server/models/User.js

   1 const db = require("../utils/database");
   2 const genToken = require("../utils/tokenGenerator");
   3 const params = require("../config/parameters");
   4 const sendEmail = require('../utils/mailer');
   5
   6 /*
   7  * Structure:
   8  *   id: integer
   9  *   name: varchar
  10  *   email: varchar
  11  *   loginToken: token on server only
  12  *   loginTime: datetime (validity)
  13  *   sessionToken: token in cookies for authentication
  14  *   notify: boolean (send email notifications for corr games)
  15  *   created: datetime
  16  *   bio: text
  17  */
  18
  19 const UserModel = {
  20
  21   checkNameEmail: function(o) {
  22     return (
  23       (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
  24       (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
  25     );
  26   },
  27
  28   create: function(name, email, notify, cb) {
  29     db.serialize(function() {
  30       const query =
  31         "INSERT INTO Users " +
  32         "(name, email, notify, created) VALUES " +
  33         "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
  34       db.run(query, function(err) {
  35         cb(err, { id: this.lastID });
  36       });
  37     });
  38   },
  39
  40   // Find one user by id, name, email, or token
  41   getOne: function(by, value, fields, cb) {
  42     const delimiter = (typeof value === "string" ? "'" : "");
  43     db.serialize(function() {
  44       const query =
  45         "SELECT " + fields + " " +
  46         "FROM Users " +
  47         "WHERE " + by + " = " + delimiter + value + delimiter;
  48       db.get(query, cb);
  49     });
  50   },
  51
  52   getByIds: function(ids, cb) {
  53     db.serialize(function() {
  54       const query =
  55         "SELECT id, name " +
  56         "FROM Users " +
  57         "WHERE id IN (" + ids + ")";
  58       db.all(query, cb);
  59     });
  60   },
  61
  62   getBio: function(id, cb) {
  63     db.serialize(function() {
  64       const query =
  65         "SELECT bio " +
  66         "FROM Users " +
  67         "WHERE id = " + id;
  68       db.get(query, cb);
  69     });
  70   },
  71
  72   /////////
  73   // MODIFY
  74
  75   setLoginToken: function(token, id) {
  76     db.serialize(function() {
  77       const query =
  78         "UPDATE Users " +
  79         "SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
  80         "WHERE id = " + id;
  81       db.run(query);
  82     });
  83   },
  84
  85   setBio: function(id, bio) {
  86     db.serialize(function() {
  87       const query =
  88         "UPDATE Users " +
  89         "SET bio = ? " +
  90         "WHERE id = " + id;
  91       db.run(query, bio);
  92     });
  93   },
  94
  95   // Set session token only if empty (first login)
  96   // NOTE: weaker security (but avoid to re-login everywhere after each logout)
  97   // TODO: option would be to reset all tokens periodically (every 3 months?)
  98   trySetSessionToken: function(id, cb) {
  99     db.serialize(function() {
 100       let query =
 101         "SELECT sessionToken " +
 102         "FROM Users " +
 103         "WHERE id = " + id;
 104       db.get(query, (err, ret) => {
 105         const token = ret.sessionToken || genToken(params.token.length);
 106         const setSessionToken =
 107           (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
 108         query =
 109           "UPDATE Users " +
 110           // Also empty the login token to invalidate future attempts
 111           "SET loginToken = NULL, loginTime = NULL " +
 112           setSessionToken + " " +
 113           "WHERE id = " + id;
 114         db.run(query);
 115         cb(token);
 116       });
 117     });
 118   },
 119
 120   updateSettings: function(user) {
 121     db.serialize(function() {
 122       const query =
 123         "UPDATE Users " +
 124         "SET name = '" + user.name + "'" +
 125         ", email = '" + user.email + "'" +
 126         ", notify = " + user.notify + " " +
 127         "WHERE id = " + user.id;
 128       db.run(query);
 129     });
 130   },
 131
 132   /////////////////
 133   // NOTIFICATIONS
 134
 135   notify: function(user, message) {
 136     const subject = "vchess.club - notification";
 137     const body = "Hello " + user.name + " !" + `
 138 ` + message;
 139     sendEmail(params.mail.noreply, user.email, subject, body);
 140   },
 141
 142   tryNotify: function(id, message) {
 143     UserModel.getOne("id", id, "name, email, notify", (err, user) => {
 144       if (!err && user.notify) UserModel.notify(user, message);
 145     });
 146   },
 147
 148   ////////////
 149   // CLEANING
 150
 151   cleanUsersDb: function() {
 152     const tsNow = Date.now();
 153     // 86400000 = 24 hours in milliseconds
 154     const day = 86400000;
 155     db.serialize(function() {
 156       const query =
 157         "SELECT id, sessionToken, created, name, email " +
 158         "FROM Users";
 159       db.all(query, (err, users) => {
 160         let toRemove = [];
 161         users.forEach(u => {
 162           // Remove users unlogged for > 24h
 163           if (!u.sessionToken && tsNow - u.created > day)
 164           {
 165             toRemove.push(u.id);
 166             UserModel.notify(
 167               u,
 168               "Your account has been deleted because " +
 169               "you didn't log in for 24h after registration"
 170             );
 171           }
 172         });
 173         if (toRemove.length > 0) {
 174           db.run(
 175             "DELETE FROM Users " +
 176             "WHERE id IN (" + toRemove.join(",") + ")"
 177           );
 178         }
 179       });
 180     });
 181   }
 182
 183 };
 184
 185 module.exports = UserModel;