X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=947111342d9b54bf19d09be4b7ee1acfb3e077f3;hp=dfe2fa2ef0ca8f3f82b964ff8ebca4835d7a7f8a;hb=aa6d9b33f70c9baccac98ab41c72d2bd787eac83;hpb=d639b82a84af667908ccdda522cb1f94fddf55e5 diff --git a/server/routes/users.js b/server/routes/users.js index dfe2fa2e..94711134 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -5,6 +5,7 @@ const genToken = require("../utils/tokenGenerator"); const access = require("../utils/access"); const params = require("../config/parameters"); const sanitizeHtml_pkg = require('sanitize-html'); +const { exec } = require("child_process"); const allowedTags = [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b', @@ -48,7 +49,7 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => { name: name, email: email }; - setAndSendLoginToken("Welcome to " + params.siteURL, user, res); + setAndSendLoginToken("Welcome to " + params.siteURL, user); res.json({}); } }); @@ -73,9 +74,10 @@ router.get("/whoami", access.ajax, (req,res) => { }; if (!req.cookies.token) callback(anonymous); else if (req.cookies.token.match(/^[a-z0-9]+$/)) { - UserModel.getOne("sessionToken", req.cookies.token, (err, user) => { - callback(user || anonymous); - }); + UserModel.getOne( + "sessionToken", req.cookies.token, "name, email, id, notify", + (err, user) => callback(user || anonymous) + ); } }); @@ -108,7 +110,7 @@ router.put('/update', access.logged, access.ajax, (req,res) => { // Authentication-related methods: // to: object user (to who we send an email) -function setAndSendLoginToken(subject, to, res) { +function setAndSendLoginToken(subject, to) { // Set login token and send welcome(back) email with auth link const token = genToken(params.token.length); UserModel.setLoginToken(token, to.id); @@ -126,9 +128,9 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { const nameOrEmail = decodeURIComponent(req.query.nameOrEmail); const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name"); if (UserModel.checkNameEmail({ [type]: nameOrEmail })) { - UserModel.getOne(type, nameOrEmail, (err,user) => { + UserModel.getOne(type, nameOrEmail, "id, name, email", (err, user) => { access.checkRequest(res, err, user, "Unknown user", () => { - setAndSendLoginToken("Token for " + params.siteURL, user, res); + setAndSendLoginToken("Token for " + params.siteURL, user); res.json({}); }); }); @@ -138,29 +140,27 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { if (!req.query.token.match(/^[a-z0-9]+$/)) return res.json({ errmsg: "Bad token" }); - UserModel.getOne("loginToken", req.query.token, (err,user) => { - access.checkRequest(res, err, user, "Invalid token", () => { - // If token older than params.tokenExpire, do nothing - if (Date.now() > user.loginTime + params.token.expire) - res.json({ errmsg: "Token expired" }); - else { - // Generate session token (if not exists) + destroy login token - UserModel.trySetSessionToken(user.id, (token) => { - res.cookie("token", token, { - httpOnly: true, - secure: !!params.siteURL.match(/^https/), - maxAge: params.cookieExpire, - }); - res.json({ - id: user.id, - name: user.name, - email: user.email, - notify: user.notify + UserModel.getOne( + "loginToken", req.query.token, "id, name, email, notify", + (err,user) => { + access.checkRequest(res, err, user, "Invalid token", () => { + // If token older than params.tokenExpire, do nothing + if (Date.now() > user.loginTime + params.token.expire) + res.json({ errmsg: "Token expired" }); + else { + // Generate session token (if not exists) + destroy login token + UserModel.trySetSessionToken(user.id, (token) => { + res.cookie("token", token, { + httpOnly: true, + secure: !!params.siteURL.match(/^https/), + maxAge: params.cookieExpire, + }); + res.json(user); }); - }); - } - }); - }); + } + }); + } + ); }); router.get('/logout', access.logged, access.ajax, (req,res) => {