[vchess.git] / models / User.js

var db = require("../utils/database");
var maild = require("../utils/mailer.js");
var TokenGen = require("../utils/tokenGenerator");

/*
 * Structure:
 *   _id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 */

// User creation
exports.create = function(name, email, notify, callback)
{
	db.serialize(function() {
		const query =
			"INSERT INTO Users " +
			"(name, email, notify) VALUES " +
			"('" + name + "', '" + email + "', " + notify + ")";
		db.run(query, callback); //TODO: need to get the inserted user (how ?)
	});
}

// Find one user (by id, name, email, or token)
exports.getOne = function(by, value, cb)
{
	const delimiter = (typeof value === "string" ? "'" : "");
	db.serialize(function() {
		const query =
			"SELECT * FROM Users " +
			"WHERE " + by + " = " + delimiter + value + delimiter;
		db.get(query, cb);
	});
}

/////////
// MODIFY

exports.setLoginToken = function(token, uid, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
			"WHERE id = " + uid;
		db.run(query, cb);
	});
}

// Set session token only if empty (first login)
// TODO: weaker security (but avoid to re-login everywhere after each logout)
exports.trySetSessionToken = function(uid, cb)
{
	// Also empty the login token to invalidate future attempts
	db.serialize(function() {
		const querySessionTOken =
			"SELECT sessionToken " +
			"FROM Users " +
			"WHERE id = " + uid;
		db.get(querySessionToken, (err,token) => {
			if (!!err)
				return cb(err);
			const newToken = token || TokenGen.generate(params.token.length);
			const queryUpdate =
				"UPDATE Users " +
				"SET loginToken = NULL " +
				(!token ? "AND sessionToken = " + newToken + " " : "") +
				"WHERE id = " + uid;
			db.run(queryUpdate);
				cb(null, newToken);
		});
	});
}

exports.updateSettings = function(user, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET name = " + user.name +
			" AND email = " + user.email +
			" AND notify = " + user.notify + " " +
			"WHERE id = " + user._id;
		db.run(query, cb);
	});
}
Commit	Line	Data
8d7e2786 BA	1	var db = require("../utils/database");
8d7e2786 BA	2	var maild = require("../utils/mailer.js");
0bd5933d	3	var TokenGen = require("../utils/tokenGenerator");
8d7e2786 BA	4
	5	/*
	6	* Structure:
	7	* _id: integer
	8	* name: varchar
	9	* email: varchar
	10	* loginToken: token on server only
	11	* loginTime: datetime (validity)
	12	* sessionToken: token in cookies for authentication
	13	* notify: boolean (send email notifications for corr games)
	14	*/
	15
	16	// User creation
	17	exports.create = function(name, email, notify, callback)
	18	{
8d7e2786	19	db.serialize(function() {
8a477a7e	20	const query =
8d7e2786 BA	21	"INSERT INTO Users " +
8d7e2786 BA	22	"(name, email, notify) VALUES " +
8a477a7e BA	23	"('" + name + "', '" + email + "', " + notify + ")";
8a477a7e BA	24	db.run(query, callback); //TODO: need to get the inserted user (how ?)
8d7e2786 BA	25	});
	26	}
	27
	28	// Find one user (by id, name, email, or token)
	29	exports.getOne = function(by, value, cb)
	30	{
	31	const delimiter = (typeof value === "string" ? "'" : "");
	32	db.serialize(function() {
8a477a7e	33	const query =
8d7e2786	34	"SELECT * FROM Users " +
8a477a7e BA	35	"WHERE " + by + " = " + delimiter + value + delimiter;
8a477a7e BA	36	db.get(query, cb);
8d7e2786 BA	37	});
	38	}
	39
	40	/////////
	41	// MODIFY
	42
	43	exports.setLoginToken = function(token, uid, cb)
	44	{
	45	db.serialize(function() {
8a477a7e	46	const query =
8d7e2786 BA	47	"UPDATE Users " +
8d7e2786 BA	48	"SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
8a477a7e BA	49	"WHERE id = " + uid;
8a477a7e BA	50	db.run(query, cb);
8d7e2786 BA	51	});
	52	}
	53
0bd5933d BA	54	// Set session token only if empty (first login)
	55	// TODO: weaker security (but avoid to re-login everywhere after each logout)
	56	exports.trySetSessionToken = function(uid, cb)
8d7e2786 BA	57	{
	58	// Also empty the login token to invalidate future attempts
	59	db.serialize(function() {
8a477a7e	60	const querySessionTOken =
0bd5933d BA	61	"SELECT sessionToken " +
0bd5933d BA	62	"FROM Users " +
8a477a7e BA	63	"WHERE id = " + uid;
	64	db.get(querySessionToken, (err,token) => {
	65	if (!!err)
	66	return cb(err);
	67	const newToken = token \|\| TokenGen.generate(params.token.length);
	68	const queryUpdate =
	69	"UPDATE Users " +
	70	"SET loginToken = NULL " +
	71	(!token ? "AND sessionToken = " + newToken + " " : "") +
	72	"WHERE id = " + uid;
	73	db.run(queryUpdate);
0bd5933d BA	74	cb(null, newToken);
0bd5933d BA	75	});
8d7e2786 BA	76	});
	77	}
	78
0bd5933d	79	exports.updateSettings = function(user, cb)
8d7e2786 BA	80	{
8d7e2786 BA	81	db.serialize(function() {
8a477a7e	82	const query =
8d7e2786	83	"UPDATE Users " +
0bd5933d BA	84	"SET name = " + user.name +
	85	" AND email = " + user.email +
	86	" AND notify = " + user.notify + " " +
8a477a7e BA	87	"WHERE id = " + user._id;
8a477a7e BA	88	db.run(query, cb);
8d7e2786 BA	89	});
8d7e2786 BA	90	}