Refactor endgame process, start working on game end (abort)
[vchess.git] / server / routes / users.js
CommitLineData
582df349
BA
1// AJAX methods to get, create, update or delete a user
2
8d7e2786
BA
3var router = require("express").Router();
4var UserModel = require('../models/User');
0bd5933d 5var sendEmail = require('../utils/mailer');
badeb466 6var genToken = require("../utils/tokenGenerator");
8d7e2786 7var access = require("../utils/access");
0bd5933d 8var params = require("../config/parameters");
8d7e2786 9
a7f9f050
BA
10router.get("/whoami", access.ajax, (req,res) => {
11 const callback = (user) => {
12 return res.json({
13 name: user.name,
14 email: user.email,
15 id: user.id,
16 notify: user.notify,
17 });
18 };
19 const anonymous = {name:"", email:"", id:0, notify:false};
a7f9f050
BA
20 if (!req.cookies.token)
21 return callback(anonymous);
22 UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
23 if (!!err || !user)
24 callback(anonymous);
25 else (!!user)
26 callback(user);
27 });
28});
29
c018b304 30// to: object user (to who we send an email)
8d7e2786
BA
31function setAndSendLoginToken(subject, to, res)
32{
33 // Set login token and send welcome(back) email with auth link
badeb466 34 const token = genToken(params.token.length);
c018b304
BA
35 UserModel.setLoginToken(token, to.id, err => {
36 if (!!err)
37 return res.json({errmsg: err.toString()});
38 const body =
39 "Hello " + to.name + "!\n" +
40 "Access your account here: " +
1aeed627 41 params.siteURL + "/#/authenticate/" + token + "\\n" +
c018b304
BA
42 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
43 sendEmail(params.mail.noreply, to.email, subject, body, err => {
deca03e8 44 res.json(err || {});
8d7e2786
BA
45 });
46 });
47}
48
8d7e2786 49router.post('/register', access.unlogged, access.ajax, (req,res) => {
8a477a7e
BA
50 const name = req.body.name;
51 const email = req.body.email;
52 const notify = !!req.body.notify;
98db2082 53 const error = UserModel.checkNameEmail({name: name, email: email});
8a477a7e 54 if (!!error)
8d7e2786 55 return res.json({errmsg: error});
c018b304
BA
56 UserModel.create(name, email, notify, (err,uid) => {
57 if (!!err)
58 return res.json({errmsg: err.toString()});
59 const user = {
60 id: uid["rowid"],
61 name: name,
62 email: email,
63 };
64 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
8d7e2786
BA
65 });
66});
67
8a477a7e
BA
68router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
69 const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
70 const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
98db2082 71 const error = UserModel.checkNameEmail({[type]: nameOrEmail});
8a477a7e 72 if (!!error)
8d7e2786 73 return res.json({errmsg: error});
8a477a7e 74 UserModel.getOne(type, nameOrEmail, (err,user) => {
8d7e2786
BA
75 access.checkRequest(res, err, user, "Unknown user", () => {
76 setAndSendLoginToken("Token for " + params.siteURL, user, res);
77 });
78 });
79});
80
1aeed627
BA
81router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
82 UserModel.getOne("loginToken", req.query.token, (err,user) => {
8d7e2786 83 access.checkRequest(res, err, user, "Invalid token", () => {
98f48579 84 // If token older than params.tokenExpire, do nothing
0bd5933d 85 if (Date.now() > user.loginTime + params.token.expire)
8d7e2786 86 return res.json({errmsg: "Token expired"});
0bd5933d 87 // Generate session token (if not exists) + destroy login token
c018b304 88 UserModel.trySetSessionToken(user.id, (err,token) => {
8d7e2786 89 if (!!err)
c018b304 90 return res.json({errmsg: err.toString()});
8d7e2786 91 // Set cookie
a7f9f050 92 res.cookie("token", token, {
8d7e2786 93 httpOnly: true,
c018b304
BA
94 secure: !!params.siteURL.match(/^https/),
95 maxAge: params.cookieExpire,
8d7e2786 96 });
a7f9f050
BA
97 res.json({
98 id: user.id,
99 name: user.name,
100 email: user.email,
101 notify: user.notify,
102 });
8d7e2786
BA
103 });
104 });
105 });
106});
107
c018b304
BA
108router.put('/update', access.logged, access.ajax, (req,res) => {
109 const name = req.body.name;
110 const email = req.body.email;
98db2082 111 const error = UserModel.checkNameEmail({name: name, email: email});
8a477a7e
BA
112 if (!!error)
113 return res.json({errmsg: error});
c018b304
BA
114 const user = {
115 id: req.userId,
116 name: name,
117 email: email,
118 notify: !!req.body.notify,
119 };
120 UserModel.updateSettings(user, err => {
121 res.json(err ? {errmsg: err.toString()} : {});
8d7e2786
BA
122 });
123});
124
1aeed627 125router.get('/logout', access.logged, access.ajax, (req,res) => {
0bd5933d 126 res.clearCookie("token");
1aeed627 127 res.json({});
8d7e2786
BA
128});
129
130module.exports = router;