1 var router
= require("express").Router();
2 var UserModel
= require('../models/User');
3 var sendEmail
= require('../utils/mailer');
4 var TokenGen
= require("../utils/tokenGenerator");
5 var access
= require("../utils/access");
6 var params
= require("../config/parameters");
9 function setAndSendLoginToken(subject
, to
, res
)
11 // Set login token and send welcome(back) email with auth link
12 let token
= TokenGen
.generate(params
.token
.length
);
13 UserModel
.setLoginToken(token
, to
._id
, (err
,ret
) => {
14 access
.checkRequest(res
, err
, ret
, "Cannot set login token", () => {
16 "Hello " + to
.initials
+ "!\n" +
17 "Access your account here: " +
18 params
.siteURL
+ "/authenticate?token=" + token
+ "\\n" +
19 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
20 sendEmail(params
.mail
.from, to
.email
, subject
, body
, err
=> {
27 // AJAX user life cycle...
29 router
.post('/register', access
.unlogged
, access
.ajax
, (req
,res
) => {
30 let name
= decodeURIComponent(req
.body
.name
);
31 let email
= decodeURIComponent(req
.body
.email
);
32 let error
= checkObject({name:name
, email:email
}, "User");
34 return res
.json({errmsg: error
});
35 UserModel
.create(name
, email
, (err
,user
) => {
36 access
.checkRequest(res
, err
, user
, "Registration failed", () => {
37 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
42 router
.put('/sendtoken', access
.unlogged
, access
.ajax
, (req
,res
) => {
43 let email
= decodeURIComponent(req
.body
.email
);
44 let error
= checkObject({email:email
}, "User");
46 return res
.json({errmsg: error
});
47 UserModel
.getOne("email", email
, (err
,user
) => {
48 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
49 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
54 router
.get('/authenticate', access
.unlogged
, (req
,res
) => {
55 UserModel
.getByLoginToken(req
.query
.token
, (err
,user
) => {
56 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
57 let tsNow
= Date
.now();
58 // If token older than params.tokenExpire, do nothing
59 if (Date
.now() > user
.loginTime
+ params
.token
.expire
)
60 return res
.json({errmsg: "Token expired"});
61 // Generate session token (if not exists) + destroy login token
62 UserModel
.trySetSessionToken(user
._id
, (err
,token
) => {
66 res
.cookie("token", token
, {
69 maxAge: params
.cookieExpire
77 router
.put('/settings', access
.logged
, access
.ajax
, (req
,res
) => {
78 const user
= JSON
.parse(req
.body
.user
);
79 // TODO: either verify email + name, or re-apply the following logic:
80 //let error = checkObject(user, "User");
81 //if (error.length > 0)
82 // return res.json({errmsg: error});
83 user
._id
= req
.user
._id
; //TODO:
84 UserModel
.updateSettings(user
, (err
,ret
) => {
85 access
.checkRequest(res
, err
, ret
, "Settings update failed", () => {
91 // Logout on server because the token cookie is secured + http-only
92 router
.get('/logout', access
.logged
, (req
,res
) => {
93 res
.clearCookie("token");
97 module
.exports
= router
;