--- a/emails/resetpwd/it/subject.pug
+++ b/emails/resetpwd/it/subject.pug
@@ -0,0 +1 @@
+=`Richiesta password dimenticata`
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -0,0 +1,45 @@
+{
+  "name": "freeplanet-serverside",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "nodemon server/server.js",
+    "test": "export NODE_ENV=test || SET NODE_ENV=test && mocha server/**/*.test.js",
+    "start:prod": "NODE_ENV=production node server/server.js",
+    "test-watch": "nodemon --exec 'npm test'"
+  },
+  "engines": {
+    "node": "6.2.2"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "bcrypt": "^3.0.2",
+    "body-parser": "^1.15.2",
+    "cors": "^2.8.4",
+    "crypto-js": "^3.1.6",
+    "dotenv": "^6.1.0",
+    "ejs": "^2.6.1",
+    "email-templates": "^5.0.1",
+    "express": "^4.14.0",
+    "i18n": "^0.8.3",
+    "js-md5": "^0.7.3",
+    "jsonwebtoken": "^7.1.9",
+    "lodash": "^4.15.0",
+    "mongodb": "^2.2.5",
+    "mongoose": "^4.5.9",
+    "node-pre-gyp": "^0.11.0",
+    "nodemailer": "^4.6.8",
+    "preview-email": "0.0.8",
+    "pug": "^2.0.3",
+    "validator": "^5.6.0",
+    "xoauth2": "^1.2.0"
+  },
+  "devDependencies": {
+    "expect": "^1.20.2",
+    "mocha": "^3.0.2",
+    "nodemon": "^1.18.7",
+    "supertest": "^2.0.0"
+  }
+}
--- a/server/config/config.js
+++ b/server/config/config.js
@@ -0,0 +1,20 @@
+// still in app.js
+const node_env = process.env.NODE_ENV || 'development';
+var file = `.env.${node_env}`;
+
+// GLOBALI (Uguali per TUTTI)
+process.env.LINKVERIF_REG = '/vreg';
+process.env.LINK_REQUEST_NEWPASSWORD = '/requestnewpwd';
+process.env.LINK_UPDATE_PASSWORD = '/updatepwd';
+process.env.NOME_APP1 = 'FreePlanet';
+process.env.KEY_APP_ID='KKPPAA5KJK435J3KSS9F9D8S9F8SD98F9SDF';
+
+
+process.env.SEND_EMAIL = '1';
+
+console.log("FILE : " + file);
+require('dotenv').config({path: file});
+
+process.env.DATABASE = process.env.DATABASE || 'FreePlanet';
+
+process.env.MONGODB_URI = process.env.DOMAIN + process.env.DATABASE;
--- a/server/db/mongoose.js
+++ b/server/db/mongoose.js
@@ -0,0 +1,10 @@
+var mongoose = require('mongoose');
+
+mongoose.Promise = global.Promise;
+mongoose.connect(process.env.MONGODB_URI, { useMongoClient: true, promiseLibrary: require('bluebird') })
+  .then(() =>
+    console.log('connection succesful ' + process.env.MONGODB_URI + ' db: ' + process.env.DATABASE)
+  )
+  .catch((err) => console.error(err));
+
+module.exports = {mongoose};
--- a/server/locales/en.json
+++ b/server/locales/en.json
@@ -0,0 +1,7 @@
+{
+  "L'Email è già stata Verificata.": "Email was already verified",
+  "Email Verificata!": "Email Verified!",
+
+
+  "a": "a"
+}
--- a/server/locales/it.json
+++ b/server/locales/it.json
@@ -0,0 +1,6 @@
+{
+  "L'Email è già stata Verificata.": "L'Email è già stata Verificata.",
+  "Email Verificata!": "Email Verificata!",
+
+  "a": "a"
+}
--- a/server/middleware/authenticate.js
+++ b/server/middleware/authenticate.js
@@ -0,0 +1,21 @@
+var {User} = require('./../models/user');
+
+var authenticate = (req, res, next) => {
+  var token = req.header('x-auth');
+
+  console.log("TOKEN = " + token);
+
+  User.findByToken(token).then((user) => {
+    if (!user) {
+      return Promise.reject();
+    }
+
+    req.user = user;
+    req.token = token;
+    next();
+  }).catch((e) => {
+    res.status(401).send();
+  });
+};
+
+module.exports = {authenticate};
--- a/server/models/todo.js
+++ b/server/models/todo.js
@@ -0,0 +1,20 @@
+var mongoose = require('mongoose');
+
+var Todo = mongoose.model('Todo', {
+  text: {
+    type: String,
+    required: true,
