X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=cc104ab07ed5821f8bca8065b98d36463f5f17e5;hp=ff019bdbd873ce4c7989e6ad6fefd0aa31e10ce2;hb=aa6d9b33f70c9baccac98ab41c72d2bd787eac83;hpb=fe4c7e67075416c48aafe9e307bef5afea7937bc

diff --git a/server/models/User.js b/server/models/User.js
index ff019bdb..cc104ab0 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -1,11 +1,12 @@
-var db = require("../utils/database");
-var genToken = require("../utils/tokenGenerator");
-var params = require("../config/parameters");
-var sendEmail = require('../utils/mailer');
+const db = require("../utils/database");
+const genToken = require("../utils/tokenGenerator");
+const params = require("../config/parameters");
+const sendEmail = require('../utils/mailer');
+const { exec } = require("child_process");
 
 /*
  * Structure:
- *   _id: integer
+ *   id: integer
  *   name: varchar
  *   email: varchar
  *   loginToken: token on server only
@@ -13,52 +14,36 @@ var sendEmail = require('../utils/mailer');
  *   sessionToken: token in cookies for authentication
  *   notify: boolean (send email notifications for corr games)
  *   created: datetime
+ *   bio: text
  */
 
-const UserModel =
-{
-  checkNameEmail: function(o)
-  {
-    if (typeof o.name === "string")
-    {
-      if (o.name.length == 0)
-        return "Empty name";
-      if (!o.name.match(/^[\w]+$/))
-        return "Bad characters in name";
-    }
-    if (typeof o.email === "string")
-    {
-      if (o.email.length == 0)
-        return "Empty email";
-      if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
-        return "Bad characters in email";
-    }
-    return ""; //NOTE: not required, but more consistent... (?!)
+const UserModel = {
+
+  checkNameEmail: function(o) {
+    return (
+      (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
+      (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
+    );
   },
 
-  // NOTE: parameters are already cleaned (in controller), thus no sanitization here
-  create: function(name, email, notify, callback)
-  {
+  create: function(name, email, notify, cb) {
     db.serialize(function() {
-      const insertQuery =
+      const query =
         "INSERT INTO Users " +
         "(name, email, notify, created) VALUES " +
-        "('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
-      db.run(insertQuery, err => {
-        if (!!err)
-          return callback(err);
-        db.get("SELECT last_insert_rowid() AS rowid", callback);
+        "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
+      db.run(query, function(err) {
+        cb(err, { id: this.lastID });
       });
     });
   },
 
-  // Find one user (by id, name, email, or token)
-  getOne: function(by, value, cb)
-  {
+  // Find one user by id, name, email, or token
+  getOne: function(by, value, fields, cb) {
     const delimiter = (typeof value === "string" ? "'" : "");
     db.serialize(function() {
       const query =
-        "SELECT * " +
+        "SELECT " + fields + " " +
         "FROM Users " +
         "WHERE " + by + " = " + delimiter + value + delimiter;
       db.get(query, cb);
@@ -75,48 +60,65 @@ const UserModel =
     });
   },
 
+  getBio: function(id, cb) {
+    db.serialize(function() {
+      const query =
+        "SELECT bio " +
+        "FROM Users " +
+        "WHERE id = " + id;
+      db.get(query, cb);
+    });
+  },
+
   /////////
   // MODIFY
 
-  setLoginToken: function(token, uid, cb)
-  {
+  setLoginToken: function(token, id) {
     db.serialize(function() {
       const query =
         "UPDATE Users " +
-        "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
-        "WHERE id = " + uid;
-      db.run(query, cb);
+        "SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
+        "WHERE id = " + id;
+      db.run(query);
+    });
+  },
+
+  setBio: function(id, bio) {
+    db.serialize(function() {
+      const query =
+        "UPDATE Users " +
+        "SET bio = ? " +
+        "WHERE id = " + id;
+      db.run(query, bio);
     });
   },
 
   // Set session token only if empty (first login)
   // NOTE: weaker security (but avoid to re-login everywhere after each logout)
-  // TODO: option would be to reset all tokens periodically, e.g. every 3 months
-  trySetSessionToken: function(uid, cb)
-  {
-    // Also empty the login token to invalidate future attempts
+  // TODO: option would be to reset all tokens periodically (every 3 months?)
+  trySetSessionToken: function(id, cb) {
     db.serialize(function() {
-      const querySessionToken =
+      let query =
         "SELECT sessionToken " +
         "FROM Users " +
-        "WHERE id = " + uid;
-      db.get(querySessionToken, (err,ret) => {
-        if (!!err)
-          return cb(err);
+        "WHERE id = " + id;
+      db.get(query, (err, ret) => {
         const token = ret.sessionToken || genToken(params.token.length);
-        const queryUpdate =
+        const setSessionToken =
+          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
+        query =
           "UPDATE Users " +
-          "SET loginToken = NULL" +
-          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
-          "WHERE id = " + uid;
-        db.run(queryUpdate);
-        cb(null, token);
+          // Also empty the login token to invalidate future attempts
+          "SET loginToken = NULL, loginTime = NULL " +
+          setSessionToken + " " +
+          "WHERE id = " + id;
+        db.run(query);
+        cb(token);
       });
     });
   },
 
-  updateSettings: function(user, cb)
-  {
+  updateSettings: function(user) {
     db.serialize(function() {
       const query =
         "UPDATE Users " +
@@ -124,50 +126,62 @@ const UserModel =
         ", email = '" + user.email + "'" +
         ", notify = " + user.notify + " " +
         "WHERE id = " + user.id;
-      db.run(query, cb);
+      db.run(query);
     });
   },
 
   /////////////////
   // NOTIFICATIONS
 
-  notify: function(user, message)
-  {
+  notify: function(user, message) {
     const subject = "vchess.club - notification";
-    const body = "Hello " + user.name + "!\n" + message;
+    const body = "Hello " + user.name + " !" + `
+` + message;
     sendEmail(params.mail.noreply, user.email, subject, body);
   },
 
-  tryNotify: function(id, message)
-  {
-    UserModel.getOne("id", id, (err,user) => {
-      if (!err || !user.notify)
-        return; //NOTE: error is ignored here
-      UserModel.notify(user, message);
+  tryNotify: function(id, message) {
+    UserModel.getOne("id", id, "name, email, notify", (err, user) => {
+      if (!err && user.notify) UserModel.notify(user, message);
     });
   },
 
   ////////////
   // CLEANING
 
-  cleanUsersDb: function()
-  {
+  cleanUsersDb: function() {
     const tsNow = Date.now();
     // 86400000 = 24 hours in milliseconds
     const day = 86400000;
     db.serialize(function() {
       const query =
-        "SELECT id, sessionToken, created " +
+        "SELECT id, sessionToken, created, name, email " +
         "FROM Users";
       db.all(query, (err, users) => {
+        let toRemove = [];
         users.forEach(u => {
-          // Remove unlogged users for >1 day
+          // Remove users unlogged for > 24h
           if (!u.sessionToken && tsNow - u.created > day)
-            db.run("DELETE FROM Users WHERE id = " + u.id);
+          {
+            toRemove.push(u.id);
+            UserModel.notify(
+              u,
+              "Your account has been deleted because " +
+              "you didn't log in for 24h after registration"
+            );
+          }
         });
+        if (toRemove.length > 0) {
+          const remArg = toRemove.join(",");
+          db.run(
+            "DELETE FROM Users " +
+            "WHERE id IN (" + remArg + ")"
+          );
+        }
       });
     });
-  },
-}
+  }
+
+};
 
 module.exports = UserModel;