projects / qomet.git / blob
? search:


5dab77e3daefce0084ea7555a2e7cc115ec075a3
[qomet.git] / routes / users.js
1 let router = require("express").Router();
2 const validator = require('../public/javascripts/utils/validation');
3 const UserModel = require('../models/user');
4 const maild = require('../utils/mailer');
5 const TokenGen = require("../utils/tokenGenerator");
6 const access = require("../utils/access");
7 const params = require("../config/parameters");
8
9 // to: object user
10 function sendLoginToken(subject, to, res)
11 {
12 // Set login token and send welcome(back) email with auth link
13 let token = TokenGen.generate(params.token.length);
14 UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
15 access.checkRequest(res, err, ret, "Cannot set login token", () => {
16 maild.send({
17 from: params.mail.from,
18 to: to.email,
19 subject: subject,
20 body: "Hello " + to.initials + "!\n" +
21 "Access your account here: " +
22 params.siteURL + "/authenticate?token=" + token + "\\n" +
23 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
24 }, err => {
25 res.json(err || {});
26 });
27 });
28 });
29 }
30
31 router.get('/register', access.ajax, access.unlogged, (req,res) => {
32 let email = decodeURIComponent(req.query.email);
33 let name = decodeURIComponent(req.query.name);
34 const newUser = {
35 email: email,
36 name: name,
37 };
38 let error = validator(newUser, "User");
39 if (error.length > 0)
40 return res.json({errmsg:error});
41 if (!UserModel.whitelistCheck(newUser.email))
42 return res.json({errmsg: "Email not in whitelist"});
43 UserModel.getByEmail(newUser.email, (err,user0) => {
44 access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
45 UserModel.create(newUser, (err,user) => {
46 access.checkRequest(res, err, user, "Registration failed", () => {
47 user.ip = req.ip;
48 sendLoginToken("Welcome to " + params.siteURL, user, res);
49 });
50 });
51 });
52 });
53 });
54
55 // Login:
56 router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
57 let email = decodeURIComponent(req.query.email);
58 let error = validator({email:email}, "User");
59 if (error.length > 0)
60 return res.json({errmsg:error});
61 UserModel.getByEmail(email, (err,user) => {
62 access.checkRequest(res, err, user, "Unknown user", () => {
63 user.ip = req.ip;
64 sendLoginToken("Token for " + params.siteURL, user, res);
65 });
66 });
67 });
68
69 // Authentication process, optionally with email changing:
70 router.get('/authenticate', access.unlogged, (req,res) => {
71 let loginToken = req.query.token;
72 let error = validator({token:loginToken}, "User");
73 if (error.length > 0)
74 return res.json({errmsg:error});
75 UserModel.getByLoginToken(loginToken, (err,user) => {
76 access.checkRequest(res, err, user, "Invalid token", () => {
77 if (user.loginToken.ip != req.ip)
78 return res.json({errmsg: "IP address mismatch"});
79 let now = new Date();
80 let tsNow = now.getTime();
81 // If token older than params.tokenExpire, do nothing
82 if (user.loginToken.timestamp + params.token.expire < tsNow)
83 return res.json({errmsg: "Token expired"});
84 // Generate and update session token + destroy login token
85 let token = TokenGen.generate(params.token.length);
86 UserModel.setSessionToken(token, user._id, (err,ret) => {
87 access.checkRequest(res, err, ret, "Authentication failed", () => {
88 // Set cookies and redirect to user main control panel
89 res.cookie("token", token, {
90 httpOnly: true,
91 maxAge: params.cookieExpire,
92 });
93 res.cookie("initials", user.initials, {
94 httpOnly: true,
95 maxAge: params.cookieExpire,
96 });
97 res.redirect("/" + user.initials);
98 });
99 });
100 });
101 });
102 });
103
104 router.get('/logout', access.logged, (req,res) => {
105 UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
106 access.checkRequest(res, err, ret, "Logout failed", () => {
107 res.clearCookie("initials");
108 res.clearCookie("token");
109 res.redirect('/');
110 });
111 });
112 });
113
114 module.exports = router;
Internet-based exams application