[vchess.git] / server / models / User.js

const db = require("../utils/database");
const genToken = require("../utils/tokenGenerator");
const params = require("../config/parameters");
const sendEmail = require('../utils/mailer');
const { exec } = require("child_process");

/*
 * Structure:
 *   id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 *   created: datetime
 *   bio: text
 */

const UserModel = {

  checkNameEmail: function(o) {
    return (
      (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
      (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
    );
  },

  create: function(name, email, notify, cb) {
    db.serialize(function() {
      const query =
        "INSERT INTO Users " +
        "(name, email, notify, created) VALUES " +
        "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
      db.run(query, function(err) {
        cb(err, { id: this.lastID });
      });
    });
  },

  // Find one user by id, name, email, or token
  getOne: function(by, value, fields, cb) {
    const delimiter = (typeof value === "string" ? "'" : "");
    db.serialize(function() {
      const query =
        "SELECT " + fields + " " +
        "FROM Users " +
        "WHERE " + by + " = " + delimiter + value + delimiter;
      db.get(query, cb);
    });
  },

  getByIds: function(ids, cb) {
    db.serialize(function() {
      const query =
        "SELECT id, name " +
        "FROM Users " +
        "WHERE id IN (" + ids + ")";
      db.all(query, cb);
    });
  },

  getBio: function(id, cb) {
    db.serialize(function() {
      const query =
        "SELECT bio " +
        "FROM Users " +
        "WHERE id = " + id;
      db.get(query, cb);
    });
  },

  /////////
  // MODIFY

  setLoginToken: function(token, id) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
        "WHERE id = " + id;
      db.run(query);
    });
  },

  setBio: function(id, bio) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET bio = ? " +
        "WHERE id = " + id;
      db.run(query, bio);
    });
  },

  // Set session token only if empty (first login)
  // NOTE: weaker security (but avoid to re-login everywhere after each logout)
  // TODO: option would be to reset all tokens periodically (every 3 months?)
  trySetSessionToken: function(id, cb) {
    db.serialize(function() {
      let query =
        "SELECT sessionToken " +
        "FROM Users " +
        "WHERE id = " + id;
      db.get(query, (err, ret) => {
        const token = ret.sessionToken || genToken(params.token.length);
        const setSessionToken =
          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
        query =
          "UPDATE Users " +
          // Also empty the login token to invalidate future attempts
          "SET loginToken = NULL, loginTime = NULL " +
          setSessionToken + " " +
          "WHERE id = " + id;
        db.run(query);
        cb(token);
      });
    });
  },

  updateSettings: function(user) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET name = '" + user.name + "'" +
        ", email = '" + user.email + "'" +
        ", notify = " + user.notify + " " +
        "WHERE id = " + user.id;
      db.run(query);
    });
  },

  /////////////////
  // NOTIFICATIONS

  notify: function(user, message) {
    const subject = "vchess.club - notification";
    const body = "Hello " + user.name + " !" + `
` + message;
    sendEmail(params.mail.noreply, user.email, subject, body);
  },

  tryNotify: function(id, message) {
    UserModel.getOne("id", id, "name, email, notify", (err, user) => {
      if (!err && user.notify) UserModel.notify(user, message);
    });
  },

  ////////////
  // CLEANING

  cleanUsersDb: function() {
    const tsNow = Date.now();
    // 86400000 = 24 hours in milliseconds
    const day = 86400000;
    db.serialize(function() {
      const query =
        "SELECT id, sessionToken, created, name, email " +
        "FROM Users";
      db.all(query, (err, users) => {
        let toRemove = [];
        users.forEach(u => {
          // Remove users unlogged for > 24h
          if (!u.sessionToken && tsNow - u.created > day)
          {
            toRemove.push(u.id);
            UserModel.notify(
              u,
              "Your account has been deleted because " +
              "you didn't log in for 24h after registration"
            );
          }
        });
        if (toRemove.length > 0) {
          const remArg = toRemove.join(",");
          db.run(
            "DELETE FROM Users " +
            "WHERE id IN (" + remArg + ")"
          );
          // Update tournament DB:
          exec(params.tourneyPath + "/dbsync/delete_users.py " + remArg);
        }
      });
    });
  }

};

