Advance on corr game start
[vchess.git] / server / routes / users.js
CommitLineData
582df349
BA
1// AJAX methods to get, create, update or delete a user
2
8d7e2786
BA
3var router = require("express").Router();
4var UserModel = require('../models/User');
0bd5933d 5var sendEmail = require('../utils/mailer');
badeb466 6var genToken = require("../utils/tokenGenerator");
8d7e2786 7var access = require("../utils/access");
0bd5933d 8var params = require("../config/parameters");
8d7e2786 9
a7f9f050
BA
10router.get("/whoami", access.ajax, (req,res) => {
11 const callback = (user) => {
12 return res.json({
13 name: user.name,
14 email: user.email,
15 id: user.id,
16 notify: user.notify,
17 });
18 };
19 const anonymous = {name:"", email:"", id:0, notify:false};
a7f9f050
BA
20 if (!req.cookies.token)
21 return callback(anonymous);
22 UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
23 if (!!err || !user)
24 callback(anonymous);
25 else (!!user)
26 callback(user);
27 });
28});
29
bebcc8d4 30router.get("/users", access.ajax, (req,res) => {
ed9c9c37
BA
31 const ids = req.query["ids"];
32 UserModel.getByIds(ids, (err,users) => {
33 if (!!err)
34 return res.json({errmsg: err.toString()});
35 return res.json({users:users});
36 });
bebcc8d4
BA
37});
38
c018b304 39// to: object user (to who we send an email)
8d7e2786
BA
40function setAndSendLoginToken(subject, to, res)
41{
42 // Set login token and send welcome(back) email with auth link
badeb466 43 const token = genToken(params.token.length);
c018b304
BA
44 UserModel.setLoginToken(token, to.id, err => {
45 if (!!err)
46 return res.json({errmsg: err.toString()});
47 const body =
2be5d614 48 "Hello " + to.name + "!\\n" +
c018b304 49 "Access your account here: " +
1aeed627 50 params.siteURL + "/#/authenticate/" + token + "\\n" +
c018b304
BA
51 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
52 sendEmail(params.mail.noreply, to.email, subject, body, err => {
deca03e8 53 res.json(err || {});
8d7e2786
BA
54 });
55 });
56}
57
8d7e2786 58router.post('/register', access.unlogged, access.ajax, (req,res) => {
8a477a7e
BA
59 const name = req.body.name;
60 const email = req.body.email;
61 const notify = !!req.body.notify;
98db2082 62 const error = UserModel.checkNameEmail({name: name, email: email});
8a477a7e 63 if (!!error)
8d7e2786 64 return res.json({errmsg: error});
c018b304
BA
65 UserModel.create(name, email, notify, (err,uid) => {
66 if (!!err)
67 return res.json({errmsg: err.toString()});
68 const user = {
69 id: uid["rowid"],
70 name: name,
71 email: email,
72 };
73 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
8d7e2786
BA
74 });
75});
76
8a477a7e
BA
77router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
78 const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
79 const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
98db2082 80 const error = UserModel.checkNameEmail({[type]: nameOrEmail});
8a477a7e 81 if (!!error)
8d7e2786 82 return res.json({errmsg: error});
8a477a7e 83 UserModel.getOne(type, nameOrEmail, (err,user) => {
8d7e2786
BA
84 access.checkRequest(res, err, user, "Unknown user", () => {
85 setAndSendLoginToken("Token for " + params.siteURL, user, res);
86 });
87 });
88});
89
1aeed627
BA
90router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
91 UserModel.getOne("loginToken", req.query.token, (err,user) => {
8d7e2786 92 access.checkRequest(res, err, user, "Invalid token", () => {
98f48579 93 // If token older than params.tokenExpire, do nothing
0bd5933d 94 if (Date.now() > user.loginTime + params.token.expire)
8d7e2786 95 return res.json({errmsg: "Token expired"});
0bd5933d 96 // Generate session token (if not exists) + destroy login token
c018b304 97 UserModel.trySetSessionToken(user.id, (err,token) => {
8d7e2786 98 if (!!err)
c018b304 99 return res.json({errmsg: err.toString()});
8d7e2786 100 // Set cookie
a7f9f050 101 res.cookie("token", token, {
8d7e2786 102 httpOnly: true,
c018b304
BA
103 secure: !!params.siteURL.match(/^https/),
104 maxAge: params.cookieExpire,
8d7e2786 105 });
a7f9f050
BA
106 res.json({
107 id: user.id,
108 name: user.name,
109 email: user.email,
110 notify: user.notify,
111 });
8d7e2786
BA
112 });
113 });
114 });
115});
116
c018b304
BA
117router.put('/update', access.logged, access.ajax, (req,res) => {
118 const name = req.body.name;
119 const email = req.body.email;
98db2082 120 const error = UserModel.checkNameEmail({name: name, email: email});
8a477a7e
BA
121 if (!!error)
122 return res.json({errmsg: error});
c018b304
BA
123 const user = {
124 id: req.userId,
125 name: name,
126 email: email,
127 notify: !!req.body.notify,
128 };
129 UserModel.updateSettings(user, err => {
130 res.json(err ? {errmsg: err.toString()} : {});
8d7e2786
BA
131 });
132});
133
1aeed627 134router.get('/logout', access.logged, access.ajax, (req,res) => {
0bd5933d 135 res.clearCookie("token");
1aeed627 136 res.json({});
8d7e2786
BA
137});
138
139module.exports = router;