+    minlength: 1,
+    trim: true
+  },
+  completed: {
+    type: Boolean,
+    default: false
+  },
+  completedAt: {
+    type: Number,
+    default: null
+  }
+});
+
+module.exports = {Todo};
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -0,0 +1,218 @@
+
+var bcrypt = require('bcrypt');
+
+const mongoose = require('mongoose');
+const validator = require('validator');
+const jwt = require('jsonwebtoken');
+const _ = require('lodash');
+
+
+var UserSchema = new mongoose.Schema({
+  email: {
+    type: String,
+    required: true,
+    trim: true,
+    minlength: 1,
+    unique: true,
+    validate: {
+      validator: validator.isEmail,
+      message: '{VALUE} is not a valid email'
+    }
+  },
+  idapp: {
+    type: Number,
+    required: true,
+  },
+  username: {
+    type: String,
+    required: true,
+    trim: true,
+    minlength: 6,
+    unique: true,
+  },
+  password: {
+    type: String,
+    require: true,
+    minlength: 6,
+  },
+  lang: {
+    type: String,
+    require: true,
+  },
+  linkreg: {
+    type: String,
+    required: true
+  },
+  verified_email: {
+    type: Boolean,
+  },
+  tokens: [{
+    access: {
+      type: String,
+      required: true
+    },
+    token: {
+      type: String,
+      required: true
+    }
+  }],
+  date_tokenforgot: {
+    type: Date
+  },
+  tokenforgot: {
+    type: String,
+  },
+
+});
+
+UserSchema.methods.toJSON = function () {
+  var user = this;
+  var userObject = user.toObject();
+
+  return _.pick(userObject, ['_id', 'email', 'verified_email', 'username']);
+};
+
+UserSchema.methods.generateAuthToken = function () {
+  console.log("GENERA TOKEN : ");
+  var user = this;
+  var access = 'auth';
+  var token = jwt.sign({_id: user._id.toHexString(), access}, process.env.SIGNCODE).toString();
+
+  // CANCELLA I PRECEDENTI !
+  user.tokens = [];
+  user.tokens.push({access, token});
+
+  return user.save().then(() => {
+    //console.log("TOKEN USCITA : " + token)
+    return token;
+  });
+};
+
+UserSchema.statics.findByToken = function (token) {
+  var User = this;
+  var decoded;
+
+  try {
+    decoded = jwt.verify(token, process.env.SIGNCODE);
+  } catch (e) {
+    return Promise.reject();
+  }
+
+  return User.findOne({
+    '_id': decoded._id,
+    'tokens.token': token,
+    'tokens.access': 'auth'
+  });
+};
+
+UserSchema.statics.findByCredentials = function (username, password) {
+  var User = this;
+  var pwd = "";
+
+  return User.findOne({username: username}).then((user) => {
+    if (!user) {
+      return null;
+    }
+    pwd = user.password;
+
+    return new Promise((resolve, reject) => {
+      // Use bcrypt.compare to compare password and user.password
+      console.log("pwd1 " + password);
+      console.log("pwd2 " + pwd);
+      bcrypt.compare(password, pwd, (err, res) => {
+        if (res) {
+          resolve(user);
+        } else {
+          return resolve(null);
+        }
+      });
+    });
+  });
+};
+
+
+
+UserSchema.statics.findByUsername = function (username) {
+  var User = this;
+
+  return User.findOne({
+    'username': username,
+  });
+};
+
+UserSchema.statics.findByLinkreg = function (idapp, linkreg) {
+  var User = this;
+
+  return User.findOne({
+    'linkreg': linkreg,
+    'idapp': idapp,
+  });
+};
+
+UserSchema.statics.findByLinkTokenforgot = function (idapp, email, tokenforgot) {
+  var User = this;
+
+  return User.findOne({
+    'email': email,
+    'tokenforgot': tokenforgot,
+    'date_tokenforgot': { $gte: new Date(ISODate().getTime() - 1000 * 60 * 60 * 4) } ,  // 4 ore fa!
