Commit | Line | Data |
---|---|---|
8d7e2786 BA |
1 | var db = require("../utils/database"); |
2 | var maild = require("../utils/mailer.js"); | |
0bd5933d | 3 | var TokenGen = require("../utils/tokenGenerator"); |
c018b304 | 4 | var params = require("../config/parameters"); |
8d7e2786 BA |
5 | |
6 | /* | |
7 | * Structure: | |
8 | * _id: integer | |
9 | * name: varchar | |
10 | * email: varchar | |
11 | * loginToken: token on server only | |
12 | * loginTime: datetime (validity) | |
13 | * sessionToken: token in cookies for authentication | |
14 | * notify: boolean (send email notifications for corr games) | |
15 | */ | |
16 | ||
8ef618ef BA |
17 | // TODO: consider sanitizing http://www.unixwiz.net/techtips/sql-injection.html |
18 | // But parameters are supposed to already be cleaned (in controller). | |
19 | ||
8d7e2786 BA |
20 | // User creation |
21 | exports.create = function(name, email, notify, callback) | |
22 | { | |
8d7e2786 | 23 | db.serialize(function() { |
c018b304 | 24 | const insertQuery = |
8d7e2786 BA |
25 | "INSERT INTO Users " + |
26 | "(name, email, notify) VALUES " + | |
8a477a7e | 27 | "('" + name + "', '" + email + "', " + notify + ")"; |
c018b304 BA |
28 | db.run(insertQuery, err => { |
29 | if (!!err) | |
30 | return callback(err); | |
31 | db.get("SELECT last_insert_rowid() AS rowid", callback); | |
32 | }); | |
8d7e2786 BA |
33 | }); |
34 | } | |
35 | ||
36 | // Find one user (by id, name, email, or token) | |
37 | exports.getOne = function(by, value, cb) | |
38 | { | |
39 | const delimiter = (typeof value === "string" ? "'" : ""); | |
40 | db.serialize(function() { | |
8a477a7e | 41 | const query = |
c018b304 BA |
42 | "SELECT * " + |
43 | "FROM Users " + | |
8a477a7e BA |
44 | "WHERE " + by + " = " + delimiter + value + delimiter; |
45 | db.get(query, cb); | |
8d7e2786 BA |
46 | }); |
47 | } | |
48 | ||
49 | ///////// | |
50 | // MODIFY | |
51 | ||
52 | exports.setLoginToken = function(token, uid, cb) | |
53 | { | |
54 | db.serialize(function() { | |
8a477a7e | 55 | const query = |
8d7e2786 | 56 | "UPDATE Users " + |
c018b304 | 57 | "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " + |
8a477a7e BA |
58 | "WHERE id = " + uid; |
59 | db.run(query, cb); | |
8d7e2786 BA |
60 | }); |
61 | } | |
62 | ||
0bd5933d BA |
63 | // Set session token only if empty (first login) |
64 | // TODO: weaker security (but avoid to re-login everywhere after each logout) | |
65 | exports.trySetSessionToken = function(uid, cb) | |
8d7e2786 BA |
66 | { |
67 | // Also empty the login token to invalidate future attempts | |
68 | db.serialize(function() { | |
c018b304 | 69 | const querySessionToken = |
0bd5933d BA |
70 | "SELECT sessionToken " + |
71 | "FROM Users " + | |
8a477a7e | 72 | "WHERE id = " + uid; |
c018b304 | 73 | db.get(querySessionToken, (err,ret) => { |
8a477a7e BA |
74 | if (!!err) |
75 | return cb(err); | |
c018b304 | 76 | const token = ret.sessionToken || TokenGen.generate(params.token.length); |
8a477a7e BA |
77 | const queryUpdate = |
78 | "UPDATE Users " + | |
c018b304 BA |
79 | "SET loginToken = NULL" + |
80 | (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + | |
8a477a7e BA |
81 | "WHERE id = " + uid; |
82 | db.run(queryUpdate); | |
c018b304 | 83 | cb(null, token); |
0bd5933d | 84 | }); |
8d7e2786 BA |
85 | }); |
86 | } | |
87 | ||
0bd5933d | 88 | exports.updateSettings = function(user, cb) |
8d7e2786 BA |
89 | { |
90 | db.serialize(function() { | |
8a477a7e | 91 | const query = |
8d7e2786 | 92 | "UPDATE Users " + |
c018b304 BA |
93 | "SET name = '" + user.name + "'" + |
94 | ", email = '" + user.email + "'" + | |
95 | ", notify = " + user.notify + " " + | |
96 | "WHERE id = " + user.id; | |
8a477a7e | 97 | db.run(query, cb); |
8d7e2786 BA |
98 | }); |
99 | } |