[qomet.git] / routes / users.js

let router = require("express").Router();
const validator = require('../public/javascripts/utils/validation');
const UserModel = require('../models/user');
const maild = require('../utils/mailer');
const TokenGen = require("../utils/tokenGenerator");
const access = require("../utils/access");
const params = require("../config/parameters");

// to: object user
function setAndSendLoginToken(subject, to, res)
{
	// Set login token and send welcome(back) email with auth link
	let token = TokenGen.generate(params.token.length);
	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
		access.checkRequest(res, err, ret, "Cannot set login token", () => {
			maild.send({
				from: params.mail.from,
				to: to.email,
				subject: subject,
				body: "Hello " + to.initials + "!\n" +
					"Access your account here: " +
					params.siteURL + "/authenticate/" + token + "\\n" +
					"Token will expire in " + params.token.expire/(1000*60) + " minutes."
			}, err => {
				res.json(err || {});
			});
		});
	});
}

router.post('/register', access.ajax, access.unlogged, (req,res) => {
	const newUser = {
		email: decodeURIComponent(req.body.email),
		name: decodeURIComponent(req.body.name),
	};
	let error = validator(newUser, "User");
	if (error.length > 0)
		return res.json({errmsg:error});
	if (!UserModel.whitelistCheck(newUser.email))
		return res.json({errmsg: "Email not in whitelist"});
	UserModel.getByEmail(newUser.email, (err,user0) => {
		access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
			UserModel.create(newUser, (err,user) => {
				access.checkRequest(res, err, user, "Registration failed", () => {
					user.ip = req.ip;
					setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
				});
			});
		});
	});
});

// Login:
router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
	const email = decodeURIComponent(req.body.email);
	let error = validator({email:email}, "User");
	if (error.length > 0)
		return res.json({errmsg:error});
	UserModel.getByEmail(email, (err,user) => {
		access.checkRequest(res, err, user, "Unknown user", () => {
			user.ip = req.ip;
			setAndSendLoginToken("Token for " + params.siteURL, user, res);
		});
	});
});

// Authentication process, optionally with email changing:
router.get('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
	const loginToken = req.params.token;
	UserModel.getByLoginToken(loginToken, (err,user) => {
		access.checkRequest(res, err, user, "Invalid token", () => {
			if (user.loginToken.ip != req.ip)
				return res.json({errmsg: "IP address mismatch"});
			let now = new Date();
			let tsNow = now.getTime();
			// If token older than params.tokenExpire, do nothing
			if (user.loginToken.timestamp + params.token.expire < tsNow)
				return res.json({errmsg: "Token expired"});
			// Generate and update session token + destroy login token
			let token = TokenGen.generate(params.token.length);
			UserModel.setSessionToken(token, user._id, (err,ret) => {
				access.checkRequest(res, err, ret, "Authentication failed", () => {
					// Set cookies and redirect to user main control panel
					res.cookie("token", token, {
						httpOnly: true,
						maxAge: params.cookieExpire,
					});
					res.cookie("initials", user.initials, {
						httpOnly: true,
						maxAge: params.cookieExpire,
					});
					res.redirect("/" + user.initials);
				});
			});
		});
	});
});

router.get('/logout', access.logged, (req,res) => {
	UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
		access.checkRequest(res, err, ret, "Logout failed", () => {
			res.clearCookie("initials");
			res.clearCookie("token");
			res.redirect('/');
		});
	});
});

module.exports = router;
Commit	Line	Data
	1	let router = require("express").Router();
	2	const validator = require('../public/javascripts/utils/validation');
	3	const UserModel = require('../models/user');
	4	const maild = require('../utils/mailer');
	5	const TokenGen = require("../utils/tokenGenerator");
	6	const access = require("../utils/access");
	7	const params = require("../config/parameters");
	8
	9	// to: object user
	10	function setAndSendLoginToken(subject, to, res)
	11	{
	12	// Set login token and send welcome(back) email with auth link
	13	let token = TokenGen.generate(params.token.length);
	14	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
	15	access.checkRequest(res, err, ret, "Cannot set login token", () => {
	16	maild.send({
	17	from: params.mail.from,
	18	to: to.email,
	19	subject: subject,
	20	body: "Hello " + to.initials + "!\n" +
	21	"Access your account here: " +
	22	params.siteURL + "/authenticate/" + token + "\\n" +
	23	"Token will expire in " + params.token.expire/(1000*60) + " minutes."
	24	}, err => {
	25	res.json(err \|\| {});
	26	});
	27	});
	28	});
	29	}
	30
	31	router.post('/register', access.ajax, access.unlogged, (req,res) => {
	32	const newUser = {
	33	email: decodeURIComponent(req.body.email),
	34	name: decodeURIComponent(req.body.name),
	35	};
	36	let error = validator(newUser, "User");
	37	if (error.length > 0)
	38	return res.json({errmsg:error});
	39	if (!UserModel.whitelistCheck(newUser.email))
	40	return res.json({errmsg: "Email not in whitelist"});
	41	UserModel.getByEmail(newUser.email, (err,user0) => {
	42	access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
	43	UserModel.create(newUser, (err,user) => {
	44	access.checkRequest(res, err, user, "Registration failed", () => {
	45	user.ip = req.ip;
	46	setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
	47	});
	48	});
	49	});
	50	});
	51	});
	52
	53	// Login:
	54	router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
	55	const email = decodeURIComponent(req.body.email);
	56	let error = validator({email:email}, "User");
	57	if (error.length > 0)
	58	return res.json({errmsg:error});
	59	UserModel.getByEmail(email, (err,user) => {
	60	access.checkRequest(res, err, user, "Unknown user", () => {
	61	user.ip = req.ip;
	62	setAndSendLoginToken("Token for " + params.siteURL, user, res);
	63	});
	64	});
	65	});
	66
	67	// Authentication process, optionally with email changing:
	68	router.get('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
	69	const loginToken = req.params.token;
	70	UserModel.getByLoginToken(loginToken, (err,user) => {
	71	access.checkRequest(res, err, user, "Invalid token", () => {
	72	if (user.loginToken.ip != req.ip)
	73	return res.json({errmsg: "IP address mismatch"});
	74	let now = new Date();
	75	let tsNow = now.getTime();
	76	// If token older than params.tokenExpire, do nothing
	77	if (user.loginToken.timestamp + params.token.expire < tsNow)
	78	return res.json({errmsg: "Token expired"});
	79	// Generate and update session token + destroy login token
	80	let token = TokenGen.generate(params.token.length);
	81	UserModel.setSessionToken(token, user._id, (err,ret) => {
	82	access.checkRequest(res, err, ret, "Authentication failed", () => {
	83	// Set cookies and redirect to user main control panel
	84	res.cookie("token", token, {
	85	httpOnly: true,
	86	maxAge: params.cookieExpire,
	87	});
	88	res.cookie("initials", user.initials, {
	89	httpOnly: true,
	90	maxAge: params.cookieExpire,
	91	});
	92	res.redirect("/" + user.initials);
	93	});
	94	});
	95	});
	96	});
	97	});
	98
	99	router.get('/logout', access.logged, (req,res) => {
	100	UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
	101	access.checkRequest(res, err, ret, "Logout failed", () => {
	102	res.clearCookie("initials");
	103	res.clearCookie("token");
	104	res.redirect('/');
	105	});
	106	});
	107	});
	108
	109	module.exports = router;