[vchess.git] / server / models / User.js

const db = require("../utils/database");
const genToken = require("../utils/tokenGenerator");
const params = require("../config/parameters");
const sendEmail = require('../utils/mailer');

/*
 * Structure:
 *   _id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 *   created: datetime
 *   bio: text
 */

const UserModel = {
  checkNameEmail: function(o) {
    return (
      (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
      (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
    );
  },

  create: function(name, email, notify, cb) {
    db.serialize(function() {
      const query =
        "INSERT INTO Users " +
        "(name, email, notify, created) VALUES " +
        "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
      db.run(query, function(err) {
        cb(err, { id: this.lastID });
      });
    });
  },

  // Find one user by id, name, email, or token
  getOne: function(by, value, cb) {
    const delimiter = (typeof value === "string" ? "'" : "");
    db.serialize(function() {
      const query =
        "SELECT * " +
        "FROM Users " +
        "WHERE " + by + " = " + delimiter + value + delimiter;
      db.get(query, cb);
    });
  },

  getByIds: function(ids, cb) {
    db.serialize(function() {
      const query =
        "SELECT id, name " +
        "FROM Users " +
        "WHERE id IN (" + ids + ")";
      db.all(query, cb);
    });
  },

  getBio: function(id) {
    db.serialize(function() {
      const query =
        "SELECT bio " +
        "FROM Users " +
        "WHERE id = " + id;
      db.get(query, cb);
    });
  },

  /////////
  // MODIFY

  setLoginToken: function(token, id) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
        "WHERE id = " + id;
      db.run(query);
    });
  },

  setBio: function(id, bio) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET bio = ? " +
        "WHERE id = " + id;
      db.run(query, bio);
    });
  },

  // Set session token only if empty (first login)
  // NOTE: weaker security (but avoid to re-login everywhere after each logout)
  // TODO: option would be to reset all tokens periodically (every 3 months?)
  trySetSessionToken: function(id, cb) {
    db.serialize(function() {
      let query =
        "SELECT sessionToken " +
        "FROM Users " +
        "WHERE id = " + id;
      db.get(query, (err, ret) => {
        const token = ret.sessionToken || genToken(params.token.length);
        const setSessionToken =
          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
        query =
          "UPDATE Users " +
          // Also empty the login token to invalidate future attempts
          "SET loginToken = NULL" +
          setSessionToken + " " +
          "WHERE id = " + id;
        db.run(query);
        cb(token);
      });
    });
  },

  updateSettings: function(user) {
    db.serialize(function() {
      const query =
        "UPDATE Users " +
        "SET name = '" + user.name + "'" +
        ", email = '" + user.email + "'" +
        ", notify = " + user.notify + " " +
        "WHERE id = " + user.id;
      db.run(query);
    });
  },

  /////////////////
  // NOTIFICATIONS

  notify: function(user, message) {
    const subject = "vchess.club - notification";
    const body = "Hello " + user.name + " !" + `
` + message;
    sendEmail(params.mail.noreply, user.email, subject, body);
  },

  tryNotify: function(id, message) {
    UserModel.getOne("id", id, (err,user) => {
      if (!err && user.notify) UserModel.notify(user, message);
    });
  },

  ////////////
  // CLEANING

  cleanUsersDb: function() {
    const tsNow = Date.now();
    // 86400000 = 24 hours in milliseconds
    const day = 86400000;
    db.serialize(function() {
      const query =
        "SELECT id, sessionToken, created, name, email " +
        "FROM Users";
      db.all(query, (err, users) => {
        let toRemove = [];
        users.forEach(u => {
          // Remove users unlogged for > 24h
          if (!u.sessionToken && tsNow - u.created > day)
          {
            toRemove.push(u.id);
            UserModel.notify(
              u,
              "Your account has been deleted because " +
              "you didn't log in for 24h after registration"
            );
          }
        });
        if (toRemove.length > 0) {
          db.run(
            "DELETE FROM Users " +
            "WHERE id IN (" + toRemove.join(",") + ")"
          );
        }
      });
    });
  },
}

