models/User.js

   1 var db = require("../utils/database");
   2 var maild = require("../utils/mailer.js");
   3 var TokenGen = require("../utils/tokenGenerator");
   4 var params = require("../config/parameters");
   5
   6 /*
   7  * Structure:
   8  *   _id: integer
   9  *   name: varchar
  10  *   email: varchar
  11  *   loginToken: token on server only
  12  *   loginTime: datetime (validity)
  13  *   sessionToken: token in cookies for authentication
  14  *   notify: boolean (send email notifications for corr games)
  15  */
  16
  17 // User creation
  18 exports.create = function(name, email, notify, callback)
  19 {
  20     db.serialize(function() {
  21         const insertQuery =
  22             "INSERT INTO Users " +
  23             "(name, email, notify) VALUES " +
  24             "('" + name + "', '" + email + "', " + notify + ")";
  25         db.run(insertQuery, err => {
  26             if (!!err)
  27                 return callback(err);
  28             db.get("SELECT last_insert_rowid() AS rowid", callback);
  29         });
  30     });
  31 }
  32
  33 // Find one user (by id, name, email, or token)
  34 exports.getOne = function(by, value, cb)
  35 {
  36     const delimiter = (typeof value === "string" ? "'" : "");
  37     db.serialize(function() {
  38         const query =
  39             "SELECT * " +
  40             "FROM Users " +
  41             "WHERE " + by + " = " + delimiter + value + delimiter;
  42         db.get(query, cb);
  43     });
  44 }
  45
  46 /////////
  47 // MODIFY
  48
  49 exports.setLoginToken = function(token, uid, cb)
  50 {
  51     db.serialize(function() {
  52         const query =
  53             "UPDATE Users " +
  54             "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
  55             "WHERE id = " + uid;
  56         db.run(query, cb);
  57     });
  58 }
  59
  60 // Set session token only if empty (first login)
  61 // TODO: weaker security (but avoid to re-login everywhere after each logout)
  62 exports.trySetSessionToken = function(uid, cb)
  63 {
  64     // Also empty the login token to invalidate future attempts
  65     db.serialize(function() {
  66         const querySessionToken =
  67             "SELECT sessionToken " +
  68             "FROM Users " +
  69             "WHERE id = " + uid;
  70         db.get(querySessionToken, (err,ret) => {
  71             if (!!err)
  72                 return cb(err);
  73             const token = ret.sessionToken || TokenGen.generate(params.token.length);
  74             const queryUpdate =
  75                 "UPDATE Users " +
  76                 "SET loginToken = NULL" +
  77                 (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
  78                 "WHERE id = " + uid;
  79             db.run(queryUpdate);
  80             cb(null, token);
  81         });
  82     });
  83 }
  84
  85 exports.updateSettings = function(user, cb)
  86 {
  87     db.serialize(function() {
  88         const query =
  89             "UPDATE Users " +
  90             "SET name = '" + user.name + "'" +
  91             ", email = '" + user.email + "'" +
  92             ", notify = " + user.notify + " " +
  93             "WHERE id = " + user.id;
  94         db.run(query, cb);
  95     });
  96 }