+    'idapp': idapp,
+  });
+};
+
+
+UserSchema.statics.findByEmail = function (email) {
+  var User = this;
+
+  return User.findOne({
+    'email': email,
+  });
+};
+
+UserSchema.pre('save', function (next) {
+  var user = this;
+
+  /*
+  if (user.isModified('password')) {
+    bcrypt.genSalt(10, (err, salt) => {
+      bcrypt.hash(user.password, salt, (err, hash) => {
+        user.password = hash;
+        next();
+      });
+    });
+  } else {
+    next();
+  }
+  */
+  next();
+});
+
+UserSchema.methods.removeToken = function (token) {
+  var user = this;
+
+  return user.update({
+    $pull: {
+      tokens: {token}
+    }
+  });
+};
+
+
+var User = mongoose.model('User', UserSchema);
+
+class Hero {
+  constructor(name, level) {
+    this.name = name;
+    this.level = level;
+  }
+
+  // Adding a method to the constructor
+  greet() {
+    return `${this.name} says hello.`;
+  }
+}
+
+
+module.exports = {User, Hero};
+
+
--- a/server/reg/registration.js
+++ b/server/reg/registration.js
@@ -0,0 +1,18 @@
+const jwt = require('jsonwebtoken');
+
+function toHexString(bytes) {
+  return Array.from(bytes, byte =>
+    ("00" + (byte & 0xFF).toString(16)).slice(-2)
+  ).join('');
+}
+
+module.exports = {
+  getlinkregByEmail: function (email, username) {
+    try{
+      mystr = email + username;
+    return jwt.sign(toHexString(mystr), process.env.SIGNCODE).toString();
+    } catch (e) {
+      console.error(e);
+    }
+  },
+};
--- a/server/sendemail.js
+++ b/server/sendemail.js
@@ -0,0 +1,135 @@
+var tools = require('./tools/general');
+
+const Email = require('email-templates');
+
+var i18n = require("i18n");
+
+
+const previewEmail = require('preview-email');
+var nodemailer = require("nodemailer");
+
+const transport_preview = nodemailer.createTransport({
+  jsonTransport: true
+});
+
+// create reusable transport method (opens pool of SMTP connections)
+var smtpTransport = nodemailer.createTransport({
+  service: 'Gmail',
+  auth: {
+    user: process.env.EMAIL_FROM,
+    pass: process.env.EMAIL_PW
+  }
+});
+
+function checkifSendEmail() {
+  //return process.env.SEND_EMAIL === "1";
+  return false;
+}
+
+module.exports = {
+  sendEmail_base: function (template, username, to, mylocalsconf) {
+
+    console.log("check EMAIL :" + checkifSendEmail());
+
+    const email = new Email({
+      message: {
+        from: process.env.EMAIL_FROM, // sender address
+      },
+      send: checkifSendEmail(),
+      preview: !checkifSendEmail(),
+      transport: {
+        service: 'Gmail',
+        auth: {
+          user: process.env.EMAIL_FROM,
+          pass: process.env.EMAIL_PW
+        }
+      },
+    });
+
+    email
+      .send({
+        template: template,
+        message: {
+          to: to,
+        },
+        locals: mylocalsconf,
+      })
+      .then(console.log)
+      .catch(console.error);
+  },
+  sendEmail_Normale: function (username, to, subject, html) {
+
+    // setup e-mail data with unicode symbols
+    var mailOptions = {
+      from: process.env.EMAIL_FROM, // sender address
+      to: to,
+      generateTextFromHTML: true,
+      subject: subject,
+      html: html,
+    };
+
+    if (process.env.SEND_EMAIL === 1) {
+      console.log("SEND EMAIL smtpTransport");
+// send mail with defined transport object
+      smtpTransport.sendMail(mailOptions, function (error, response) {
+        if (error) {
+          console.log(error);
+        } else {
+          console.log("Message sent: " + response);
+        }
+      });
+    } else {
