1 var router
= require("express").Router();
2 var UserModel
= require('../models/User');
3 var maild
= require('../utils/mailer');
4 var TokenGen
= require("../utils/tokenGenerator");
5 var access
= require("../utils/access");
8 function setAndSendLoginToken(subject
, to
, res
)
10 // Set login token and send welcome(back) email with auth link
11 let token
= TokenGen
.generate(params
.token
.length
);
12 UserModel
.setLoginToken(token
, to
._id
, to
.ip
, (err
,ret
) => {
13 access
.checkRequest(res
, err
, ret
, "Cannot set login token", () => {
15 from: params
.mail
.from,
18 body: "Hello " + to
.initials
+ "!\n" +
19 "Access your account here: " +
20 params
.siteURL
+ "/authenticate?token=" + token
+ "\\n" +
21 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
29 // AJAX user life cycle...
31 router
.post('/register', access
.unlogged
, access
.ajax
, (req
,res
) => {
32 let name
= decodeURIComponent(req
.body
.name
);
33 let email
= decodeURIComponent(req
.body
.email
);
34 let error
= checkObject({name:name
, email:email
}, "User");
36 return res
.json({errmsg: error
});
37 UserModel
.create(name
, email
, (err
,user
) => {
38 access
.checkRequest(res
, err
, user
, "Registration failed", () => {
40 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
45 router
.put('/sendtoken', access
.unlogged
, access
.ajax
, (req
,res
) => {
46 let email
= decodeURIComponent(req
.body
.email
);
47 let error
= checkObject({email:email
}, "User");
50 return res
.json({errmsg: error
});
51 UserModel
.getByEmail(email
, (err
,user
) => {
52 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
53 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
58 router
.get('/authenticate', access
.unlogged
, (req
,res
) => {
59 UserModel
.getByLoginToken(req
.query
.token
, (err
,user
) => {
60 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
61 if (user
.loginToken
.ip
!= req
.ip
)
62 return res
.json({errmsg: "IP address mismatch"});
64 let tsNow
= now
.getTime();
65 // If token older than params.tokenExpire, do nothing
66 if (user
.loginToken
.timestamp
+ params
.token
.expire
< tsNow
)
67 return res
.json({errmsg: "Token expired"});
68 // Generate and update session token + destroy login token
69 let token
= TokenGen
.generate(params
.token
.length
);
70 UserModel
.setSessionToken(token
, user
._id
, (err
,ret
) => {
74 res
.cookie("token", token
, {
76 maxAge: params
.cookieExpire
84 router
.put('/settings', access
.logged
, access
.ajax
, (req
,res
) => {
85 let user
= JSON
.parse(req
.body
.user
);
86 let error
= checkObject(user
, "User");
88 return res
.json({errmsg: error
});
89 user
._id
= ObjectID(req
.user
._id
);
90 UserModel
.updateSettings(user
, (err
,ret
) => {
91 access
.checkRequest(res
, err
, ret
, "Settings update failed", () => {
97 router
.get('/logout', access
.logged
, (req
,res
) => {
98 // TODO: cookie + redirect is enough (https, secure cookie
99 // https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/ )
100 UserModel
.logout(req
.cookies
.token
, (err
,ret
) => {
101 access
.checkRequest(res
, err
, ret
, "Logout failed", () => {
102 res
.clearCookie("token");
109 module
.exports
= router
;