- // Set session token only if empty (first login)
- // TODO: weaker security (but avoid to re-login everywhere after each logout)
- trySetSessionToken: function(uid, cb)
- {
- // Also empty the login token to invalidate future attempts
- db.serialize(function() {
- const querySessionToken =
- "SELECT sessionToken " +
- "FROM Users " +
- "WHERE id = " + uid;
- db.get(querySessionToken, (err,ret) => {
- if (!!err)
- return cb(err);
- const token = ret.sessionToken || genToken(params.token.length);
- const queryUpdate =
- "UPDATE Users " +
- "SET loginToken = NULL" +
- (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
- "WHERE id = " + uid;
- db.run(queryUpdate);
- cb(null, token);
- });
- });
- },
+ // Set session token only if empty (first login)
+ // NOTE: weaker security (but avoid to re-login everywhere after each logout)
+ // TODO: option would be to reset all tokens periodically, e.g. every 3 months
+ trySetSessionToken: function(uid, cb)
+ {
+ // Also empty the login token to invalidate future attempts
+ db.serialize(function() {
+ const querySessionToken =
+ "SELECT sessionToken " +
+ "FROM Users " +
+ "WHERE id = " + uid;
+ db.get(querySessionToken, (err,ret) => {
+ if (!!err)
+ return cb(err);
+ const token = ret.sessionToken || genToken(params.token.length);
+ const queryUpdate =
+ "UPDATE Users " +
+ "SET loginToken = NULL" +
+ (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+ "WHERE id = " + uid;
+ db.run(queryUpdate);
+ cb(null, token);
+ });
+ });
+ },