X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=models%2FUser.js;h=a36ab683487fd7d9d6bc8761ee105536e0c9ca42;hb=b955c65b942d09d24b5c3bed0d755d4f2f8f71f1;hp=6e91458eb310e3e798e6cb5483d005d5c1382ac8;hpb=8a477a7e1b781babc74d7935b80ac0b18ec04f86;p=vchess.git

diff --git a/models/User.js b/models/User.js
index 6e91458e..a36ab683 100644
--- a/models/User.js
+++ b/models/User.js
@@ -1,6 +1,7 @@
 var db = require("../utils/database");
 var maild = require("../utils/mailer.js");
-var TokenGen = require("../utils/tokenGenerator");
+var genToken = require("../utils/tokenGenerator");
+var params = require("../config/parameters");
 
 /*
  * Structure:
@@ -13,78 +14,88 @@ var TokenGen = require("../utils/tokenGenerator");
  *   notify: boolean (send email notifications for corr games)
  */
 
-// User creation
-exports.create = function(name, email, notify, callback)
+const UserModel =
 {
-	db.serialize(function() {
-		const query =
-			"INSERT INTO Users " +
-			"(name, email, notify) VALUES " +
-			"('" + name + "', '" + email + "', " + notify + ")";
-		db.run(query, callback); //TODO: need to get the inserted user (how ?)
-	});
-}
-
-// Find one user (by id, name, email, or token)
-exports.getOne = function(by, value, cb)
-{
-	const delimiter = (typeof value === "string" ? "'" : "");
-	db.serialize(function() {
-		const query =
-			"SELECT * FROM Users " +
-			"WHERE " + by + " = " + delimiter + value + delimiter;
-		db.get(query, cb);
-	});
-}
+	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
+	create: function(name, email, notify, callback)
+	{
+		db.serialize(function() {
+			const insertQuery =
+				"INSERT INTO Users " +
+				"(name, email, notify) VALUES " +
+				"('" + name + "', '" + email + "', " + notify + ")";
+			db.run(insertQuery, err => {
+				if (!!err)
+					return callback(err);
+				db.get("SELECT last_insert_rowid() AS rowid", callback);
+			});
+		});
+	},
 
-/////////
-// MODIFY
+	// Find one user (by id, name, email, or token)
+	getOne: function(by, value, cb)
+	{
+		const delimiter = (typeof value === "string" ? "'" : "");
+		db.serialize(function() {
+			const query =
+				"SELECT * " +
+				"FROM Users " +
+				"WHERE " + by + " = " + delimiter + value + delimiter;
+			db.get(query, cb);
+		});
+	},
 
-exports.setLoginToken = function(token, uid, cb)
-{
-	db.serialize(function() {
-		const query =
-			"UPDATE Users " +
-			"SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
-			"WHERE id = " + uid;
-		db.run(query, cb);
-	});
-}
+	/////////
+	// MODIFY
 
-// Set session token only if empty (first login)
-// TODO: weaker security (but avoid to re-login everywhere after each logout)
-exports.trySetSessionToken = function(uid, cb)
-{
-	// Also empty the login token to invalidate future attempts
-	db.serialize(function() {
-		const querySessionTOken =
-			"SELECT sessionToken " +
-			"FROM Users " +
-			"WHERE id = " + uid;
-		db.get(querySessionToken, (err,token) => {
-			if (!!err)
-				return cb(err);
-			const newToken = token || TokenGen.generate(params.token.length);
-			const queryUpdate =
+	setLoginToken: function(token, uid, cb)
+	{
+		db.serialize(function() {
+			const query =
 				"UPDATE Users " +
-				"SET loginToken = NULL " +
-				(!token ? "AND sessionToken = " + newToken + " " : "") +
+				"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
 				"WHERE id = " + uid;
-			db.run(queryUpdate);
-				cb(null, newToken);
+			db.run(query, cb);
 		});
-	});
-}
+	},
 
-exports.updateSettings = function(user, cb)
-{
-	db.serialize(function() {
-		const query =
-			"UPDATE Users " +
-			"SET name = " + user.name +
-			" AND email = " + user.email +
-			" AND notify = " + user.notify + " " +
-			"WHERE id = " + user._id;
-		db.run(query, cb);
-	});
+	// Set session token only if empty (first login)
+	// TODO: weaker security (but avoid to re-login everywhere after each logout)
+	trySetSessionToken: function(uid, cb)
+	{
+		// Also empty the login token to invalidate future attempts
+		db.serialize(function() {
+			const querySessionToken =
+				"SELECT sessionToken " +
+				"FROM Users " +
+				"WHERE id = " + uid;
+			db.get(querySessionToken, (err,ret) => {
+				if (!!err)
+					return cb(err);
+				const token = ret.sessionToken || genToken(params.token.length);
+				const queryUpdate =
+					"UPDATE Users " +
+					"SET loginToken = NULL" +
+					(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+					"WHERE id = " + uid;
+				db.run(queryUpdate);
+				cb(null, token);
+			});
+		});
+	},
+
+	updateSettings: function(user, cb)
+	{
+		db.serialize(function() {
+			const query =
+				"UPDATE Users " +
+				"SET name = '" + user.name + "'" +
+				", email = '" + user.email + "'" +
+				", notify = " + user.notify + " " +
+				"WHERE id = " + user.id;
+			db.run(query, cb);
+		});
+	},
 }
+
+module.exports = UserModel;