X-Git-Url: https://git.auder.net/assets/icon_infos.svg?a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=c05161567b49b09492b647f9564b00a47d91e6ca;hb=41c80bb63b85b2696d3925c10784c3d7bb5d2aa3;hp=b2a99e0571556c47e8cc41478aa3f57cb1988ac0;hpb=2be5d6140901fc7bb2a33d672e52cfdc545a1912;p=vchess.git

diff --git a/server/models/User.js b/server/models/User.js
index b2a99e05..c0516156 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -12,6 +12,7 @@ var sendEmail = require('../utils/mailer');
  *   loginTime: datetime (validity)
  *   sessionToken: token in cookies for authentication
  *   notify: boolean (send email notifications for corr games)
+ *   created: datetime
  */
 
 const UserModel =
@@ -32,6 +33,7 @@ const UserModel =
 			if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
 				return "Bad characters in email";
 		}
+    return ""; //NOTE: not required, but more consistent... (?!)
 	},
 
 	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
@@ -40,8 +42,8 @@ const UserModel =
 		db.serialize(function() {
 			const insertQuery =
 				"INSERT INTO Users " +
-				"(name, email, notify) VALUES " +
-				"('" + name + "', '" + email + "', " + notify + ")";
+				"(name, email, notify, created) VALUES " +
+				"('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
 			db.run(insertQuery, err => {
 				if (!!err)
 					return callback(err);
@@ -88,8 +90,9 @@ const UserModel =
 	},
 
 	// Set session token only if empty (first login)
-	// TODO: weaker security (but avoid to re-login everywhere after each logout)
-	trySetSessionToken: function(uid, cb)
+	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
+	// TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  trySetSessionToken: function(uid, cb)
 	{
 		// Also empty the login token to invalidate future attempts
 		db.serialize(function() {
@@ -139,7 +142,29 @@ const UserModel =
         res.json(err || {});
       });
     });
-  }
+  },
+
+  ////////////
+  // CLEANING
+
+  cleanUsersDb: function()
+  {
+    const tsNow = Date.now();
+    // 86400000 = 24 hours in milliseconds
+    const day = 86400000;
+    db.serialize(function() {
+      const query =
+        "SELECT id, sessionToken, created " +
+        "FROM Users";
+      db.all(query, (err, users) => {
+        users.forEach(u => {
+          // Remove unlogged users for >1 day
+          if (!u.sessionToken && tsNow - u.created > day)
+            db.run("DELETE FROM Users WHERE id = " + u.id);
+        });
+      });
+    });
+  },
 }
 
 module.exports = UserModel;