X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=models%2FUser.js;h=a36ab683487fd7d9d6bc8761ee105536e0c9ca42;hb=b955c65b942d09d24b5c3bed0d755d4f2f8f71f1;hp=66b1bf549b738d0acf6be27e1c4ee2244901b17e;hpb=8d7e2786f5a67a1b9a77c742d7951e0efbe8747d;p=vchess.git diff --git a/models/User.js b/models/User.js index 66b1bf54..a36ab683 100644 --- a/models/User.js +++ b/models/User.js @@ -1,5 +1,7 @@ var db = require("../utils/database"); var maild = require("../utils/mailer.js"); +var genToken = require("../utils/tokenGenerator"); +var params = require("../config/parameters"); /* * Structure: @@ -12,63 +14,88 @@ var maild = require("../utils/mailer.js"); * notify: boolean (send email notifications for corr games) */ -// User creation -exports.create = function(name, email, notify, callback) +const UserModel = { - if (!notify) - notify = false; //default - db.serialize(function() { - db.run( - "INSERT INTO Users " + - "(name, email, notify) VALUES " + - "(" + name + "," + email + "," + notify + ")"); - }); -} + // NOTE: parameters are already cleaned (in controller), thus no sanitization here + create: function(name, email, notify, callback) + { + db.serialize(function() { + const insertQuery = + "INSERT INTO Users " + + "(name, email, notify) VALUES " + + "('" + name + "', '" + email + "', " + notify + ")"; + db.run(insertQuery, err => { + if (!!err) + return callback(err); + db.get("SELECT last_insert_rowid() AS rowid", callback); + }); + }); + }, -// Find one user (by id, name, email, or token) -exports.getOne = function(by, value, cb) -{ - const delimiter = (typeof value === "string" ? "'" : ""); - db.serialize(function() { - db.get( - "SELECT * FROM Users " + - "WHERE " + by " = " + delimiter + value + delimiter, - callback); - }); -} + // Find one user (by id, name, email, or token) + getOne: function(by, value, cb) + { + const delimiter = (typeof value === "string" ? "'" : ""); + db.serialize(function() { + const query = + "SELECT * " + + "FROM Users " + + "WHERE " + by + " = " + delimiter + value + delimiter; + db.get(query, cb); + }); + }, -///////// -// MODIFY + ///////// + // MODIFY -exports.setLoginToken = function(token, uid, cb) -{ - db.serialize(function() { - db.run( - "UPDATE Users " + - "SET loginToken = " + token + " AND loginTime = " + Date.now() + " " + - "WHERE id = " + uid); - }); -} + setLoginToken: function(token, uid, cb) + { + db.serialize(function() { + const query = + "UPDATE Users " + + "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " + + "WHERE id = " + uid; + db.run(query, cb); + }); + }, -exports.setSessionToken = function(token, uid, cb) -{ - // Also empty the login token to invalidate future attempts - db.serialize(function() { - db.run( - "UPDATE Users " + - "SET loginToken = NULL AND sessionToken = " + token + " " + - "WHERE id = " + uid); - }); -} + // Set session token only if empty (first login) + // TODO: weaker security (but avoid to re-login everywhere after each logout) + trySetSessionToken: function(uid, cb) + { + // Also empty the login token to invalidate future attempts + db.serialize(function() { + const querySessionToken = + "SELECT sessionToken " + + "FROM Users " + + "WHERE id = " + uid; + db.get(querySessionToken, (err,ret) => { + if (!!err) + return cb(err); + const token = ret.sessionToken || genToken(params.token.length); + const queryUpdate = + "UPDATE Users " + + "SET loginToken = NULL" + + (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + + "WHERE id = " + uid; + db.run(queryUpdate); + cb(null, token); + }); + }); + }, -exports.updateSettings = function(name, email, notify, cb) -{ - db.serialize(function() { - db.run( - "UPDATE Users " + - "SET name = " + name + - " AND email = " + email + - " AND notify = " + notify + " " + - "WHERE id = " + uid); - }); + updateSettings: function(user, cb) + { + db.serialize(function() { + const query = + "UPDATE Users " + + "SET name = '" + user.name + "'" + + ", email = '" + user.email + "'" + + ", notify = " + user.notify + " " + + "WHERE id = " + user.id; + db.run(query, cb); + }); + }, } + +module.exports = UserModel;