-const UserModel =
-{
- checkNameEmail: function(o)
- {
- if (typeof o.name === "string")
- {
- if (o.name.length == 0)
- return "Empty name";
- if (!o.name.match(/^[\w]+$/))
- return "Bad characters in name";
- }
- if (typeof o.email === "string")
- {
- if (o.email.length == 0)
- return "Empty email";
- if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
- return "Bad characters in email";
- }
- },
-
- // NOTE: parameters are already cleaned (in controller), thus no sanitization here
- create: function(name, email, notify, callback)
- {
- db.serialize(function() {
- const insertQuery =
- "INSERT INTO Users " +
- "(name, email, notify, created) VALUES " +
- "('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
- db.run(insertQuery, err => {
- if (!!err)
- return callback(err);
- db.get("SELECT last_insert_rowid() AS rowid", callback);
- });
- });
- },
-
- // Find one user (by id, name, email, or token)
- getOne: function(by, value, cb)
- {
- const delimiter = (typeof value === "string" ? "'" : "");
- db.serialize(function() {
- const query =
- "SELECT * " +
- "FROM Users " +
- "WHERE " + by + " = " + delimiter + value + delimiter;
- db.get(query, cb);
- });
- },
+const UserModel = {
+ checkNameEmail: function(o) {
+ return (
+ (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
+ (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
+ );
+ },
+
+ create: function(name, email, notify, cb) {
+ db.serialize(function() {
+ const query =
+ "INSERT INTO Users " +
+ "(name, email, notify, created) VALUES " +
+ "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
+ db.run(query, function(err) {
+ cb(err, { id: this.lastID });
+ });
+ });
+ },
+
+ // Find one user by id, name, email, or token
+ getOne: function(by, value, cb) {
+ const delimiter = (typeof value === "string" ? "'" : "");
+ db.serialize(function() {
+ const query =
+ "SELECT * " +
+ "FROM Users " +
+ "WHERE " + by + " = " + delimiter + value + delimiter;
+ db.get(query, cb);
+ });
+ },