[vchess.git] / models / User.js

var db = require("../utils/database");
var maild = require("../utils/mailer.js");
var genToken = require("../utils/tokenGenerator");
var params = require("../config/parameters");

/*
 * Structure:
 *   _id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 */

// NOTE: parameters are already cleaned (in controller), thus no sanitization here
exports.create = function(name, email, notify, callback)
{
	db.serialize(function() {
		const insertQuery =
			"INSERT INTO Users " +
			"(name, email, notify) VALUES " +
			"('" + name + "', '" + email + "', " + notify + ")";
		db.run(insertQuery, err => {
			if (!!err)
				return callback(err);
			db.get("SELECT last_insert_rowid() AS rowid", callback);
		});
	});
}

// Find one user (by id, name, email, or token)
exports.getOne = function(by, value, cb)
{
	const delimiter = (typeof value === "string" ? "'" : "");
	db.serialize(function() {
		const query =
			"SELECT * " +
			"FROM Users " +
			"WHERE " + by + " = " + delimiter + value + delimiter;
		db.get(query, cb);
	});
}

/////////
// MODIFY

exports.setLoginToken = function(token, uid, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
			"WHERE id = " + uid;
		db.run(query, cb);
	});
}

// Set session token only if empty (first login)
// TODO: weaker security (but avoid to re-login everywhere after each logout)
exports.trySetSessionToken = function(uid, cb)
{
	// Also empty the login token to invalidate future attempts
	db.serialize(function() {
		const querySessionToken =
			"SELECT sessionToken " +
			"FROM Users " +
			"WHERE id = " + uid;
		db.get(querySessionToken, (err,ret) => {
			if (!!err)
				return cb(err);
			const token = ret.sessionToken || genToken(params.token.length);
			const queryUpdate =
				"UPDATE Users " +
				"SET loginToken = NULL" +
				(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
				"WHERE id = " + uid;
			db.run(queryUpdate);
			cb(null, token);
		});
	});
}

exports.updateSettings = function(user, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET name = '" + user.name + "'" +
			", email = '" + user.email + "'" +
			", notify = " + user.notify + " " +
			"WHERE id = " + user.id;
		db.run(query, cb);
	});
}
Commit	Line	Data
	1	var db = require("../utils/database");
	2	var maild = require("../utils/mailer.js");
	3	var genToken = require("../utils/tokenGenerator");
	4	var params = require("../config/parameters");
	5
	6	/*
	7	* Structure:
	8	* _id: integer
	9	* name: varchar
	10	* email: varchar
	11	* loginToken: token on server only
	12	* loginTime: datetime (validity)
	13	* sessionToken: token in cookies for authentication
	14	* notify: boolean (send email notifications for corr games)
	15	*/
	16
	17	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
	18	exports.create = function(name, email, notify, callback)
	19	{
	20	db.serialize(function() {
	21	const insertQuery =
	22	"INSERT INTO Users " +
	23	"(name, email, notify) VALUES " +
	24	"('" + name + "', '" + email + "', " + notify + ")";
	25	db.run(insertQuery, err => {
	26	if (!!err)
	27	return callback(err);
	28	db.get("SELECT last_insert_rowid() AS rowid", callback);
	29	});
	30	});
	31	}
	32
	33	// Find one user (by id, name, email, or token)
	34	exports.getOne = function(by, value, cb)
	35	{
	36	const delimiter = (typeof value === "string" ? "'" : "");
	37	db.serialize(function() {
	38	const query =
	39	"SELECT * " +
	40	"FROM Users " +
	41	"WHERE " + by + " = " + delimiter + value + delimiter;
	42	db.get(query, cb);
	43	});
	44	}
	45
	46	/////////
	47	// MODIFY
	48
	49	exports.setLoginToken = function(token, uid, cb)
	50	{
	51	db.serialize(function() {
	52	const query =
	53	"UPDATE Users " +
	54	"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
	55	"WHERE id = " + uid;
	56	db.run(query, cb);
	57	});
	58	}
	59
	60	// Set session token only if empty (first login)
	61	// TODO: weaker security (but avoid to re-login everywhere after each logout)
	62	exports.trySetSessionToken = function(uid, cb)
	63	{
	64	// Also empty the login token to invalidate future attempts
	65	db.serialize(function() {
	66	const querySessionToken =
	67	"SELECT sessionToken " +
	68	"FROM Users " +
	69	"WHERE id = " + uid;
	70	db.get(querySessionToken, (err,ret) => {
	71	if (!!err)
	72	return cb(err);
	73	const token = ret.sessionToken \|\| genToken(params.token.length);
	74	const queryUpdate =
	75	"UPDATE Users " +
	76	"SET loginToken = NULL" +
	77	(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
	78	"WHERE id = " + uid;
	79	db.run(queryUpdate);
	80	cb(null, token);
	81	});
	82	});
	83	}
	84
	85	exports.updateSettings = function(user, cb)
	86	{
	87	db.serialize(function() {
	88	const query =
	89	"UPDATE Users " +
	90	"SET name = '" + user.name + "'" +
	91	", email = '" + user.email + "'" +
	92	", notify = " + user.notify + " " +
	93	"WHERE id = " + user.id;
	94	db.run(query, cb);
	95	});
	96	}