Finished User management implementation
[vchess.git] / routes / users.js
1 var router = require("express").Router();
2 var UserModel = require('../models/User');
3 var sendEmail = require('../utils/mailer');
4 var TokenGen = require("../utils/tokenGenerator");
5 var access = require("../utils/access");
6 var params = require("../config/parameters");
7 var checkNameEmail = require("../public/javascripts/shared/userCheck")
8
9 // to: object user (to who we send an email)
10 function setAndSendLoginToken(subject, to, res)
11 {
12 // Set login token and send welcome(back) email with auth link
13 const token = TokenGen.generate(params.token.length);
14 UserModel.setLoginToken(token, to.id, err => {
15 if (!!err)
16 return res.json({errmsg: err.toString()});
17 const body =
18 "Hello " + to.name + "!\n" +
19 "Access your account here: " +
20 params.siteURL + "/authenticate?token=" + token + "\\n" +
21 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
22 sendEmail(params.mail.noreply, to.email, subject, body, err => {
23 res.json(err || {});
24 });
25 });
26 }
27
28 // AJAX user life cycle...
29
30 router.post('/register', access.unlogged, access.ajax, (req,res) => {
31 const name = req.body.name;
32 const email = req.body.email;
33 const notify = !!req.body.notify;
34 const error = checkNameEmail({name: name, email: email});
35 if (!!error)
36 return res.json({errmsg: error});
37 UserModel.create(name, email, notify, (err,uid) => {
38 if (!!err)
39 return res.json({errmsg: err.toString()});
40 const user = {
41 id: uid["rowid"],
42 name: name,
43 email: email,
44 };
45 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
46 });
47 });
48
49 router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
50 const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
51 const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
52 const error = checkNameEmail({[type]: nameOrEmail});
53 if (!!error)
54 return res.json({errmsg: error});
55 UserModel.getOne(type, nameOrEmail, (err,user) => {
56 access.checkRequest(res, err, user, "Unknown user", () => {
57 setAndSendLoginToken("Token for " + params.siteURL, user, res);
58 });
59 });
60 });
61
62 router.get('/authenticate', access.unlogged, (req,res) => {
63 UserModel.getOne("loginToken", req.query.token, (err,user) => {
64 access.checkRequest(res, err, user, "Invalid token", () => {
65 // If token older than params.tokenExpire, do nothing
66 if (Date.now() > user.loginTime + params.token.expire)
67 return res.json({errmsg: "Token expired"});
68 // Generate session token (if not exists) + destroy login token
69 UserModel.trySetSessionToken(user.id, (err,token) => {
70 if (!!err)
71 return res.json({errmsg: err.toString()});
72 // Set cookie
73 res.cookie("token", token, {
74 httpOnly: true,
75 secure: !!params.siteURL.match(/^https/),
76 maxAge: params.cookieExpire,
77 });
78 res.redirect("/");
79 });
80 });
81 });
82 });
83
84 router.put('/update', access.logged, access.ajax, (req,res) => {
85 const name = req.body.name;
86 const email = req.body.email;
87 const error = checkNameEmail({name: name, email: email});
88 if (!!error)
89 return res.json({errmsg: error});
90 const user = {
91 id: req.userId,
92 name: name,
93 email: email,
94 notify: !!req.body.notify,
95 };
96 UserModel.updateSettings(user, err => {
97 res.json(err ? {errmsg: err.toString()} : {});
98 });
99 });
100
101 // Logout on server because the token cookie is httpOnly
102 router.get('/logout', access.logged, (req,res) => {
103 res.clearCookie("token");
104 res.redirect('/');
105 });
106
107 module.exports = router;