X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=163dc30132977dcf1f5c43b533cc5e0a9acd33cc;hb=f21cd6d9c23da37d729f20ea4c08e56b1a7b10a1;hp=2b39cc05f3fecd8b7e62f6b5ffbab0dc10838490;hpb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;p=vchess.git

diff --git a/server/routes/users.js b/server/routes/users.js
index 2b39cc05..163dc301 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -6,7 +6,35 @@ var sendEmail = require('../utils/mailer');
 var genToken = require("../utils/tokenGenerator");
 var access = require("../utils/access");
 var params = require("../config/parameters");
-var checkNameEmail = require("../data/userCheck")
+
+router.get("/whoami", access.ajax, (req,res) => {
+  const callback = (user) => {
+    return res.json({
+      name: user.name,
+      email: user.email,
+      id: user.id,
+      notify: user.notify,
+    });
+  };
+  const anonymous = {name:"", email:"", id:0, notify:false};
+	if (!req.cookies.token)
+    return callback(anonymous);
+  UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+    if (!!err || !user)
+      callback(anonymous);
+    else
+      callback(user);
+  });
+});
+
+router.get("/users", access.ajax, (req,res) => {
+  const ids = req.query["ids"];
+  UserModel.getByIds(ids, (err,users) => {
+    if (!!err)
+      return res.json({errmsg: err.toString()});
+    return res.json({users:users});
+  });
+});
 
 // to: object user (to who we send an email)
 function setAndSendLoginToken(subject, to, res)
@@ -17,14 +45,12 @@ function setAndSendLoginToken(subject, to, res)
 		if (!!err)
 			return res.json({errmsg: err.toString()});
 		const body =
-			"Hello " + to.name + "!\n" +
+			"Hello " + to.name + "!\\n" +
 			"Access your account here: " +
-			params.siteURL + "/authenticate?token=" + token + "\\n" +
+			params.siteURL + "/#/authenticate/" + token + "\\n" +
 			"Token will expire in " + params.token.expire/(1000*60) + " minutes."
 		sendEmail(params.mail.noreply, to.email, subject, body, err => {
-			// "id" is generally the only info missing on client side,
-			// but the name is also unknown if log-in with the email.
-			res.json(err || {id: to.id, name: to.name});
+			res.json(err || {});
 		});
 	});
 }
@@ -33,7 +59,7 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => {
 	const name = req.body.name;
 	const email = req.body.email;
 	const notify = !!req.body.notify;
-	const error = checkNameEmail({name: name, email: email});
+	const error = UserModel.checkNameEmail({name: name, email: email});
 	if (!!error)
 		return res.json({errmsg: error});
 	UserModel.create(name, email, notify, (err,uid) => {
@@ -51,7 +77,7 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => {
 router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
 	const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
 	const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
-	const error = checkNameEmail({[type]: nameOrEmail});
+	const error = UserModel.checkNameEmail({[type]: nameOrEmail});
 	if (!!error)
 		return res.json({errmsg: error});
 	UserModel.getOne(type, nameOrEmail, (err,user) => {
@@ -61,10 +87,10 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
 	});
 });
 
-router.get('/authenticate', access.unlogged, (req,res) => {
-	UserModel.getOne("loginToken", req.query.token, (err,user) => {
+router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
+  UserModel.getOne("loginToken", req.query.token, (err,user) => {
 		access.checkRequest(res, err, user, "Invalid token", () => {
-			// If token older than params.tokenExpire, do nothing
+      // If token older than params.tokenExpire, do nothing
 			if (Date.now() > user.loginTime + params.token.expire)
 				return res.json({errmsg: "Token expired"});
 			// Generate session token (if not exists) + destroy login token
@@ -72,12 +98,17 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 				if (!!err)
 					return res.json({errmsg: err.toString()});
 				// Set cookie
-				res.cookie("token", token, {
+        res.cookie("token", token, {
 					httpOnly: true,
 					secure: !!params.siteURL.match(/^https/),
 					maxAge: params.cookieExpire,
 				});
-				res.redirect("/");
+				res.json({
+          id: user.id,
+          name: user.name,
+          email: user.email,
+          notify: user.notify,
+        });
 			});
 		});
 	});
@@ -86,7 +117,7 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 router.put('/update', access.logged, access.ajax, (req,res) => {
 	const name = req.body.name;
 	const email = req.body.email;
-	const error = checkNameEmail({name: name, email: email});
+	const error = UserModel.checkNameEmail({name: name, email: email});
 	if (!!error)
 		return res.json({errmsg: error});
 	const user = {
@@ -100,10 +131,9 @@ router.put('/update', access.logged, access.ajax, (req,res) => {
 	});
 });
 
-// Logout on server because the token cookie is httpOnly
-router.get('/logout', access.logged, (req,res) => {
+router.get('/logout', access.logged, access.ajax, (req,res) => {
 	res.clearCookie("token");
-	res.redirect('/');
+	res.json({});
 });
 
 module.exports = router;