171dc2c2d0fb816ef684bbfcd3e49c10acd43819
1 var db
= require("../utils/database");
2 var maild
= require("../utils/mailer.js");
3 var TokenGen
= require("../utils/tokenGenerator");
4 var params
= require("../config/parameters");
11 * loginToken: token on server only
12 * loginTime: datetime (validity)
13 * sessionToken: token in cookies for authentication
14 * notify: boolean (send email notifications for corr games)
17 // TODO: consider sanitizing http://www.unixwiz.net/techtips/sql-injection.html
18 // But parameters are supposed to already be cleaned (in controller).
21 exports
.create = function(name
, email
, notify
, callback
)
23 db
.serialize(function() {
25 "INSERT INTO Users " +
26 "(name, email, notify) VALUES " +
27 "('" + name
+ "', '" + email
+ "', " + notify
+ ")";
28 db
.run(insertQuery
, err
=> {
31 db
.get("SELECT last_insert_rowid() AS rowid", callback
);
36 // Find one user (by id, name, email, or token)
37 exports
.getOne = function(by
, value
, cb
)
39 const delimiter
= (typeof value
=== "string" ? "'" : "");
40 db
.serialize(function() {
44 "WHERE " + by
+ " = " + delimiter
+ value
+ delimiter
;
52 exports
.setLoginToken = function(token
, uid
, cb
)
54 db
.serialize(function() {
57 "SET loginToken = '" + token
+ "', loginTime = " + Date
.now() + " " +
63 // Set session token only if empty (first login)
64 // TODO: weaker security (but avoid to re-login everywhere after each logout)
65 exports
.trySetSessionToken = function(uid
, cb
)
67 // Also empty the login token to invalidate future attempts
68 db
.serialize(function() {
69 const querySessionToken
=
70 "SELECT sessionToken " +
73 db
.get(querySessionToken
, (err
,ret
) => {
76 const token
= ret
.sessionToken
|| TokenGen
.generate(params
.token
.length
);
79 "SET loginToken = NULL" +
80 (!ret
.sessionToken
? (", sessionToken = '" + token
+ "'") : "") + " " +
88 exports
.updateSettings = function(user
, cb
)
90 db
.serialize(function() {
93 "SET name = '" + user
.name
+ "'" +
94 ", email = '" + user
.email
+ "'" +
95 ", notify = " + user
.notify
+ " " +
96 "WHERE id = " + user
.id
;