early draft of sockets logic for monitoring
[qomet.git] / routes / users.js
1 let router = require("express").Router();
2 const validator = require('../public/javascripts/utils/validation');
3 const UserModel = require('../models/user');
4 const UserEntity = require('../entities/user');
5 const maild = require('../utils/mailer');
6 const TokenGen = require("../utils/tokenGenerator");
7 const access = require("../utils/access");
8 const params = require("../config/parameters");
9
10 // to: object user
11 function sendLoginToken(subject, to, res)
12 {
13 // Set login token and send welcome(back) email with auth link
14 let token = TokenGen.generate(params.token.length);
15 UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => {
16 access.checkRequest(res, err, ret, "Cannot set login token", () => {
17 maild.send({
18 from: params.mail.from,
19 to: to.email,
20 subject: subject,
21 body: "Hello " + to.initials + "!\n" +
22 "Access your account here: " +
23 params.siteURL + "/authenticate?token=" + token + "\\n" +
24 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
25 }, err => {
26 res.json(err || {});
27 });
28 });
29 });
30 }
31
32 router.get('/register', access.ajax, access.unlogged, (req,res) => {
33 let email = decodeURIComponent(req.query.email);
34 let forename = decodeURIComponent(req.query.forename);
35 let name = decodeURIComponent(req.query.name);
36 const newUser = {
37 email: email,
38 name: name,
39 forename: forename,
40 };
41 let error = validator(newUser, "User");
42 if (error.length > 0)
43 return res.json({errmsg:error});
44 if (!UserModel.whitelistCheck(newUser.email))
45 return res.json({errmsg: "Email not in whitelist"});
46 UserEntity.getByEmail(newUser.email, (err,user0) => {
47 access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
48 UserModel.create(newUser, (err,user) => {
49 access.checkRequest(res, err, user, "Registration failed", () => {
50 user.ip = req.ip;
51 sendLoginToken("Welcome to " + params.siteURL, user, res);
52 });
53 });
54 });
55 });
56 });
57
58 // Login:
59 router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
60 let email = decodeURIComponent(req.query.email);
61 let error = validator({email:email}, "User");
62 if (error.length > 0)
63 return res.json({errmsg:error});
64 UserEntity.getByEmail(email, (err,user) => {
65 access.checkRequest(res, err, user, "Unknown user", () => {
66 user.ip = req.ip;
67 sendLoginToken("Token for " + params.siteURL, user, res);
68 });
69 });
70 });
71
72 // Authentication process, optionally with email changing:
73 router.get('/authenticate', access.unlogged, (req,res) => {
74 let loginToken = req.query.token;
75 let error = validator({token:loginToken}, "User");
76 if (error.length > 0)
77 return res.json({errmsg:error});
78 UserEntity.getByLoginToken(loginToken, (err,user) => {
79 access.checkRequest(res, err, user, "Invalid token", () => {
80 if (user.loginToken.ip != req.ip)
81 return res.json({errmsg: "IP address mismatch"});
82 let now = new Date();
83 let tsNow = now.getTime();
84 // If token older than params.tokenExpire, do nothing
85 if (user.loginToken.timestamp + params.token.expire < tsNow)
86 return res.json({errmsg: "Token expired"});
87 // Generate and update session token + destroy login token
88 let token = TokenGen.generate(params.token.length);
89 UserEntity.setSessionToken(token, user._id, (err,ret) => {
90 access.checkRequest(res, err, ret, "Authentication failed", () => {
91 // Set cookies and redirect to user main control panel
92 res.cookie("token", token, {
93 httpOnly: true,
94 maxAge: params.cookieExpire,
95 });
96 res.cookie("initials", user.initials, {
97 httpOnly: true,
98 maxAge: params.cookieExpire,
99 });
100 res.redirect("/" + user.initials);
101 });
102 });
103 });
104 });
105 });
106
107 router.get('/logout', access.logged, (req,res) => {
108 UserModel.logout(req.user._id, req.cookies.token, (err,ret) => {
109 access.checkRequest(res, err, ret, "Logout failed", () => {
110 res.clearCookie("initials");
111 res.clearCookie("token");
112 res.redirect('/');
113 });
114 });
115 });
116
117 module.exports = router;