var genToken = require("../utils/tokenGenerator");
var access = require("../utils/access");
var params = require("../config/parameters");
var genToken = require("../utils/tokenGenerator");
var access = require("../utils/access");
var params = require("../config/parameters");
// to: object user (to who we send an email)
function setAndSendLoginToken(subject, to, res)
// to: object user (to who we send an email)
function setAndSendLoginToken(subject, to, res)
"Token will expire in " + params.token.expire/(1000*60) + " minutes."
sendEmail(params.mail.noreply, to.email, subject, body, err => {
"Token will expire in " + params.token.expire/(1000*60) + " minutes."
sendEmail(params.mail.noreply, to.email, subject, body, err => {
// but the name is also unknown if log-in with the email.
res.json(err || {id: to.id, name: to.name});
});
// but the name is also unknown if log-in with the email.
res.json(err || {id: to.id, name: to.name});
});
const name = req.body.name;
const email = req.body.email;
const notify = !!req.body.notify;
const name = req.body.name;
const email = req.body.email;
const notify = !!req.body.notify;
if (!!error)
return res.json({errmsg: error});
UserModel.create(name, email, notify, (err,uid) => {
if (!!error)
return res.json({errmsg: error});
UserModel.create(name, email, notify, (err,uid) => {
router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
if (!!error)
return res.json({errmsg: error});
UserModel.getOne(type, nameOrEmail, (err,user) => {
if (!!error)
return res.json({errmsg: error});
UserModel.getOne(type, nameOrEmail, (err,user) => {
-router.get('/authenticate', access.unlogged, (req,res) => {
- UserModel.getOne("loginToken", req.query.token, (err,user) => {
+router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
+ UserModel.getOne("loginToken", req.query.token, (err,user) => {
access.checkRequest(res, err, user, "Invalid token", () => {
// If token older than params.tokenExpire, do nothing
if (Date.now() > user.loginTime + params.token.expire)
access.checkRequest(res, err, user, "Invalid token", () => {
// If token older than params.tokenExpire, do nothing
if (Date.now() > user.loginTime + params.token.expire)
secure: !!params.siteURL.match(/^https/),
maxAge: params.cookieExpire,
});
secure: !!params.siteURL.match(/^https/),
maxAge: params.cookieExpire,
});
router.put('/update', access.logged, access.ajax, (req,res) => {
const name = req.body.name;
const email = req.body.email;
router.put('/update', access.logged, access.ajax, (req,res) => {
const name = req.body.name;
const email = req.body.email;
-// Logout on server because the token cookie is httpOnly
-router.get('/logout', access.logged, (req,res) => {
+router.get('/logout', access.logged, access.ajax, (req,res) => {