Implement cleaning methods (CRON tasks)
[vchess.git] / server / routes / users.js
1 // AJAX methods to get, create, update or delete a user
2
3 var router = require("express").Router();
4 var UserModel = require('../models/User');
5 var sendEmail = require('../utils/mailer');
6 var genToken = require("../utils/tokenGenerator");
7 var access = require("../utils/access");
8 var params = require("../config/parameters");
9
10 router.get("/whoami", access.ajax, (req,res) => {
11 const callback = (user) => {
12 return res.json({
13 name: user.name,
14 email: user.email,
15 id: user.id,
16 notify: user.notify,
17 });
18 };
19 const anonymous = {name:"", email:"", id:0, notify:false};
20 if (!req.cookies.token)
21 return callback(anonymous);
22 UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
23 if (!!err || !user)
24 callback(anonymous);
25 else (!!user)
26 callback(user);
27 });
28 });
29
30 router.get("/users", access.ajax, (req,res) => {
31 const ids = req.query["ids"];
32 UserModel.getByIds(ids, (err,users) => {
33 if (!!err)
34 return res.json({errmsg: err.toString()});
35 return res.json({users:users});
36 });
37 });
38
39 // to: object user (to who we send an email)
40 function setAndSendLoginToken(subject, to, res)
41 {
42 // Set login token and send welcome(back) email with auth link
43 const token = genToken(params.token.length);
44 UserModel.setLoginToken(token, to.id, err => {
45 if (!!err)
46 return res.json({errmsg: err.toString()});
47 const body =
48 "Hello " + to.name + "!\\n" +
49 "Access your account here: " +
50 params.siteURL + "/#/authenticate/" + token + "\\n" +
51 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
52 sendEmail(params.mail.noreply, to.email, subject, body, err => {
53 res.json(err || {});
54 });
55 });
56 }
57
58 router.post('/register', access.unlogged, access.ajax, (req,res) => {
59 const name = req.body.name;
60 const email = req.body.email;
61 const notify = !!req.body.notify;
62 const error = UserModel.checkNameEmail({name: name, email: email});
63 if (!!error)
64 return res.json({errmsg: error});
65 UserModel.create(name, email, notify, (err,uid) => {
66 if (!!err)
67 return res.json({errmsg: err.toString()});
68 const user = {
69 id: uid["rowid"],
70 name: name,
71 email: email,
72 };
73 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
74 });
75 });
76
77 router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
78 const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
79 const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
80 const error = UserModel.checkNameEmail({[type]: nameOrEmail});
81 if (!!error)
82 return res.json({errmsg: error});
83 UserModel.getOne(type, nameOrEmail, (err,user) => {
84 access.checkRequest(res, err, user, "Unknown user", () => {
85 setAndSendLoginToken("Token for " + params.siteURL, user, res);
86 });
87 });
88 });
89
90 router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
91 UserModel.getOne("loginToken", req.query.token, (err,user) => {
92 access.checkRequest(res, err, user, "Invalid token", () => {
93 // If token older than params.tokenExpire, do nothing
94 if (Date.now() > user.loginTime + params.token.expire)
95 return res.json({errmsg: "Token expired"});
96 // Generate session token (if not exists) + destroy login token
97 UserModel.trySetSessionToken(user.id, (err,token) => {
98 if (!!err)
99 return res.json({errmsg: err.toString()});
100 // Set cookie
101 res.cookie("token", token, {
102 httpOnly: true,
103 secure: !!params.siteURL.match(/^https/),
104 maxAge: params.cookieExpire,
105 });
106 res.json({
107 id: user.id,
108 name: user.name,
109 email: user.email,
110 notify: user.notify,
111 });
112 });
113 });
114 });
115 });
116
117 router.put('/update', access.logged, access.ajax, (req,res) => {
118 const name = req.body.name;
119 const email = req.body.email;
120 const error = UserModel.checkNameEmail({name: name, email: email});
121 if (!!error)
122 return res.json({errmsg: error});
123 const user = {
124 id: req.userId,
125 name: name,
126 email: email,
127 notify: !!req.body.notify,
128 };
129 UserModel.updateSettings(user, err => {
130 res.json(err ? {errmsg: err.toString()} : {});
131 });
132 });
133
134 router.get('/logout', access.logged, access.ajax, (req,res) => {
135 res.clearCookie("token");
136 res.json({});
137 });
138
139 module.exports = router;