+      if (process.env.PROVA_EMAIL_TEMPLATE !== "1")
+        previewEmail(mailOptions).then(console.log).catch(console.error);
+      else
+        transport_preview.sendMail(mailOptions).then(console.log).catch(console.error);
+    }
+  },
+  getHostByIdApp: function (idapp) {
+    if (idapp === 1) {
+      return process.env.URLBASE_APP1 + ':' + process.env.PORT_APP1;
+    }else{
+      return ""
+    }
+  },
+  getNomeAppByIdApp: function (idapp) {
+    if (idapp === 1) {
+      return process.env.NOME_APP1;
+    }
+  },
+  getlinkReg: function (idapp, idreg) {
+    strlinkreg = this.getHostByIdApp(idapp) + "/#" + process.env.LINKVERIF_REG + `?idapp=${idapp}&idlink=${idreg}`;
+    return strlinkreg;
+  },
+  getlinkRequestNewPassword: function (idapp, user, tokenforgot) {
+    strlinkreg = this.getHostByIdApp(idapp) + "/#" + process.env.LINK_REQUEST_NEWPASSWORD + `?idapp=${idapp}&username=${user}&=tokenforgot=${tokenforgot}`;
+    return strlinkreg;
+  },
+  sendEmail_Registration: function (lang, emailto, user, idapp, idreg) {
+
+    mylocalsconf = {
+      locale: lang,
+      nomeapp: this.getNomeAppByIdApp(idapp),
+      strlinkreg: this.getlinkReg(idapp, idreg),
+      user: user,
+      forgetpwd: "",
+      emailto: emailto,
+    };
+
+    this.sendEmail_base('registration/' + lang, user, emailto, mylocalsconf);
+  },
+  sendEmail_RequestNewPassword: function (lang, emailto, idapp, tokenforgot) {
+
+    mylocalsconf = {
+      locale: lang,
+      nomeapp: this.getNomeAppByIdApp(idapp),
+      user: user,
+      strlinksetpassword: this.getlinkRequestNewPassword(idapp, user, tokenforgot),
+      emailto: emailto,
+    };
+
+    this.sendEmail_base('resetpwd/' + lang, user, emailto, mylocalsconf);
+  },
+
+};
+
--- a/server/server.js
+++ b/server/server.js
@@ -0,0 +1,281 @@
+require('./config/config');
+
+const _ = require('lodash');
+const cors = require('cors');
+var express = require('express'),
+  i18n = require("i18n");
+
+
+console.log("DB: " + process.env.DATABASE);
+console.log("PORT: " + process.env.PORT);
+console.log("MONGODB_URI: " + process.env.MONGODB_URI);
+
+const bodyParser = require('body-parser');
+const {ObjectID} = require('mongodb');
+
+var {mongoose} = require('./db/mongoose');
+var {Todo} = require('./models/todo');
+var {User} = require('./models/user');
+var {authenticate} = require('./middleware/authenticate');
+
+var sendemail = require('./sendemail');
+var reg = require('./reg/registration');
+var tools = require('./tools/general');
+var server_constants = require('./tools/server_constants');
+
+var app = express();
+
+var bcrypt = require('bcrypt');
+
+i18n.configure({
+  locales: ['it', 'en'],
+  directory: __dirname + '/locales'
+});
+
+
+app.use(cors({
+  exposedHeaders: ['x-auth'],
+}));
+
+const port = process.env.PORT;
+
+app.use(bodyParser.json());
+
+app.use(i18n.init);
+
+function getlang(res) {
+  return res.locale;
+}
+
+app.post(process.env.LINKVERIF_REG, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'idlink']);
+  var idapp = body.idapp;
+  var idlink = body.idlink;
+  console.log("POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink);
+
+  // Cerco l'idlink se è ancora da Verificare
+
+  User.findByLinkreg(idapp, idlink).then((user) => {
+    if (!user) {
+      //console.log("NON TROVATO!");
+      return res.status(404).send();
+    } else {
+      if (user.verified_email) {
+        res.send({
+          code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED,
+          msg: res.__("L'Email è già stata Verificata.")
