| 1 | var db = require("../utils/database"); |
| 2 | var genToken = require("../utils/tokenGenerator"); |
| 3 | var params = require("../config/parameters"); |
| 4 | var sendEmail = require('../utils/mailer'); |
| 5 | |
| 6 | /* |
| 7 | * Structure: |
| 8 | * _id: integer |
| 9 | * name: varchar |
| 10 | * email: varchar |
| 11 | * loginToken: token on server only |
| 12 | * loginTime: datetime (validity) |
| 13 | * sessionToken: token in cookies for authentication |
| 14 | * notify: boolean (send email notifications for corr games) |
| 15 | * created: datetime |
| 16 | */ |
| 17 | |
| 18 | const UserModel = |
| 19 | { |
| 20 | checkNameEmail: function(o) |
| 21 | { |
| 22 | if (typeof o.name === "string") |
| 23 | { |
| 24 | if (o.name.length == 0) |
| 25 | return "Empty name"; |
| 26 | if (!o.name.match(/^[\w]+$/)) |
| 27 | return "Bad characters in name"; |
| 28 | } |
| 29 | if (typeof o.email === "string") |
| 30 | { |
| 31 | if (o.email.length == 0) |
| 32 | return "Empty email"; |
| 33 | if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/)) |
| 34 | return "Bad characters in email"; |
| 35 | } |
| 36 | return ""; //NOTE: not required, but more consistent... (?!) |
| 37 | }, |
| 38 | |
| 39 | // NOTE: parameters are already cleaned (in controller), thus no sanitization here |
| 40 | create: function(name, email, notify, callback) |
| 41 | { |
| 42 | db.serialize(function() { |
| 43 | const insertQuery = |
| 44 | "INSERT INTO Users " + |
| 45 | "(name, email, notify, created) VALUES " + |
| 46 | "('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")"; |
| 47 | db.run(insertQuery, err => { |
| 48 | if (!!err) |
| 49 | return callback(err); |
| 50 | db.get("SELECT last_insert_rowid() AS rowid", callback); |
| 51 | }); |
| 52 | }); |
| 53 | }, |
| 54 | |
| 55 | // Find one user (by id, name, email, or token) |
| 56 | getOne: function(by, value, cb) |
| 57 | { |
| 58 | const delimiter = (typeof value === "string" ? "'" : ""); |
| 59 | db.serialize(function() { |
| 60 | const query = |
| 61 | "SELECT * " + |
| 62 | "FROM Users " + |
| 63 | "WHERE " + by + " = " + delimiter + value + delimiter; |
| 64 | db.get(query, cb); |
| 65 | }); |
| 66 | }, |
| 67 | |
| 68 | getByIds: function(ids, cb) { |
| 69 | db.serialize(function() { |
| 70 | const query = |
| 71 | "SELECT id, name " + |
| 72 | "FROM Users " + |
| 73 | "WHERE id IN (" + ids + ")"; |
| 74 | db.all(query, cb); |
| 75 | }); |
| 76 | }, |
| 77 | |
| 78 | ///////// |
| 79 | // MODIFY |
| 80 | |
| 81 | setLoginToken: function(token, uid, cb) |
| 82 | { |
| 83 | db.serialize(function() { |
| 84 | const query = |
| 85 | "UPDATE Users " + |
| 86 | "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " + |
| 87 | "WHERE id = " + uid; |
| 88 | db.run(query, cb); |
| 89 | }); |
| 90 | }, |
| 91 | |
| 92 | // Set session token only if empty (first login) |
| 93 | // NOTE: weaker security (but avoid to re-login everywhere after each logout) |
| 94 | // TODO: option would be to reset all tokens periodically, e.g. every 3 months |
| 95 | trySetSessionToken: function(uid, cb) |
| 96 | { |
| 97 | // Also empty the login token to invalidate future attempts |
| 98 | db.serialize(function() { |
| 99 | const querySessionToken = |
| 100 | "SELECT sessionToken " + |
| 101 | "FROM Users " + |
| 102 | "WHERE id = " + uid; |
| 103 | db.get(querySessionToken, (err,ret) => { |
| 104 | if (!!err) |
| 105 | return cb(err); |
| 106 | const token = ret.sessionToken || genToken(params.token.length); |
| 107 | const queryUpdate = |
| 108 | "UPDATE Users " + |
| 109 | "SET loginToken = NULL" + |
| 110 | (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + |
| 111 | "WHERE id = " + uid; |
| 112 | db.run(queryUpdate); |
| 113 | cb(null, token); |
| 114 | }); |
| 115 | }); |
| 116 | }, |
| 117 | |
| 118 | updateSettings: function(user, cb) |
| 119 | { |
| 120 | db.serialize(function() { |
| 121 | const query = |
| 122 | "UPDATE Users " + |
| 123 | "SET name = '" + user.name + "'" + |
| 124 | ", email = '" + user.email + "'" + |
| 125 | ", notify = " + user.notify + " " + |
| 126 | "WHERE id = " + user.id; |
| 127 | db.run(query, cb); |
| 128 | }); |
| 129 | }, |
| 130 | |
| 131 | ///////////////// |
| 132 | // NOTIFICATIONS |
| 133 | |
| 134 | notify: function(user, message) |
| 135 | { |
| 136 | const subject = "vchess.club - notification"; |
| 137 | const body = "Hello " + user.name + "!" + ` |
| 138 | ` + message; |
| 139 | sendEmail(params.mail.noreply, user.email, subject, body); |
| 140 | }, |
| 141 | |
| 142 | tryNotify: function(id, message) |
| 143 | { |
| 144 | UserModel.getOne("id", id, (err,user) => { |
| 145 | if (!err || !user.notify) |
| 146 | return; //NOTE: error is ignored here |
| 147 | UserModel.notify(user, message); |
| 148 | }); |
| 149 | }, |
| 150 | |
| 151 | //////////// |
| 152 | // CLEANING |
| 153 | |
| 154 | cleanUsersDb: function() |
| 155 | { |
| 156 | const tsNow = Date.now(); |
| 157 | // 86400000 = 24 hours in milliseconds |
| 158 | const day = 86400000; |
| 159 | db.serialize(function() { |
| 160 | const query = |
| 161 | "SELECT id, sessionToken, created " + |
| 162 | "FROM Users"; |
| 163 | db.all(query, (err, users) => { |
| 164 | users.forEach(u => { |
| 165 | // Remove unlogged users for >1 day |
| 166 | if (!u.sessionToken && tsNow - u.created > day) |
| 167 | db.run("DELETE FROM Users WHERE id = " + u.id); |
| 168 | }); |
| 169 | }); |
| 170 | }); |
| 171 | }, |
| 172 | } |
| 173 | |
| 174 | module.exports = UserModel; |