X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=c05161567b49b09492b647f9564b00a47d91e6ca;hb=25d183426e276870f57793f1f043c40a412d18c6;hp=c2e78837e439f827b4de23aebdbfd24a116dcd46;hpb=d431028c73d41a22636130bd6aff562762eaf2bb;p=vchess.git

diff --git a/server/models/User.js b/server/models/User.js
index c2e78837..c0516156 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -12,6 +12,7 @@ var sendEmail = require('../utils/mailer');
  *   loginTime: datetime (validity)
  *   sessionToken: token in cookies for authentication
  *   notify: boolean (send email notifications for corr games)
+ *   created: datetime
  */
 
 const UserModel =
@@ -32,6 +33,7 @@ const UserModel =
 			if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
 				return "Bad characters in email";
 		}
+    return ""; //NOTE: not required, but more consistent... (?!)
 	},
 
 	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
@@ -40,8 +42,8 @@ const UserModel =
 		db.serialize(function() {
 			const insertQuery =
 				"INSERT INTO Users " +
-				"(name, email, notify) VALUES " +
-				"('" + name + "', '" + email + "', " + notify + ")";
+				"(name, email, notify, created) VALUES " +
+				"('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
 			db.run(insertQuery, err => {
 				if (!!err)
 					return callback(err);
@@ -88,8 +90,9 @@ const UserModel =
 	},
 
 	// Set session token only if empty (first login)
-	// TODO: weaker security (but avoid to re-login everywhere after each logout)
-	trySetSessionToken: function(uid, cb)
+	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
+	// TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  trySetSessionToken: function(uid, cb)
 	{
 		// Also empty the login token to invalidate future attempts
 		db.serialize(function() {
@@ -139,26 +142,29 @@ const UserModel =
         res.json(err || {});
       });
     });
-  }
-}
+  },
+
+  ////////////
+  // CLEANING
 
-// TODO: adapt
-//exports.cleanUsersDb = function()
-//{
-//	var tsNow = new Date().getTime();
-//	// 86400000 = 24 hours in milliseconds
-//	var day = 86400000;
-//
-//	db.users.find({}, (err,userArray) => {
-//		userArray.forEach( u => {
-//			if ((u.sessionTokens.length==0 &&
-//					u._id.getTimestamp().getTime() + day < tsNow) //unlogged
-//				|| u.updated + 365*day < tsNow) //inactive for one year
-//			{
-//				db.users.remove({"_id": u._id});
-//			}
-//		});
-//	});
-//}
+  cleanUsersDb: function()
+  {
+    const tsNow = Date.now();
+    // 86400000 = 24 hours in milliseconds
+    const day = 86400000;
+    db.serialize(function() {
+      const query =
+        "SELECT id, sessionToken, created " +
+        "FROM Users";
+      db.all(query, (err, users) => {
+        users.forEach(u => {
+          // Remove unlogged users for >1 day
+          if (!u.sessionToken && tsNow - u.created > day)
+            db.run("DELETE FROM Users WHERE id = " + u.id);
+        });
+      });
+    });
+  },
+}
 
 module.exports = UserModel;