module.exports = UserModel;
Commit	Line	Data
c5c47010 BA	1	const db = require("../utils/database");
	2	const genToken = require("../utils/tokenGenerator");
	3	const params = require("../config/parameters");
	4	const sendEmail = require('../utils/mailer');
8d7e2786 BA	5
	6	/*
	7	* Structure:
	8	* _id: integer
	9	* name: varchar
	10	* email: varchar
	11	* loginToken: token on server only
	12	* loginTime: datetime (validity)
	13	* sessionToken: token in cookies for authentication
	14	* notify: boolean (send email notifications for corr games)
83494c7f	15	* created: datetime
dd10eb93	16	* bio: text
8d7e2786 BA	17	*/
8d7e2786 BA	18
0234201f BA	19	const UserModel = {
0234201f BA	20	checkNameEmail: function(o) {
866842c3	21	return (
188b4a8f BA	22	(!o.name \|\| !!(o.name.match(/^[\w-]+$/))) &&
188b4a8f BA	23	(!o.email \|\| !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
866842c3	24	);
dac39588	25	},
98db2082	26
0234201f	27	create: function(name, email, notify, cb) {
dac39588	28	db.serialize(function() {
866842c3	29	const query =
dac39588 BA	30	"INSERT INTO Users " +
dac39588 BA	31	"(name, email, notify, created) VALUES " +
866842c3 BA	32	"('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
866842c3 BA	33	db.run(query, function(err) {
0234201f	34	cb(err, { id: this.lastID });
dac39588 BA	35	});
	36	});
	37	},
8d7e2786	38
866842c3	39	// Find one user by id, name, email, or token
0234201f	40	getOne: function(by, value, cb) {
dac39588 BA	41	const delimiter = (typeof value === "string" ? "'" : "");
	42	db.serialize(function() {
	43	const query =
	44	"SELECT * " +
	45	"FROM Users " +
	46	"WHERE " + by + " = " + delimiter + value + delimiter;
	47	db.get(query, cb);
	48	});
	49	},
8d7e2786	50
ed9c9c37 BA	51	getByIds: function(ids, cb) {
	52	db.serialize(function() {
	53	const query =
	54	"SELECT id, name " +
1f49533d	55	"FROM Users " +
ed9c9c37 BA	56	"WHERE id IN (" + ids + ")";
	57	db.all(query, cb);
	58	});
1f49533d BA	59	},
1f49533d BA	60
dd10eb93 BA	61	getBio: function(id) {
	62	db.serialize(function() {
	63	const query =
	64	"SELECT bio " +
	65	"FROM Users " +
	66	"WHERE id = " + id;
	67	db.get(query, cb);
	68	});
	69	},
	70
dac39588 BA	71	/////////
dac39588 BA	72	// MODIFY
8d7e2786	73
0234201f	74	setLoginToken: function(token, id) {
dac39588 BA	75	db.serialize(function() {
	76	const query =
	77	"UPDATE Users " +
866842c3	78	"SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
0234201f	79	"WHERE id = " + id;
866842c3	80	db.run(query);
dac39588 BA	81	});
dac39588 BA	82	},
8d7e2786	83
dd10eb93	84	setBio: function(id, bio) {
d9a7a1e4 BA	85	db.serialize(function() {
	86	const query =
	87	"UPDATE Users " +
dd10eb93	88	"SET bio = ? " +
0234201f	89	"WHERE id = " + id;
dd10eb93	90	db.run(query, bio);
d9a7a1e4 BA	91	});
	92	},
	93
dac39588 BA	94	// Set session token only if empty (first login)
dac39588 BA	95	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
2c5d7b20	96	// TODO: option would be to reset all tokens periodically (every 3 months?)
0234201f	97	trySetSessionToken: function(id, cb) {
dac39588	98	db.serialize(function() {
866842c3	99	let query =
dac39588 BA	100	"SELECT sessionToken " +
dac39588 BA	101	"FROM Users " +
0234201f	102	"WHERE id = " + id;
2c5d7b20	103	db.get(query, (err, ret) => {
dac39588	104	const token = ret.sessionToken \|\| genToken(params.token.length);
2c5d7b20 BA	105	const setSessionToken =
2c5d7b20 BA	106	(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
866842c3	107	query =
dac39588	108	"UPDATE Users " +
866842c3	109	// Also empty the login token to invalidate future attempts
dac39588	110	"SET loginToken = NULL" +
2c5d7b20	111	setSessionToken + " " +
0234201f	112	"WHERE id = " + id;
866842c3 BA	113	db.run(query);
866842c3 BA	114	cb(token);
dac39588 BA	115	});
	116	});
	117	},
ab4f4bf2	118
0234201f	119	updateSettings: function(user) {
dac39588 BA	120	db.serialize(function() {
	121	const query =
	122	"UPDATE Users " +
	123	"SET name = '" + user.name + "'" +
	124	", email = '" + user.email + "'" +
	125	", notify = " + user.notify + " " +
	126	"WHERE id = " + user.id;
866842c3	127	db.run(query);
dac39588 BA	128	});
dac39588 BA	129	},
5d04793e BA	130
	131	/////////////////
	132	// NOTIFICATIONS
	133
0234201f	134	notify: function(user, message) {
fe4c7e67	135	const subject = "vchess.club - notification";
f53871db	136	const body = "Hello " + user.name + " !" + `
a749972c	137	` + message;
fe4c7e67 BA	138	sendEmail(params.mail.noreply, user.email, subject, body);
	139	},
	140
0234201f	141	tryNotify: function(id, message) {
fe4c7e67	142	UserModel.getOne("id", id, (err,user) => {
0234201f	143	if (!err && user.notify) UserModel.notify(user, message);
2be5d614	144	});
83494c7f BA	145	},
	146
	147	////////////
	148	// CLEANING
ab4f4bf2	149
0234201f	150	cleanUsersDb: function() {
83494c7f BA	151	const tsNow = Date.now();
	152	// 86400000 = 24 hours in milliseconds
	153	const day = 86400000;
	154	db.serialize(function() {
	155	const query =
a97bdbda	156	"SELECT id, sessionToken, created, name, email " +
83494c7f BA	157	"FROM Users";
83494c7f BA	158	db.all(query, (err, users) => {
0234201f	159	let toRemove = [];
83494c7f	160	users.forEach(u => {
0234201f	161	// Remove users unlogged for > 24h
83494c7f	162	if (!u.sessionToken && tsNow - u.created > day)
a97bdbda	163	{
0d5335de	164	toRemove.push(u.id);
059228c9	165	UserModel.notify(
a97bdbda BA	166	u,
	167	"Your account has been deleted because " +
	168	"you didn't log in for 24h after registration"
	169	);
a97bdbda	170	}
83494c7f	171	});
0234201f BA	172	if (toRemove.length > 0) {
	173	db.run(
	174	"DELETE FROM Users " +
	175	"WHERE id IN (" + toRemove.join(",") + ")"
	176	);
	177	}
83494c7f BA	178	});
	179	});
	180	},
	181	}
d431028c	182
ab4f4bf2	183	module.exports = UserModel;