| 1 | let router = require("express").Router(); |
| 2 | const validator = require('../public/javascripts/utils/validation'); |
| 3 | const UserModel = require('../models/user'); |
| 4 | const UserEntity = require('../entities/user'); |
| 5 | const maild = require('../utils/mailer'); |
| 6 | const TokenGen = require("../utils/tokenGenerator"); |
| 7 | const access = require("../utils/access"); |
| 8 | const params = require("../config/parameters"); |
| 9 | |
| 10 | // to: object user |
| 11 | function sendLoginToken(subject, to, res) |
| 12 | { |
| 13 | // Set login token and send welcome(back) email with auth link |
| 14 | let token = TokenGen.generate(params.token.length); |
| 15 | UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => { |
| 16 | access.checkRequest(res, err, ret, "Cannot set login token", () => { |
| 17 | maild.send({ |
| 18 | from: params.mail.from, |
| 19 | to: to.email, |
| 20 | subject: subject, |
| 21 | body: "Hello " + to.initials + "!\n" + |
| 22 | "Access your account here: " + |
| 23 | params.siteURL + "/authenticate?token=" + token + "\\n" + |
| 24 | "Token will expire in " + params.token.expire/(1000*60) + " minutes." |
| 25 | }, err => { |
| 26 | res.json(err || {}); |
| 27 | }); |
| 28 | }); |
| 29 | }); |
| 30 | } |
| 31 | |
| 32 | router.get('/register', access.ajax, access.unlogged, (req,res) => { |
| 33 | let email = decodeURIComponent(req.query.email); |
| 34 | let name = decodeURIComponent(req.query.name); |
| 35 | const newUser = { |
| 36 | email: email, |
| 37 | name: name, |
| 38 | }; |
| 39 | let error = validator(newUser, "User"); |
| 40 | if (error.length > 0) |
| 41 | return res.json({errmsg:error}); |
| 42 | if (!UserModel.whitelistCheck(newUser.email)) |
| 43 | return res.json({errmsg: "Email not in whitelist"}); |
| 44 | UserEntity.getByEmail(newUser.email, (err,user0) => { |
| 45 | access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => { |
| 46 | UserModel.create(newUser, (err,user) => { |
| 47 | access.checkRequest(res, err, user, "Registration failed", () => { |
| 48 | user.ip = req.ip; |
| 49 | sendLoginToken("Welcome to " + params.siteURL, user, res); |
| 50 | }); |
| 51 | }); |
| 52 | }); |
| 53 | }); |
| 54 | }); |
| 55 | |
| 56 | // Login: |
| 57 | router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => { |
| 58 | let email = decodeURIComponent(req.query.email); |
| 59 | let error = validator({email:email}, "User"); |
| 60 | if (error.length > 0) |
| 61 | return res.json({errmsg:error}); |
| 62 | UserEntity.getByEmail(email, (err,user) => { |
| 63 | access.checkRequest(res, err, user, "Unknown user", () => { |
| 64 | user.ip = req.ip; |
| 65 | sendLoginToken("Token for " + params.siteURL, user, res); |
| 66 | }); |
| 67 | }); |
| 68 | }); |
| 69 | |
| 70 | // Authentication process, optionally with email changing: |
| 71 | router.get('/authenticate', access.unlogged, (req,res) => { |
| 72 | let loginToken = req.query.token; |
| 73 | let error = validator({token:loginToken}, "User"); |
| 74 | if (error.length > 0) |
| 75 | return res.json({errmsg:error}); |
| 76 | UserEntity.getByLoginToken(loginToken, (err,user) => { |
| 77 | access.checkRequest(res, err, user, "Invalid token", () => { |
| 78 | if (user.loginToken.ip != req.ip) |
| 79 | return res.json({errmsg: "IP address mismatch"}); |
| 80 | let now = new Date(); |
| 81 | let tsNow = now.getTime(); |
| 82 | // If token older than params.tokenExpire, do nothing |
| 83 | if (user.loginToken.timestamp + params.token.expire < tsNow) |
| 84 | return res.json({errmsg: "Token expired"}); |
| 85 | // Generate and update session token + destroy login token |
| 86 | let token = TokenGen.generate(params.token.length); |
| 87 | UserEntity.setSessionToken(token, user._id, (err,ret) => { |
| 88 | access.checkRequest(res, err, ret, "Authentication failed", () => { |
| 89 | // Set cookies and redirect to user main control panel |
| 90 | res.cookie("token", token, { |
| 91 | httpOnly: true, |
| 92 | maxAge: params.cookieExpire, |
| 93 | }); |
| 94 | res.cookie("initials", user.initials, { |
| 95 | httpOnly: true, |
| 96 | maxAge: params.cookieExpire, |
| 97 | }); |
| 98 | res.redirect("/" + user.initials); |
| 99 | }); |
| 100 | }); |
| 101 | }); |
| 102 | }); |
| 103 | }); |
| 104 | |
| 105 | router.get('/logout', access.logged, (req,res) => { |
| 106 | UserModel.logout(req.user._id, req.cookies.token, (err,ret) => { |
| 107 | access.checkRequest(res, err, ret, "Logout failed", () => { |
| 108 | res.clearCookie("initials"); |
| 109 | res.clearCookie("token"); |
| 110 | res.redirect('/'); |
| 111 | }); |
| 112 | }); |
| 113 | }); |
| 114 | |
| 115 | module.exports = router; |