[vchess.git] / routes / users.js

var router = require("express").Router();
var UserModel = require('../models/User');
var sendEmail = require('../utils/mailer');
var TokenGen = require("../utils/tokenGenerator");
var access = require("../utils/access");
var params = require("../config/parameters");

// to: object user
function setAndSendLoginToken(subject, to, res)
{
	// Set login token and send welcome(back) email with auth link
	let token = TokenGen.generate(params.token.length);
	UserModel.setLoginToken(token, to._id, (err,ret) => {
		access.checkRequest(res, err, ret, "Cannot set login token", () => {
			const body =
				"Hello " + to.initials + "!\n" +
				"Access your account here: " +
				params.siteURL + "/authenticate?token=" + token + "\\n" +
				"Token will expire in " + params.token.expire/(1000*60) + " minutes."
			sendEmail(params.mail.from, to.email, subject, body, err => {
				res.json(err || {});
			});
		});
	});
}

// AJAX user life cycle...

router.post('/register', access.unlogged, access.ajax, (req,res) => {
	let name = decodeURIComponent(req.body.name);
	let email = decodeURIComponent(req.body.email);
	let error = checkObject({name:name, email:email}, "User");
	if (error.length > 0)
		return res.json({errmsg: error});
	UserModel.create(name, email, (err,user) => {
		access.checkRequest(res, err, user, "Registration failed", () => {
			setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
		});
	});
});

router.put('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	let email = decodeURIComponent(req.body.email);
	let error = checkObject({email:email}, "User");
	if (error.length > 0)
		return res.json({errmsg: error});
	UserModel.getOne("email", email, (err,user) => {
		access.checkRequest(res, err, user, "Unknown user", () => {
			setAndSendLoginToken("Token for " + params.siteURL, user, res);
		});
	});
});

router.get('/authenticate', access.unlogged, (req,res) => {
	UserModel.getByLoginToken(req.query.token, (err,user) => {
		access.checkRequest(res, err, user, "Invalid token", () => {
			let tsNow = Date.now();
			// If token older than params.tokenExpire, do nothing
			if (Date.now() > user.loginTime + params.token.expire)
				return res.json({errmsg: "Token expired"});
			// Generate session token (if not exists) + destroy login token
			UserModel.trySetSessionToken(user._id, (err,token) => {
				if (!!err)
					return res.json(err);
				// Set cookie
				res.cookie("token", token, {
					httpOnly: true,
					secure: true,
					maxAge: params.cookieExpire
				});
				res.redirect("/");
			});
		});
	});
});

router.put('/settings', access.logged, access.ajax, (req,res) => {
	const user = JSON.parse(req.body.user);
	// TODO: either verify email + name, or re-apply the following logic:
	//let error = checkObject(user, "User");
	//if (error.length > 0)
	//	return res.json({errmsg: error});
	user._id = req.user._id; //TODO:
	UserModel.updateSettings(user, (err,ret) => {
		access.checkRequest(res, err, ret, "Settings update failed", () => {
			res.json({});
		});
	});
});

// Logout on server because the token cookie is secured + http-only
router.get('/logout', access.logged, (req,res) => {
	res.clearCookie("token");
	res.redirect('/');
});

module.exports = router;
Commit	Line	Data
8d7e2786 BA	1	var router = require("express").Router();
8d7e2786 BA	2	var UserModel = require('../models/User');
0bd5933d	3	var sendEmail = require('../utils/mailer');
8d7e2786 BA	4	var TokenGen = require("../utils/tokenGenerator");
8d7e2786 BA	5	var access = require("../utils/access");
0bd5933d	6	var params = require("../config/parameters");
8d7e2786 BA	7
	8	// to: object user
	9	function setAndSendLoginToken(subject, to, res)
	10	{
	11	// Set login token and send welcome(back) email with auth link
	12	let token = TokenGen.generate(params.token.length);
0bd5933d	13	UserModel.setLoginToken(token, to._id, (err,ret) => {
8d7e2786	14	access.checkRequest(res, err, ret, "Cannot set login token", () => {
0bd5933d BA	15	const body =
	16	"Hello " + to.initials + "!\n" +
	17	"Access your account here: " +
	18	params.siteURL + "/authenticate?token=" + token + "\\n" +
	19	"Token will expire in " + params.token.expire/(1000*60) + " minutes."
	20	sendEmail(params.mail.from, to.email, subject, body, err => {
8d7e2786 BA	21	res.json(err \|\| {});
	22	});
	23	});
	24	});
	25	}
	26
	27	// AJAX user life cycle...
	28
	29	router.post('/register', access.unlogged, access.ajax, (req,res) => {
	30	let name = decodeURIComponent(req.body.name);
	31	let email = decodeURIComponent(req.body.email);
	32	let error = checkObject({name:name, email:email}, "User");
	33	if (error.length > 0)
	34	return res.json({errmsg: error});
	35	UserModel.create(name, email, (err,user) => {
	36	access.checkRequest(res, err, user, "Registration failed", () => {
8d7e2786 BA	37	setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
	38	});
	39	});
	40	});
	41
	42	router.put('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	43	let email = decodeURIComponent(req.body.email);
	44	let error = checkObject({email:email}, "User");
8d7e2786 BA	45	if (error.length > 0)
8d7e2786 BA	46	return res.json({errmsg: error});
0bd5933d	47	UserModel.getOne("email", email, (err,user) => {
8d7e2786 BA	48	access.checkRequest(res, err, user, "Unknown user", () => {
	49	setAndSendLoginToken("Token for " + params.siteURL, user, res);
	50	});
	51	});
	52	});
	53
	54	router.get('/authenticate', access.unlogged, (req,res) => {
	55	UserModel.getByLoginToken(req.query.token, (err,user) => {
	56	access.checkRequest(res, err, user, "Invalid token", () => {
0bd5933d	57	let tsNow = Date.now();
8d7e2786	58	// If token older than params.tokenExpire, do nothing
0bd5933d	59	if (Date.now() > user.loginTime + params.token.expire)
8d7e2786	60	return res.json({errmsg: "Token expired"});
0bd5933d BA	61	// Generate session token (if not exists) + destroy login token
0bd5933d BA	62	UserModel.trySetSessionToken(user._id, (err,token) => {
8d7e2786 BA	63	if (!!err)
	64	return res.json(err);
	65	// Set cookie
	66	res.cookie("token", token, {
	67	httpOnly: true,
0bd5933d	68	secure: true,
8d7e2786 BA	69	maxAge: params.cookieExpire
	70	});
	71	res.redirect("/");
	72	});
	73	});
	74	});
	75	});
	76
	77	router.put('/settings', access.logged, access.ajax, (req,res) => {
0bd5933d BA	78	const user = JSON.parse(req.body.user);
	79	// TODO: either verify email + name, or re-apply the following logic:
	80	//let error = checkObject(user, "User");
	81	//if (error.length > 0)
	82	// return res.json({errmsg: error});
	83	user._id = req.user._id; //TODO:
8d7e2786 BA	84	UserModel.updateSettings(user, (err,ret) => {
	85	access.checkRequest(res, err, ret, "Settings update failed", () => {
	86	res.json({});
	87	});
	88	});
	89	});
	90
0bd5933d	91	// Logout on server because the token cookie is secured + http-only
8d7e2786	92	router.get('/logout', access.logged, (req,res) => {
0bd5933d BA	93	res.clearCookie("token");
0bd5933d BA	94	res.redirect('/');
8d7e2786 BA	95	});
	96
	97	module.exports = router;