X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=38c5d744e46dc64cc7ea071050c9e17c3061c2c5;hb=d984579275749c77309722664f7def93066b2096;hp=a3fa70619381f52b8b0d94ee9a7222370db54bf4;hpb=ad65975c9150ac761c7e7c6696930d4e9e87396c;p=vchess.git diff --git a/server/routes/users.js b/server/routes/users.js index a3fa7061..38c5d744 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -34,21 +34,21 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => { const name = req.body.name; const email = req.body.email; const notify = !!req.body.notify; - if (UserModel.checkNameEmail({name: name, email: email})) { + if (UserModel.checkNameEmail({ name: name, email: email })) { UserModel.create(name, email, notify, (err, ret) => { if (!!err) { const msg = err.code == "SQLITE_CONSTRAINT" ? "User name or email already in use" : "User creation failed. Try again"; - res.json({errmsg: msg}); + res.json({ errmsg: msg }); } else { const user = { id: ret.id, name: name, - email: email, + email: email }; - setAndSendLoginToken("Welcome to " + params.siteURL, user, res); + setAndSendLoginToken("Welcome to " + params.siteURL, user); res.json({}); } }); @@ -83,9 +83,9 @@ router.get("/whoami", access.ajax, (req,res) => { router.get("/users", access.ajax, (req,res) => { const ids = req.query["ids"]; // NOTE: slightly too permissive RegExp - if (ids.match(/^([0-9]+,?)+$/)) { + if (!!ids && !!ids.match(/^([0-9]+,?)+$/)) { UserModel.getByIds(ids, (err, users) => { - res.json({ users:users }); + res.json({ users: users }); }); } }); @@ -93,7 +93,7 @@ router.get("/users", access.ajax, (req,res) => { router.put('/update', access.logged, access.ajax, (req,res) => { const name = req.body.name; const email = req.body.email; - if (UserModel.checkNameEmail({name: name, email: email})) { + if (UserModel.checkNameEmail({ name: name, email: email })) { const user = { id: req.userId, name: name, @@ -108,7 +108,7 @@ router.put('/update', access.logged, access.ajax, (req,res) => { // Authentication-related methods: // to: object user (to who we send an email) -function setAndSendLoginToken(subject, to, res) { +function setAndSendLoginToken(subject, to) { // Set login token and send welcome(back) email with auth link const token = genToken(params.token.length); UserModel.setLoginToken(token, to.id); @@ -125,10 +125,10 @@ function setAndSendLoginToken(subject, to, res) { router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { const nameOrEmail = decodeURIComponent(req.query.nameOrEmail); const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name"); - if (UserModel.checkNameEmail({[type]: nameOrEmail})) { + if (UserModel.checkNameEmail({ [type]: nameOrEmail })) { UserModel.getOne(type, nameOrEmail, (err,user) => { access.checkRequest(res, err, user, "Unknown user", () => { - setAndSendLoginToken("Token for " + params.siteURL, user, res); + setAndSendLoginToken("Token for " + params.siteURL, user); res.json({}); }); }); @@ -137,12 +137,12 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { if (!req.query.token.match(/^[a-z0-9]+$/)) - return res.json({errmsg: "Bad token"}); + return res.json({ errmsg: "Bad token" }); UserModel.getOne("loginToken", req.query.token, (err,user) => { access.checkRequest(res, err, user, "Invalid token", () => { // If token older than params.tokenExpire, do nothing if (Date.now() > user.loginTime + params.token.expire) - res.json({errmsg: "Token expired"}); + res.json({ errmsg: "Token expired" }); else { // Generate session token (if not exists) + destroy login token UserModel.trySetSessionToken(user.id, (token) => { @@ -155,7 +155,7 @@ router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { id: user.id, name: user.name, email: user.email, - notify: user.notify, + notify: user.notify }); }); }