X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=cc104ab07ed5821f8bca8065b98d36463f5f17e5;hp=0ff8e1c89e1916df66b84c9d73c06b5aa02a2158;hb=aa6d9b33f70c9baccac98ab41c72d2bd787eac83;hpb=0234201fb338fc239d6f613c677fa932c7c3697c diff --git a/server/models/User.js b/server/models/User.js index 0ff8e1c8..cc104ab0 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -2,10 +2,11 @@ const db = require("../utils/database"); const genToken = require("../utils/tokenGenerator"); const params = require("../config/parameters"); const sendEmail = require('../utils/mailer'); +const { exec } = require("child_process"); /* * Structure: - * _id: integer + * id: integer * name: varchar * email: varchar * loginToken: token on server only @@ -13,10 +14,11 @@ const sendEmail = require('../utils/mailer'); * sessionToken: token in cookies for authentication * notify: boolean (send email notifications for corr games) * created: datetime - * newsRead: datetime + * bio: text */ const UserModel = { + checkNameEmail: function(o) { return ( (!o.name || !!(o.name.match(/^[\w-]+$/))) && @@ -37,11 +39,11 @@ const UserModel = { }, // Find one user by id, name, email, or token - getOne: function(by, value, cb) { + getOne: function(by, value, fields, cb) { const delimiter = (typeof value === "string" ? "'" : ""); db.serialize(function() { const query = - "SELECT * " + + "SELECT " + fields + " " + "FROM Users " + "WHERE " + by + " = " + delimiter + value + delimiter; db.get(query, cb); @@ -58,6 +60,16 @@ const UserModel = { }); }, + getBio: function(id, cb) { + db.serialize(function() { + const query = + "SELECT bio " + + "FROM Users " + + "WHERE id = " + id; + db.get(query, cb); + }); + }, + ///////// // MODIFY @@ -71,32 +83,34 @@ const UserModel = { }); }, - setNewsRead: function(id) { + setBio: function(id, bio) { db.serialize(function() { const query = "UPDATE Users " + - "SET newsRead = " + Date.now() + " " + + "SET bio = ? " + "WHERE id = " + id; - db.run(query); + db.run(query, bio); }); }, // Set session token only if empty (first login) // NOTE: weaker security (but avoid to re-login everywhere after each logout) - // TODO: option would be to reset all tokens periodically, e.g. every 3 months + // TODO: option would be to reset all tokens periodically (every 3 months?) trySetSessionToken: function(id, cb) { db.serialize(function() { let query = "SELECT sessionToken " + "FROM Users " + "WHERE id = " + id; - db.get(query, (err,ret) => { + db.get(query, (err, ret) => { const token = ret.sessionToken || genToken(params.token.length); + const setSessionToken = + (!ret.sessionToken ? (", sessionToken = '" + token + "'") : ""); query = "UPDATE Users " + // Also empty the login token to invalidate future attempts - "SET loginToken = NULL" + - (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + + "SET loginToken = NULL, loginTime = NULL " + + setSessionToken + " " + "WHERE id = " + id; db.run(query); cb(token); @@ -127,7 +141,7 @@ const UserModel = { }, tryNotify: function(id, message) { - UserModel.getOne("id", id, (err,user) => { + UserModel.getOne("id", id, "name, email, notify", (err, user) => { if (!err && user.notify) UserModel.notify(user, message); }); }, @@ -149,7 +163,8 @@ const UserModel = { // Remove users unlogged for > 24h if (!u.sessionToken && tsNow - u.created > day) { - notify( + toRemove.push(u.id); + UserModel.notify( u, "Your account has been deleted because " + "you didn't log in for 24h after registration" @@ -157,14 +172,16 @@ const UserModel = { } }); if (toRemove.length > 0) { + const remArg = toRemove.join(","); db.run( "DELETE FROM Users " + - "WHERE id IN (" + toRemove.join(",") + ")" + "WHERE id IN (" + remArg + ")" ); } }); }); - }, -} + } + +}; module.exports = UserModel;