1 var db
= require("../utils/database");
2 var maild
= require("../utils/mailer.js");
3 var genToken
= require("../utils/tokenGenerator");
4 var params
= require("../config/parameters");
11 * loginToken: token on server only
12 * loginTime: datetime (validity)
13 * sessionToken: token in cookies for authentication
14 * notify: boolean (send email notifications for corr games)
19 checkNameEmail: function(o
)
21 if (typeof o
.name
=== "string")
23 if (o
.name
.length
== 0)
25 if (!o
.name
.match(/^[\w]+$/))
26 return "Bad characters in name";
28 if (typeof o
.email
=== "string")
30 if (o
.email
.length
== 0)
32 if (!o
.email
.match(/^[\w.+-]+@[\w.+-]+$/))
33 return "Bad characters in email";
37 // NOTE: parameters are already cleaned (in controller), thus no sanitization here
38 create: function(name
, email
, notify
, callback
)
40 db
.serialize(function() {
42 "INSERT INTO Users " +
43 "(name, email, notify) VALUES " +
44 "('" + name
+ "', '" + email
+ "', " + notify
+ ")";
45 db
.run(insertQuery
, err
=> {
48 db
.get("SELECT last_insert_rowid() AS rowid", callback
);
53 // Find one user (by id, name, email, or token)
54 getOne: function(by
, value
, cb
)
56 const delimiter
= (typeof value
=== "string" ? "'" : "");
57 db
.serialize(function() {
61 "WHERE " + by
+ " = " + delimiter
+ value
+ delimiter
;
69 setLoginToken: function(token
, uid
, cb
)
71 db
.serialize(function() {
74 "SET loginToken = '" + token
+ "', loginTime = " + Date
.now() + " " +
80 // Set session token only if empty (first login)
81 // TODO: weaker security (but avoid to re-login everywhere after each logout)
82 trySetSessionToken: function(uid
, cb
)
84 // Also empty the login token to invalidate future attempts
85 db
.serialize(function() {
86 const querySessionToken
=
87 "SELECT sessionToken " +
90 db
.get(querySessionToken
, (err
,ret
) => {
93 const token
= ret
.sessionToken
|| genToken(params
.token
.length
);
96 "SET loginToken = NULL" +
97 (!ret
.sessionToken
? (", sessionToken = '" + token
+ "'") : "") + " " +
105 updateSettings: function(user
, cb
)
107 db
.serialize(function() {
110 "SET name = '" + user
.name
+ "'" +
111 ", email = '" + user
.email
+ "'" +
112 ", notify = " + user
.notify
+ " " +
113 "WHERE id = " + user
.id
;
119 module
.exports
= UserModel
;