+ // Set session token only if empty (first login)
+ // NOTE: weaker security (but avoid to re-login everywhere after each logout)
+ // TODO: option would be to reset all tokens periodically, e.g. every 3 months
+ trySetSessionToken: function(uid, cb)
+ {
+ db.serialize(function() {
+ let query =
+ "SELECT sessionToken " +
+ "FROM Users " +
+ "WHERE id = " + uid;
+ db.get(query, (err,ret) => {
+ const token = ret.sessionToken || genToken(params.token.length);
+ query =
+ "UPDATE Users " +
+ // Also empty the login token to invalidate future attempts
+ "SET loginToken = NULL" +
+ (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+ "WHERE id = " + uid;
+ db.run(query);
+ cb(token);
+ });
+ });
+ },
+
+ updateSettings: function(user)
+ {
+ db.serialize(function() {
+ const query =
+ "UPDATE Users " +
+ "SET name = '" + user.name + "'" +
+ ", email = '" + user.email + "'" +
+ ", notify = " + user.notify + " " +
+ "WHERE id = " + user.id;
+ db.run(query);
+ });
+ },
+
+ /////////////////
+ // NOTIFICATIONS
+
+ notify: function(user, message)
+ {
+ const subject = "vchess.club - notification";
+ const body = "Hello " + user.name + " !" + `
+` + message;
+ sendEmail(params.mail.noreply, user.email, subject, body);
+ },
+
+ tryNotify: function(id, message)
+ {
+ UserModel.getOne("id", id, (err,user) => {
+ if (!err && user.notify)
+ UserModel.notify(user, message);
+ });
+ },
+
+ ////////////
+ // CLEANING
+
+ cleanUsersDb: function()
+ {
+ const tsNow = Date.now();
+ // 86400000 = 24 hours in milliseconds
+ const day = 86400000;
+ db.serialize(function() {
+ const query =
+ "SELECT id, sessionToken, created, name, email " +
+ "FROM Users";
+ db.all(query, (err, users) => {
+ users.forEach(u => {
+ // Remove unlogged users for > 24h
+ if (!u.sessionToken && tsNow - u.created > day)
+ {
+ notify(
+ u,
+ "Your account has been deleted because " +
+ "you didn't log in for 24h after registration"
+ );
+ db.run("DELETE FROM Users WHERE id = " + u.id);
+ }
+ });
+ });
+ });
+ },