module.exports = UserModel;
Commit	Line	Data
	1	const db = require("../utils/database");
	2	const genToken = require("../utils/tokenGenerator");
	3	const params = require("../config/parameters");
	4	const sendEmail = require('../utils/mailer');
	5	const { exec } = require("child_process");
	6
	7	/*
	8	* Structure:
	9	* id: integer
	10	* name: varchar
	11	* email: varchar
	12	* loginToken: token on server only
	13	* loginTime: datetime (validity)
	14	* sessionToken: token in cookies for authentication
	15	* notify: boolean (send email notifications for corr games)
	16	* created: datetime
	17	* bio: text
	18	*/
	19
	20	const UserModel = {
	21
	22	checkNameEmail: function(o) {
	23	return (
	24	(!o.name \|\| !!(o.name.match(/^[\w-]+$/))) &&
	25	(!o.email \|\| !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
	26	);
	27	},
	28
	29	create: function(name, email, notify, cb) {
	30	db.serialize(function() {
	31	const query =
	32	"INSERT INTO Users " +
	33	"(name, email, notify, created) VALUES " +
	34	"('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
	35	db.run(query, function(err) {
	36	cb(err, { id: this.lastID });
	37	});
	38	});
	39	},
	40
	41	// Find one user by id, name, email, or token
	42	getOne: function(by, value, fields, cb) {
	43	const delimiter = (typeof value === "string" ? "'" : "");
	44	db.serialize(function() {
	45	const query =
	46	"SELECT " + fields + " " +
	47	"FROM Users " +
	48	"WHERE " + by + " = " + delimiter + value + delimiter;
	49	db.get(query, cb);
	50	});
	51	},
	52
	53	getByIds: function(ids, cb) {
	54	db.serialize(function() {
	55	const query =
	56	"SELECT id, name " +
	57	"FROM Users " +
	58	"WHERE id IN (" + ids + ")";
	59	db.all(query, cb);
	60	});
	61	},
	62
	63	getBio: function(id, cb) {
	64	db.serialize(function() {
	65	const query =
	66	"SELECT bio " +
	67	"FROM Users " +
	68	"WHERE id = " + id;
	69	db.get(query, cb);
	70	});
	71	},
	72
	73	/////////
	74	// MODIFY
	75
	76	setLoginToken: function(token, id) {
	77	db.serialize(function() {
	78	const query =
	79	"UPDATE Users " +
	80	"SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
	81	"WHERE id = " + id;
	82	db.run(query);
	83	});
	84	},
	85
	86	setBio: function(id, bio) {
	87	db.serialize(function() {
	88	const query =
	89	"UPDATE Users " +
	90	"SET bio = ? " +
	91	"WHERE id = " + id;
	92	db.run(query, bio);
	93	});
	94	},
	95
	96	// Set session token only if empty (first login)
	97	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
	98	// TODO: option would be to reset all tokens periodically (every 3 months?)
	99	trySetSessionToken: function(id, cb) {
	100	db.serialize(function() {
	101	let query =
	102	"SELECT sessionToken " +
	103	"FROM Users " +
	104	"WHERE id = " + id;
	105	db.get(query, (err, ret) => {
	106	const token = ret.sessionToken \|\| genToken(params.token.length);
	107	const setSessionToken =
	108	(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
	109	query =
	110	"UPDATE Users " +
	111	// Also empty the login token to invalidate future attempts
	112	"SET loginToken = NULL, loginTime = NULL " +
	113	setSessionToken + " " +
	114	"WHERE id = " + id;
	115	db.run(query);
	116	cb(token);
	117	});
	118	});
	119	},
	120
	121	updateSettings: function(user) {
	122	db.serialize(function() {
	123	const query =
	124	"UPDATE Users " +
	125	"SET name = '" + user.name + "'" +
	126	", email = '" + user.email + "'" +
	127	", notify = " + user.notify + " " +
	128	"WHERE id = " + user.id;
	129	db.run(query);
	130	});
	131	},
	132
	133	/////////////////
	134	// NOTIFICATIONS
	135
	136	notify: function(user, message) {
	137	const subject = "vchess.club - notification";
	138	const body = "Hello " + user.name + " !" + `
	139	` + message;
	140	sendEmail(params.mail.noreply, user.email, subject, body);
	141	},
	142
	143	tryNotify: function(id, message) {
	144	UserModel.getOne("id", id, "name, email, notify", (err, user) => {
	145	if (!err && user.notify) UserModel.notify(user, message);
	146	});
	147	},
	148
	149	////////////
	150	// CLEANING
	151
	152	cleanUsersDb: function() {
	153	const tsNow = Date.now();
	154	// 86400000 = 24 hours in milliseconds
	155	const day = 86400000;
	156	db.serialize(function() {
	157	const query =
	158	"SELECT id, sessionToken, created, name, email " +
	159	"FROM Users";
	160	db.all(query, (err, users) => {
	161	let toRemove = [];
	162	users.forEach(u => {
	163	// Remove users unlogged for > 24h
	164	if (!u.sessionToken && tsNow - u.created > day)
	165	{
	166	toRemove.push(u.id);
	167	UserModel.notify(
	168	u,
	169	"Your account has been deleted because " +
	170	"you didn't log in for 24h after registration"
	171	);
	172	}
	173	});
	174	if (toRemove.length > 0) {
	175	const remArg = toRemove.join(",");
	176	db.run(
	177	"DELETE FROM Users " +
	178	"WHERE id IN (" + remArg + ")"
	179	);
	180	// Update tournament DB:
	181	exec(params.tourneyPath + "/dbsync/delete_users.py " + remArg);
	182	}
	183	});
	184	});
	185	}
	186
	187	};
	188
	189	module.exports = UserModel;