+        });
+      } else {
+        user.verified_email = true;
+        user.save().then(() => {
+          //console.log("TROVATOOOOOO!");
+          res.send({code: server_constants.RIS_CODE_EMAIL_VERIFIED, msg: res.__('Email Verificata!')});
+        });
+      }
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+  });
+
+});
+
+
+
+// Faccio richiesta di una Nuova Password
+app.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'email']);
+  var idapp = body.idapp;
+  var email = body.email;
+  console.log("POST " + process.env.LINK_REQUEST_NEWPASSWORD + " idapp= " + idapp + " email = " + email);
+
+  User.findByEmail(idapp, email).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    } else {
+      // Creo il tokenforgot
+      user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).toString();
+      user.date_tokenforgot = new Date();
+      user.save().then(() => {
+        sendemail.sendEmail_RequestNewPassword(getlang(res), user.email, user.idapp, user.tokenforgot);
+        res.send({code: server_constants.RIS_CODE_OK, msg: ''});
+      });
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+    res.send({code: server_constants.RIS_CODE_ERR, msg: e});
+  });
+
+});
+
+// Invio la Nuova Password richiesta dal reset!
+// Ritorna il token per poter effettuare le chiamate...
+app.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']);
+  var idapp = body.idapp;
+  var email = body.email;
+  var tokenforgot = body.tokenforgot;
+  var password = body.password;
+  console.log("POST " + process.env.LINK_UPDATE_PASSWORD + " idapp= " + idapp + " email = " + email + " tokenforgot = " + tokenforgot);
+
+  User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    } else {
+      // aggiorna la nuova password
+      user.password = password;
+
+      // Crea token
+      token = user.generateAuthToken();
+
+      user.tokenforgot = '';  // Svuota il tokenforgot perché non ti servirà più...
+
+      // Salva lo User
+      user.save().then(() => {
+        res.header('x-auth', token).send(user);   // Ritorna il token di ritorno
+      });
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+  });
+
+});
+
+// POST /users
+app.post('/users', (req, res) => {
+  console.log("POST /users");
+  var body = _.pick(req.body, ['email', 'password', 'username', 'idapp', 'keyappid', 'lang']);
+  var user = new User(body);
+
+  console.log("LANG PASSATO = " + user.lang);
+  console.log("IDAPP = " + user.idapp);
+
+  user.linkreg = reg.getlinkregByEmail(body.email, body.username);
+  user.verified_email = false;
+
+  user.save().then(() => {
+    User.findByUsername(user.username)
+      .then((usertrovato) => {
+        //console.log("USERNAME : " + user.username);
+        //console.log("TROVATO USERNAME ? " + usertrovato);
+        if (usertrovato !== null) {
+          //console.log("Non esiste ancora");
+          // Non esiste ancora, allora genero il TOKEN !
+          return user.generateAuthToken();
+        } else {
+          //console.log("Esiste già! Quindi non creo lo user.");
+          // Esiste già! Quindi non creo lo user.
