Advance on users management. TODO: routes/users + debug + test
[vchess.git] / routes / users.js
CommitLineData
8d7e2786
BA
1var router = require("express").Router();
2var UserModel = require('../models/User');
3var maild = require('../utils/mailer');
4var TokenGen = require("../utils/tokenGenerator");
5var access = require("../utils/access");
6
7// to: object user
8function setAndSendLoginToken(subject, to, res)
9{
10 // Set login token and send welcome(back) email with auth link
11 let token = TokenGen.generate(params.token.length);
12 UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
13 access.checkRequest(res, err, ret, "Cannot set login token", () => {
14 maild.send({
15 from: params.mail.from,
16 to: to.email,
17 subject: subject,
18 body: "Hello " + to.initials + "!\n" +
19 "Access your account here: " +
20 params.siteURL + "/authenticate?token=" + token + "\\n" +
21 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
22 }, err => {
23 res.json(err || {});
24 });
25 });
26 });
27}
28
29// AJAX user life cycle...
30
31router.post('/register', access.unlogged, access.ajax, (req,res) => {
32 let name = decodeURIComponent(req.body.name);
33 let email = decodeURIComponent(req.body.email);
34 let error = checkObject({name:name, email:email}, "User");
35 if (error.length > 0)
36 return res.json({errmsg: error});
37 UserModel.create(name, email, (err,user) => {
38 access.checkRequest(res, err, user, "Registration failed", () => {
39 user.ip = req.ip;
40 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
41 });
42 });
43});
44
45router.put('/sendtoken', access.unlogged, access.ajax, (req,res) => {
46 let email = decodeURIComponent(req.body.email);
47 let error = checkObject({email:email}, "User");
48 console.log(email)
49 if (error.length > 0)
50 return res.json({errmsg: error});
51 UserModel.getByEmail(email, (err,user) => {
52 access.checkRequest(res, err, user, "Unknown user", () => {
53 setAndSendLoginToken("Token for " + params.siteURL, user, res);
54 });
55 });
56});
57
58router.get('/authenticate', access.unlogged, (req,res) => {
59 UserModel.getByLoginToken(req.query.token, (err,user) => {
60 access.checkRequest(res, err, user, "Invalid token", () => {
61 if (user.loginToken.ip != req.ip)
62 return res.json({errmsg: "IP address mismatch"});
63 let now = new Date();
64 let tsNow = now.getTime();
65 // If token older than params.tokenExpire, do nothing
66 if (user.loginToken.timestamp + params.token.expire < tsNow)
67 return res.json({errmsg: "Token expired"});
68 // Generate and update session token + destroy login token
69 let token = TokenGen.generate(params.token.length);
70 UserModel.setSessionToken(token, user._id, (err,ret) => {
71 if (!!err)
72 return res.json(err);
73 // Set cookie
74 res.cookie("token", token, {
75 httpOnly: true,
76 maxAge: params.cookieExpire
77 });
78 res.redirect("/");
79 });
80 });
81 });
82});
83
84router.put('/settings', access.logged, access.ajax, (req,res) => {
85 let user = JSON.parse(req.body.user);
86 let error = checkObject(user, "User");
87 if (error.length > 0)
88 return res.json({errmsg: error});
89 user._id = ObjectID(req.user._id);
90 UserModel.updateSettings(user, (err,ret) => {
91 access.checkRequest(res, err, ret, "Settings update failed", () => {
92 res.json({});
93 });
94 });
95});
96
97router.get('/logout', access.logged, (req,res) => {
98 // TODO: cookie + redirect is enough (https, secure cookie
99 // https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/ )
100 UserModel.logout(req.cookies.token, (err,ret) => {
101 access.checkRequest(res, err, ret, "Logout failed", () => {
102 res.clearCookie("token");
103 req.user = null;
104 res.redirect('/');
105 });
106 });
107});
108
109module.exports = router;