Commit | Line | Data |
---|---|---|
8d7e2786 BA |
1 | var db = require("../utils/database"); |
2 | var maild = require("../utils/mailer.js"); | |
badeb466 | 3 | var genToken = require("../utils/tokenGenerator"); |
c018b304 | 4 | var params = require("../config/parameters"); |
8d7e2786 BA |
5 | |
6 | /* | |
7 | * Structure: | |
8 | * _id: integer | |
9 | * name: varchar | |
10 | * email: varchar | |
11 | * loginToken: token on server only | |
12 | * loginTime: datetime (validity) | |
13 | * sessionToken: token in cookies for authentication | |
14 | * notify: boolean (send email notifications for corr games) | |
15 | */ | |
16 | ||
ab4f4bf2 | 17 | const UserModel = |
8d7e2786 | 18 | { |
ab4f4bf2 BA |
19 | // NOTE: parameters are already cleaned (in controller), thus no sanitization here |
20 | create: function(name, email, notify, callback) | |
21 | { | |
22 | db.serialize(function() { | |
23 | const insertQuery = | |
24 | "INSERT INTO Users " + | |
25 | "(name, email, notify) VALUES " + | |
26 | "('" + name + "', '" + email + "', " + notify + ")"; | |
27 | db.run(insertQuery, err => { | |
28 | if (!!err) | |
29 | return callback(err); | |
30 | db.get("SELECT last_insert_rowid() AS rowid", callback); | |
31 | }); | |
c018b304 | 32 | }); |
ab4f4bf2 | 33 | }, |
8d7e2786 | 34 | |
ab4f4bf2 BA |
35 | // Find one user (by id, name, email, or token) |
36 | getOne: function(by, value, cb) | |
37 | { | |
38 | const delimiter = (typeof value === "string" ? "'" : ""); | |
39 | db.serialize(function() { | |
40 | const query = | |
41 | "SELECT * " + | |
42 | "FROM Users " + | |
43 | "WHERE " + by + " = " + delimiter + value + delimiter; | |
44 | db.get(query, cb); | |
45 | }); | |
46 | }, | |
8d7e2786 | 47 | |
ab4f4bf2 BA |
48 | ///////// |
49 | // MODIFY | |
8d7e2786 | 50 | |
ab4f4bf2 BA |
51 | setLoginToken: function(token, uid, cb) |
52 | { | |
53 | db.serialize(function() { | |
54 | const query = | |
8a477a7e | 55 | "UPDATE Users " + |
ab4f4bf2 | 56 | "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " + |
8a477a7e | 57 | "WHERE id = " + uid; |
ab4f4bf2 | 58 | db.run(query, cb); |
0bd5933d | 59 | }); |
ab4f4bf2 | 60 | }, |
8d7e2786 | 61 | |
ab4f4bf2 BA |
62 | // Set session token only if empty (first login) |
63 | // TODO: weaker security (but avoid to re-login everywhere after each logout) | |
64 | trySetSessionToken: function(uid, cb) | |
65 | { | |
66 | // Also empty the login token to invalidate future attempts | |
67 | db.serialize(function() { | |
68 | const querySessionToken = | |
69 | "SELECT sessionToken " + | |
70 | "FROM Users " + | |
71 | "WHERE id = " + uid; | |
72 | db.get(querySessionToken, (err,ret) => { | |
73 | if (!!err) | |
74 | return cb(err); | |
75 | const token = ret.sessionToken || genToken(params.token.length); | |
76 | const queryUpdate = | |
77 | "UPDATE Users " + | |
78 | "SET loginToken = NULL" + | |
79 | (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + | |
80 | "WHERE id = " + uid; | |
81 | db.run(queryUpdate); | |
82 | cb(null, token); | |
83 | }); | |
84 | }); | |
85 | }, | |
86 | ||
87 | updateSettings: function(user, cb) | |
88 | { | |
89 | db.serialize(function() { | |
90 | const query = | |
91 | "UPDATE Users " + | |
92 | "SET name = '" + user.name + "'" + | |
93 | ", email = '" + user.email + "'" + | |
94 | ", notify = " + user.notify + " " + | |
95 | "WHERE id = " + user.id; | |
96 | db.run(query, cb); | |
97 | }); | |
98 | }, | |
8d7e2786 | 99 | } |
ab4f4bf2 BA |
100 | |
101 | module.exports = UserModel; |