Fix things. Now on (live) game start + play

[vchess.git] / server / routes / users.js

diff --git a/server/routes/users.js b/server/routes/users.js
index 8df0c43..b657920 100644 (file)
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -7,6 +7,26 @@ var genToken = require("../utils/tokenGenerator");
 var access = require("../utils/access");
 var params = require("../config/parameters");
 
+router.get("/whoami", access.ajax, (req,res) => {
+  const callback = (user) => {
+    return res.json({
+      name: user.name,
+      email: user.email,
+      id: user.id,
+      notify: user.notify,
+    });
+  };
+  const anonymous = {name:"", email:"", id:0, notify:false};
+       if (!req.cookies.token)
+    return callback(anonymous);
+  UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+    if (!!err || !user)
+      callback(anonymous);
+    else (!!user)
+      callback(user);
+  });
+});
+
 // to: object user (to who we send an email)
 function setAndSendLoginToken(subject, to, res)
 {
@@ -18,12 +38,10 @@ function setAndSendLoginToken(subject, to, res)
                const body =
                        "Hello " + to.name + "!\n" +
                        "Access your account here: " +
-                       params.siteURL + "/authenticate?token=" + token + "\\n" +
+                       params.siteURL + "/#/authenticate/" + token + "\\n" +
                        "Token will expire in " + params.token.expire/(1000*60) + " minutes."
                sendEmail(params.mail.noreply, to.email, subject, body, err => {
-                       // "id" is generally the only info missing on client side,
-                       // but the name is also unknown if log-in with the email.
-                       res.json(err || {id: to.id, name: to.name});
+                       res.json(err || {});
                });
        });
 }
@@ -60,10 +78,10 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
        });
 });
 
-router.get('/authenticate', access.unlogged, (req,res) => {
-       UserModel.getOne("loginToken", req.query.token, (err,user) => {
+router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
+  UserModel.getOne("loginToken", req.query.token, (err,user) => {
                access.checkRequest(res, err, user, "Invalid token", () => {
-                       // If token older than params.tokenExpire, do nothing
+      // If token older than params.tokenExpire, do nothing
                        if (Date.now() > user.loginTime + params.token.expire)
                                return res.json({errmsg: "Token expired"});
                        // Generate session token (if not exists) + destroy login token
@@ -71,12 +89,17 @@ router.get('/authenticate', access.unlogged, (req,res) => {
                                if (!!err)
                                        return res.json({errmsg: err.toString()});
                                // Set cookie
-                               res.cookie("token", token, {
+        res.cookie("token", token, {
                                        httpOnly: true,
                                        secure: !!params.siteURL.match(/^https/),
                                        maxAge: params.cookieExpire,
                                });
-                               res.redirect("/");
+                               res.json({
+          id: user.id,
+          name: user.name,
+          email: user.email,
+          notify: user.notify,
+        });
                        });
                });
        });
@@ -99,10 +122,9 @@ router.put('/update', access.logged, access.ajax, (req,res) => {
        });
 });
 
-// Logout on server because the token cookie is httpOnly
-router.get('/logout', access.logged, (req,res) => {
+router.get('/logout', access.logged, access.ajax, (req,res) => {
        res.clearCookie("token");
-       res.redirect('/');
+       res.json({});
 });
 
 module.exports = router;