[vchess.git] / server / models / User.js

var db = require("../utils/database");
var maild = require("../utils/mailer.js");
var genToken = require("../utils/tokenGenerator");
var params = require("../config/parameters");

/*
 * Structure:
 *   _id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 */

const UserModel =
{
	checkNameEmail: function(o)
	{
		if (typeof o.name === "string")
		{
			if (o.name.length == 0)
				return "Empty name";
			if (!o.name.match(/^[\w]+$/))
				return "Bad characters in name";
		}
		if (typeof o.email === "string")
		{
			if (o.email.length == 0)
				return "Empty email";
			if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
				return "Bad characters in email";
		}
	},

	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
	create: function(name, email, notify, callback)
	{
		db.serialize(function() {
			const insertQuery =
				"INSERT INTO Users " +
				"(name, email, notify) VALUES " +
				"('" + name + "', '" + email + "', " + notify + ")";
			db.run(insertQuery, err => {
				if (!!err)
					return callback(err);
				db.get("SELECT last_insert_rowid() AS rowid", callback);
			});
		});
	},

	// Find one user (by id, name, email, or token)
	getOne: function(by, value, cb)
	{
		const delimiter = (typeof value === "string" ? "'" : "");
		db.serialize(function() {
			const query =
				"SELECT * " +
				"FROM Users " +
				"WHERE " + by + " = " + delimiter + value + delimiter;
			db.get(query, cb);
		});
	},

	/////////
	// MODIFY

	setLoginToken: function(token, uid, cb)
	{
		db.serialize(function() {
			const query =
				"UPDATE Users " +
				"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
				"WHERE id = " + uid;
			db.run(query, cb);
		});
	},

	// Set session token only if empty (first login)
	// TODO: weaker security (but avoid to re-login everywhere after each logout)
	trySetSessionToken: function(uid, cb)
	{
		// Also empty the login token to invalidate future attempts
		db.serialize(function() {
			const querySessionToken =
				"SELECT sessionToken " +
				"FROM Users " +
				"WHERE id = " + uid;
			db.get(querySessionToken, (err,ret) => {
				if (!!err)
					return cb(err);
				const token = ret.sessionToken || genToken(params.token.length);
				const queryUpdate =
					"UPDATE Users " +
					"SET loginToken = NULL" +
					(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
					"WHERE id = " + uid;
				db.run(queryUpdate);
				cb(null, token);
			});
		});
	},

	updateSettings: function(user, cb)
	{
		db.serialize(function() {
			const query =
				"UPDATE Users " +
				"SET name = '" + user.name + "'" +
				", email = '" + user.email + "'" +
				", notify = " + user.notify + " " +
				"WHERE id = " + user.id;
			db.run(query, cb);
		});
	},
}

module.exports = UserModel;
Commit	Line	Data
8d7e2786 BA	1	var db = require("../utils/database");
8d7e2786 BA	2	var maild = require("../utils/mailer.js");
badeb466	3	var genToken = require("../utils/tokenGenerator");
c018b304	4	var params = require("../config/parameters");
8d7e2786 BA	5
	6	/*
	7	* Structure:
	8	* _id: integer
	9	* name: varchar
	10	* email: varchar
	11	* loginToken: token on server only
	12	* loginTime: datetime (validity)
	13	* sessionToken: token in cookies for authentication
	14	* notify: boolean (send email notifications for corr games)
	15	*/
	16
ab4f4bf2	17	const UserModel =
8d7e2786	18	{
98db2082 BA	19	checkNameEmail: function(o)
	20	{
	21	if (typeof o.name === "string")
	22	{
	23	if (o.name.length == 0)
	24	return "Empty name";
	25	if (!o.name.match(/^[\w]+$/))
	26	return "Bad characters in name";
	27	}
	28	if (typeof o.email === "string")
	29	{
	30	if (o.email.length == 0)
	31	return "Empty email";
	32	if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
	33	return "Bad characters in email";
	34	}
	35	},
	36
ab4f4bf2 BA	37	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
	38	create: function(name, email, notify, callback)
	39	{
	40	db.serialize(function() {
	41	const insertQuery =
	42	"INSERT INTO Users " +
	43	"(name, email, notify) VALUES " +
	44	"('" + name + "', '" + email + "', " + notify + ")";
	45	db.run(insertQuery, err => {
	46	if (!!err)
	47	return callback(err);
	48	db.get("SELECT last_insert_rowid() AS rowid", callback);
	49	});
c018b304	50	});
ab4f4bf2	51	},
8d7e2786	52
ab4f4bf2 BA	53	// Find one user (by id, name, email, or token)
	54	getOne: function(by, value, cb)
	55	{
	56	const delimiter = (typeof value === "string" ? "'" : "");
	57	db.serialize(function() {
	58	const query =
	59	"SELECT * " +
	60	"FROM Users " +
	61	"WHERE " + by + " = " + delimiter + value + delimiter;
	62	db.get(query, cb);
	63	});
	64	},
8d7e2786	65
ab4f4bf2 BA	66	/////////
ab4f4bf2 BA	67	// MODIFY
8d7e2786	68
ab4f4bf2 BA	69	setLoginToken: function(token, uid, cb)
	70	{
	71	db.serialize(function() {
	72	const query =
8a477a7e	73	"UPDATE Users " +
ab4f4bf2	74	"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
8a477a7e	75	"WHERE id = " + uid;
ab4f4bf2	76	db.run(query, cb);
0bd5933d	77	});
ab4f4bf2	78	},
8d7e2786	79
ab4f4bf2 BA	80	// Set session token only if empty (first login)
	81	// TODO: weaker security (but avoid to re-login everywhere after each logout)
	82	trySetSessionToken: function(uid, cb)
	83	{
	84	// Also empty the login token to invalidate future attempts
	85	db.serialize(function() {
	86	const querySessionToken =
	87	"SELECT sessionToken " +
	88	"FROM Users " +
	89	"WHERE id = " + uid;
	90	db.get(querySessionToken, (err,ret) => {
	91	if (!!err)
	92	return cb(err);
	93	const token = ret.sessionToken \|\| genToken(params.token.length);
	94	const queryUpdate =
	95	"UPDATE Users " +
	96	"SET loginToken = NULL" +
	97	(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
	98	"WHERE id = " + uid;
	99	db.run(queryUpdate);
	100	cb(null, token);
	101	});
	102	});
	103	},
	104
	105	updateSettings: function(user, cb)
	106	{
	107	db.serialize(function() {
	108	const query =
	109	"UPDATE Users " +
	110	"SET name = '" + user.name + "'" +
	111	", email = '" + user.email + "'" +
	112	", notify = " + user.notify + " " +
	113	"WHERE id = " + user.id;
	114	db.run(query, cb);
	115	});
	116	},
8d7e2786	117	}
ab4f4bf2 BA	118
ab4f4bf2 BA	119	module.exports = UserModel;