Some debug, all components enabled (but not finished: socket+AJAX missing)
[vchess.git] / routes / users.js
CommitLineData
582df349
BA
1// AJAX methods to get, create, update or delete a user
2
8d7e2786
BA
3var router = require("express").Router();
4var UserModel = require('../models/User');
0bd5933d 5var sendEmail = require('../utils/mailer');
8d7e2786
BA
6var TokenGen = require("../utils/tokenGenerator");
7var access = require("../utils/access");
0bd5933d 8var params = require("../config/parameters");
8a477a7e 9var checkNameEmail = require("../public/javascripts/shared/userCheck")
8d7e2786 10
c018b304 11// to: object user (to who we send an email)
8d7e2786
BA
12function setAndSendLoginToken(subject, to, res)
13{
14 // Set login token and send welcome(back) email with auth link
c018b304
BA
15 const token = TokenGen.generate(params.token.length);
16 UserModel.setLoginToken(token, to.id, err => {
17 if (!!err)
18 return res.json({errmsg: err.toString()});
19 const body =
20 "Hello " + to.name + "!\n" +
21 "Access your account here: " +
22 params.siteURL + "/authenticate?token=" + token + "\\n" +
23 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
24 sendEmail(params.mail.noreply, to.email, subject, body, err => {
25 res.json(err || {});
8d7e2786
BA
26 });
27 });
28}
29
8d7e2786 30router.post('/register', access.unlogged, access.ajax, (req,res) => {
8a477a7e
BA
31 const name = req.body.name;
32 const email = req.body.email;
33 const notify = !!req.body.notify;
34 const error = checkNameEmail({name: name, email: email});
35 if (!!error)
8d7e2786 36 return res.json({errmsg: error});
c018b304
BA
37 UserModel.create(name, email, notify, (err,uid) => {
38 if (!!err)
39 return res.json({errmsg: err.toString()});
40 const user = {
41 id: uid["rowid"],
42 name: name,
43 email: email,
44 };
45 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
8d7e2786
BA
46 });
47});
48
8a477a7e
BA
49router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
50 const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
51 const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
52 const error = checkNameEmail({[type]: nameOrEmail});
53 if (!!error)
8d7e2786 54 return res.json({errmsg: error});
8a477a7e 55 UserModel.getOne(type, nameOrEmail, (err,user) => {
8d7e2786
BA
56 access.checkRequest(res, err, user, "Unknown user", () => {
57 setAndSendLoginToken("Token for " + params.siteURL, user, res);
58 });
59 });
60});
61
62router.get('/authenticate', access.unlogged, (req,res) => {
c018b304 63 UserModel.getOne("loginToken", req.query.token, (err,user) => {
8d7e2786 64 access.checkRequest(res, err, user, "Invalid token", () => {
8d7e2786 65 // If token older than params.tokenExpire, do nothing
0bd5933d 66 if (Date.now() > user.loginTime + params.token.expire)
8d7e2786 67 return res.json({errmsg: "Token expired"});
0bd5933d 68 // Generate session token (if not exists) + destroy login token
c018b304 69 UserModel.trySetSessionToken(user.id, (err,token) => {
8d7e2786 70 if (!!err)
c018b304 71 return res.json({errmsg: err.toString()});
8d7e2786
BA
72 // Set cookie
73 res.cookie("token", token, {
74 httpOnly: true,
c018b304
BA
75 secure: !!params.siteURL.match(/^https/),
76 maxAge: params.cookieExpire,
8d7e2786
BA
77 });
78 res.redirect("/");
79 });
80 });
81 });
82});
83
c018b304
BA
84router.put('/update', access.logged, access.ajax, (req,res) => {
85 const name = req.body.name;
86 const email = req.body.email;
87 const error = checkNameEmail({name: name, email: email});
8a477a7e
BA
88 if (!!error)
89 return res.json({errmsg: error});
c018b304
BA
90 const user = {
91 id: req.userId,
92 name: name,
93 email: email,
94 notify: !!req.body.notify,
95 };
96 UserModel.updateSettings(user, err => {
97 res.json(err ? {errmsg: err.toString()} : {});
8d7e2786
BA
98 });
99});
100
c018b304 101// Logout on server because the token cookie is httpOnly
8d7e2786 102router.get('/logout', access.logged, (req,res) => {
0bd5933d
BA
103 res.clearCookie("token");
104 res.redirect('/');
8d7e2786
BA
105});
106
107module.exports = router;