X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=c05161567b49b09492b647f9564b00a47d91e6ca;hb=58e7b94e6e1a8d5721b9211b45c40e65fc13f600;hp=cf4c5293178a72707cbaa7f15e5bdd4b624e38d7;hpb=98db2082fd31e7a7bc0348e31ce119f39dbc31b3;p=vchess.git

diff --git a/server/models/User.js b/server/models/User.js
index cf4c5293..c0516156 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -1,7 +1,7 @@
 var db = require("../utils/database");
-var maild = require("../utils/mailer.js");
 var genToken = require("../utils/tokenGenerator");
 var params = require("../config/parameters");
+var sendEmail = require('../utils/mailer');
 
 /*
  * Structure:
@@ -12,6 +12,7 @@ var params = require("../config/parameters");
  *   loginTime: datetime (validity)
  *   sessionToken: token in cookies for authentication
  *   notify: boolean (send email notifications for corr games)
+ *   created: datetime
  */
 
 const UserModel =
@@ -32,6 +33,7 @@ const UserModel =
 			if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
 				return "Bad characters in email";
 		}
+    return ""; //NOTE: not required, but more consistent... (?!)
 	},
 
 	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
@@ -40,8 +42,8 @@ const UserModel =
 		db.serialize(function() {
 			const insertQuery =
 				"INSERT INTO Users " +
-				"(name, email, notify) VALUES " +
-				"('" + name + "', '" + email + "', " + notify + ")";
+				"(name, email, notify, created) VALUES " +
+				"('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
 			db.run(insertQuery, err => {
 				if (!!err)
 					return callback(err);
@@ -63,6 +65,16 @@ const UserModel =
 		});
 	},
 
+  getByIds: function(ids, cb) {
+    db.serialize(function() {
+      const query =
+        "SELECT id, name " +
+        "FROM Users " +
+        "WHERE id IN (" + ids + ")";
+      db.all(query, cb);
+    });
+  },
+
 	/////////
 	// MODIFY
 
@@ -78,8 +90,9 @@ const UserModel =
 	},
 
 	// Set session token only if empty (first login)
-	// TODO: weaker security (but avoid to re-login everywhere after each logout)
-	trySetSessionToken: function(uid, cb)
+	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
+	// TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  trySetSessionToken: function(uid, cb)
 	{
 		// Also empty the login token to invalidate future attempts
 		db.serialize(function() {
@@ -114,6 +127,44 @@ const UserModel =
 			db.run(query, cb);
 		});
 	},
+
+  /////////////////
+  // NOTIFICATIONS
+
+  tryNotify: function(oppId, message)
+  {
+		UserModel.getOne("id", oppId, (err,opp) => {
+      if (!err || !opp.notify)
+        return; //error is ignored here (TODO: should be logged)
+      const subject = "vchess.club - notification";
+      const body = "Hello " + opp.name + "!\n" + message;
+      sendEmail(params.mail.noreply, opp.email, subject, body, err => {
+        res.json(err || {});
+      });
+    });
+  },
+
+  ////////////
+  // CLEANING
+
+  cleanUsersDb: function()
+  {
+    const tsNow = Date.now();
+    // 86400000 = 24 hours in milliseconds
+    const day = 86400000;
+    db.serialize(function() {
+      const query =
+        "SELECT id, sessionToken, created " +
+        "FROM Users";
+      db.all(query, (err, users) => {
+        users.forEach(u => {
+          // Remove unlogged users for >1 day
+          if (!u.sessionToken && tsNow - u.created > day)
+            db.run("DELETE FROM Users WHERE id = " + u.id);
+        });
+      });
+    });
+  },
 }
 
 module.exports = UserModel;