+          res.status(11100).send();
+          return 0;
+        }
+      }).then((token) => {
+      // passo il token in x-auth
+      //console.log("USER");
+      //console.log(user);
+      console.log("TOKEN: ");
+      console.log(token);
+      res.header('x-auth', token).send(user);
+
+      console.log("LINKREG = " + user.linkreg);
+      // Invia un'email all'utente
+      sendemail.sendEmail_Registration(getlang(res), user.email, user.username, user.idapp, user.linkreg);
+    });
+  }).catch((e) => {
+    res.status(400).send(e);
+  })
+});
+
+app.get('/users/:username', (req, res) => {
+  var username = req.params.username;
+
+  User.findByUsername(username).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    }
+    res.status(200).send();
+  }).catch((e) => {
+    res.status(400).send();
+  });
+});
+
+app.get('/email/:email', (req, res) => {
+  var email = req.params.email;
+
+  User.findByEmail(email).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    }
+    res.status(200).send();
+  }).catch((e) => {
+    res.status(400).send();
+  });
+});
+
+app.post('/users/login', (req, res) => {
+  var body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']);
+  var user = new User(body);
+
+  console.log("user: " + user.username + " pwd = " + user.password);
+
+  if (body.keyappid !== process.env.KEY_APP_ID)
+    // Se non faccio la richesa con la IDAPP giusta, allora esco!
+    return res.status(400).send();
+
+
+  User.findByCredentials(user.username, user.password)
+    .then((user) => {
+      console.log("CREDENZIALI ! ");
+      if (!user) {
+        console.log("NOT FOUND !");
+        res.status(404).send({code: server_constants.RIS_CODE_LOGIN_ERR});
+      } else {
+        return user.generateAuthToken().then((token) => {
+          var usertosend = User();
+          usertosend.username = user.username;
+          usertosend.email = user.email;
+          usertosend._id = user._id;
+          usertosend.verified_email = user.verified_email;
+          console.log("user.verified_email:" + user.verified_email);
+
+          console.log("usertosend:");
+          console.log(usertosend);
+          res.header('x-auth', token).send(usertosend);
+          console.log("TROVATOOO!");
+        });
+      }
+    }).catch((e) => {
+      console.log("ERR: " + e);
+      res.status(400).send({code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC});
+  });
+});
+
+app.delete('/users/me/token', authenticate, (req, res) => {
+  console.log("TOKENREM = " + req.token);
+  req.user.removeToken(req.token).then(() => {
+    res.status(200).send();
+  }, () => {
+    res.status(400).send();
+  });
+});
+
+app.listen(port, () => {
+  console.log(`Server started at port ${port}`);
+});
+
+module.exports = {app};
+
+if (process.env.TEST_ATTIVO) {
+  eseguitest();
+}
+
+function eseguitest() {
+
+  if (true){
+    console.log("ESEGUI I TEST:");
+    console.log("linkreg = " + sendemail.getlinkReg(1, "myusername"));
+  }
+
+  //sendemail.sendEmail_Registration("en", "paolo.arena77@gmail.com", "paoloar77", "miapwd", 1, "http://provalink.com");
+}
--- a/server/tools/general.js
+++ b/server/tools/general.js
@@ -0,0 +1,7 @@
+var os = require("os");
+
+module.exports = {
+  getHostname: function () {
+    return os.hostname()
+  }
+};
--- a/server/tools/server_constants.js
+++ b/server/tools/server_constants.js
@@ -0,0 +1,10 @@
+module.exports = Object.freeze({
+  RIS_CODE_ERR: -99,
+  RIS_CODE_EMAIL_ALREADY_VERIFIED: -5,
+  RIS_CODE_EMAIL_VERIFIED: 1,
+  RIS_CODE_OK: 1,
+
+  RIS_CODE_LOGIN_ERR_GENERIC: -20,
+  RIS_CODE_LOGIN_ERR: -10,
+  RIS_CODE_LOGIN_OK: 1,
+});