X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=c193d6db6cdd906493bad34aad3e8ae925003a27;hb=fccaa87852129f8f27c66a9d3b626f91868109c8;hp=e3e5408c810da1dfdc765cf722f0f8b7b87e3bc2;hpb=059228c9fd737361dc97de69811daed5abbd6254;p=vchess.git

diff --git a/server/models/User.js b/server/models/User.js
index e3e5408c..c193d6db 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -13,7 +13,7 @@ const sendEmail = require('../utils/mailer');
  *   sessionToken: token in cookies for authentication
  *   notify: boolean (send email notifications for corr games)
  *   created: datetime
- *   newsRead: datetime
+ *   bio: text
  */
 
 const UserModel = {
@@ -37,11 +37,11 @@ const UserModel = {
   },
 
   // Find one user by id, name, email, or token
-  getOne: function(by, value, cb) {
+  getOne: function(by, value, fields, cb) {
     const delimiter = (typeof value === "string" ? "'" : "");
     db.serialize(function() {
       const query =
-        "SELECT * " +
+        "SELECT " + fields + " " +
         "FROM Users " +
         "WHERE " + by + " = " + delimiter + value + delimiter;
       db.get(query, cb);
@@ -58,6 +58,16 @@ const UserModel = {
     });
   },
 
+  getBio: function(id, cb) {
+    db.serialize(function() {
+      const query =
+        "SELECT bio " +
+        "FROM Users " +
+        "WHERE id = " + id;
+      db.get(query, cb);
+    });
+  },
+
   /////////
   // MODIFY
 
@@ -71,32 +81,34 @@ const UserModel = {
     });
   },
 
-  setNewsRead: function(id) {
+  setBio: function(id, bio) {
     db.serialize(function() {
       const query =
         "UPDATE Users " +
-        "SET newsRead = " + Date.now() + " " +
+        "SET bio = ? " +
         "WHERE id = " + id;
-      db.run(query);
+      db.run(query, bio);
     });
   },
 
   // Set session token only if empty (first login)
   // NOTE: weaker security (but avoid to re-login everywhere after each logout)
-  // TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  // TODO: option would be to reset all tokens periodically (every 3 months?)
   trySetSessionToken: function(id, cb) {
     db.serialize(function() {
       let query =
         "SELECT sessionToken " +
         "FROM Users " +
         "WHERE id = " + id;
-      db.get(query, (err,ret) => {
+      db.get(query, (err, ret) => {
         const token = ret.sessionToken || genToken(params.token.length);
+        const setSessionToken =
+          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
         query =
           "UPDATE Users " +
           // Also empty the login token to invalidate future attempts
-          "SET loginToken = NULL" +
-          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+          "SET loginToken = NULL, loginTime = NULL " +
+          setSessionToken + " " +
           "WHERE id = " + id;
         db.run(query);
         cb(token);
@@ -127,7 +139,7 @@ const UserModel = {
   },
 
   tryNotify: function(id, message) {
-    UserModel.getOne("id", id, (err,user) => {
+    UserModel.getOne("id", id, "name, email", (err, user) => {
       if (!err && user.notify) UserModel.notify(user, message);
     });
   },
@@ -149,6 +161,7 @@ const UserModel = {
           // Remove users unlogged for > 24h
           if (!u.sessionToken && tsNow - u.created > day)
           {
+            toRemove.push(u.id);
             UserModel.notify(
               u,
               "Your account has been deleted because " +