1 var db
= require("../utils/database");
2 var genToken
= require("../utils/tokenGenerator");
3 var params
= require("../config/parameters");
4 var sendEmail
= require('../utils/mailer');
11 * loginToken: token on server only
12 * loginTime: datetime (validity)
13 * sessionToken: token in cookies for authentication
14 * notify: boolean (send email notifications for corr games)
20 checkNameEmail: function(o
)
22 if (typeof o
.name
=== "string")
24 if (o
.name
.length
== 0)
26 if (!o
.name
.match(/^[\w]+$/))
27 return "Bad characters in name";
29 if (typeof o
.email
=== "string")
31 if (o
.email
.length
== 0)
33 if (!o
.email
.match(/^[\w.+-]+@[\w.+-]+$/))
34 return "Bad characters in email";
36 return ""; //NOTE: not required, but more consistent... (?!)
39 // NOTE: parameters are already cleaned (in controller), thus no sanitization here
40 create: function(name
, email
, notify
, callback
)
42 db
.serialize(function() {
44 "INSERT INTO Users " +
45 "(name, email, notify, created) VALUES " +
46 "('" + name
+ "', '" + email
+ "', " + notify
+ "," + Date
.now() + ")";
47 db
.run(insertQuery
, err
=> {
50 db
.get("SELECT last_insert_rowid() AS rowid", callback
);
55 // Find one user (by id, name, email, or token)
56 getOne: function(by
, value
, cb
)
58 const delimiter
= (typeof value
=== "string" ? "'" : "");
59 db
.serialize(function() {
63 "WHERE " + by
+ " = " + delimiter
+ value
+ delimiter
;
68 getByIds: function(ids
, cb
) {
69 db
.serialize(function() {
73 "WHERE id IN (" + ids
+ ")";
81 setLoginToken: function(token
, uid
, cb
)
83 db
.serialize(function() {
86 "SET loginToken = '" + token
+ "', loginTime = " + Date
.now() + " " +
92 // Set session token only if empty (first login)
93 // NOTE: weaker security (but avoid to re-login everywhere after each logout)
94 // TODO: option would be to reset all tokens periodically, e.g. every 3 months
95 trySetSessionToken: function(uid
, cb
)
97 // Also empty the login token to invalidate future attempts
98 db
.serialize(function() {
99 const querySessionToken
=
100 "SELECT sessionToken " +
103 db
.get(querySessionToken
, (err
,ret
) => {
106 const token
= ret
.sessionToken
|| genToken(params
.token
.length
);
109 "SET loginToken = NULL" +
110 (!ret
.sessionToken
? (", sessionToken = '" + token
+ "'") : "") + " " +
118 updateSettings: function(user
, cb
)
120 db
.serialize(function() {
123 "SET name = '" + user
.name
+ "'" +
124 ", email = '" + user
.email
+ "'" +
125 ", notify = " + user
.notify
+ " " +
126 "WHERE id = " + user
.id
;
134 notify: function(user
, message
)
136 const subject
= "vchess.club - notification";
137 const body
= "Hello " + user
.name
+ "!" + `
139 sendEmail(params
.mail
.noreply
, user
.email
, subject
, body
);
142 tryNotify: function(id
, message
)
144 UserModel
.getOne("id", id
, (err
,user
) => {
145 if (!err
|| !user
.notify
)
146 return; //NOTE: error is ignored here
147 UserModel
.notify(user
, message
);
154 cleanUsersDb: function()
156 const tsNow
= Date
.now();
157 // 86400000 = 24 hours in milliseconds
158 const day
= 86400000;
159 db
.serialize(function() {
161 "SELECT id, sessionToken, created " +
163 db
.all(query
, (err
, users
) => {
165 // Remove unlogged users for >1 day
166 if (!u
.sessionToken
&& tsNow
- u
.created
> day
)
167 db
.run("DELETE FROM Users WHERE id = " + u
.id
);
174 module
.exports
= UserModel
;