[vchess.git] / routes / users.js

var router = require("express").Router();
var UserModel = require('../models/User');
var sendEmail = require('../utils/mailer');
var TokenGen = require("../utils/tokenGenerator");
var access = require("../utils/access");
var params = require("../config/parameters");
var checkNameEmail = require("../public/javascripts/shared/userCheck")

// to: object user
function setAndSendLoginToken(subject, to, res)
{
	// Set login token and send welcome(back) email with auth link
	let token = TokenGen.generate(params.token.length);
	UserModel.setLoginToken(token, to._id, (err,ret) => {
		access.checkRequest(res, err, ret, "Cannot set login token", () => {
			const body =
				"Hello " + to.name + "!\n" +
				"Access your account here: " +
				params.siteURL + "/authenticate?token=" + token + "\\n" +
				"Token will expire in " + params.token.expire/(1000*60) + " minutes."
			sendEmail(params.mail.from, to.email, subject, body, err => {
				res.json(err || {});
			});
		});
	});
}

// AJAX user life cycle...

router.post('/register', access.unlogged, access.ajax, (req,res) => {
	const name = req.body.name;
	const email = req.body.email;
	const notify = !!req.body.notify;
	const error = checkNameEmail({name: name, email: email});
	if (!!error)
		return res.json({errmsg: error});
	UserModel.create(name, email, notify, (err,user) => {
		access.checkRequest(res, err, user, "Registration failed", () => {
			setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
		});
	});
});

router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
	const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
	const error = checkNameEmail({[type]: nameOrEmail});
	if (!!error)
		return res.json({errmsg: error});
	UserModel.getOne(type, nameOrEmail, (err,user) => {
		access.checkRequest(res, err, user, "Unknown user", () => {
			setAndSendLoginToken("Token for " + params.siteURL, user, res);
		});
	});
});

router.get('/authenticate', access.unlogged, (req,res) => {
	UserModel.getByLoginToken(req.query.token, (err,user) => {
		access.checkRequest(res, err, user, "Invalid token", () => {
			// If token older than params.tokenExpire, do nothing
			if (Date.now() > user.loginTime + params.token.expire)
				return res.json({errmsg: "Token expired"});
			// Generate session token (if not exists) + destroy login token
			UserModel.trySetSessionToken(user._id, (err,token) => {
				if (!!err)
					return res.json(err);
				// Set cookie
				res.cookie("token", token, {
					httpOnly: true,
					secure: true,
					maxAge: params.cookieExpire
				});
				res.redirect("/");
			});
		});
	});
});

router.put('/settings', access.logged, access.ajax, (req,res) => {
	let user = JSON.parse(req.body.user);
	const error = checkNameEmail({name: user.name, email: user.email});
	if (!!error)
		return res.json({errmsg: error});
	user.notify = !!user.notify; //in case of...
	user._id = res.locals.user._id; //in case of...
	UserModel.updateSettings(user, (err,ret) => {
		access.checkRequest(res, err, ret, "Settings update failed", () => {
			res.json({});
		});
	});
});

// Logout on server because the token cookie is secured + http-only
router.get('/logout', access.logged, (req,res) => {
	res.clearCookie("token");
	res.redirect('/');
});

module.exports = router;
Commit	Line	Data
8d7e2786 BA	1	var router = require("express").Router();
8d7e2786 BA	2	var UserModel = require('../models/User');
0bd5933d	3	var sendEmail = require('../utils/mailer');
8d7e2786 BA	4	var TokenGen = require("../utils/tokenGenerator");
8d7e2786 BA	5	var access = require("../utils/access");
0bd5933d	6	var params = require("../config/parameters");
8a477a7e	7	var checkNameEmail = require("../public/javascripts/shared/userCheck")
8d7e2786 BA	8
	9	// to: object user
	10	function setAndSendLoginToken(subject, to, res)
	11	{
	12	// Set login token and send welcome(back) email with auth link
	13	let token = TokenGen.generate(params.token.length);
0bd5933d	14	UserModel.setLoginToken(token, to._id, (err,ret) => {
8d7e2786	15	access.checkRequest(res, err, ret, "Cannot set login token", () => {
0bd5933d	16	const body =
8a477a7e	17	"Hello " + to.name + "!\n" +
0bd5933d BA	18	"Access your account here: " +
	19	params.siteURL + "/authenticate?token=" + token + "\\n" +
	20	"Token will expire in " + params.token.expire/(1000*60) + " minutes."
	21	sendEmail(params.mail.from, to.email, subject, body, err => {
8d7e2786 BA	22	res.json(err \|\| {});
	23	});
	24	});
	25	});
	26	}
	27
	28	// AJAX user life cycle...
	29
	30	router.post('/register', access.unlogged, access.ajax, (req,res) => {
8a477a7e BA	31	const name = req.body.name;
	32	const email = req.body.email;
	33	const notify = !!req.body.notify;
	34	const error = checkNameEmail({name: name, email: email});
	35	if (!!error)
8d7e2786	36	return res.json({errmsg: error});
8a477a7e	37	UserModel.create(name, email, notify, (err,user) => {
8d7e2786	38	access.checkRequest(res, err, user, "Registration failed", () => {
8d7e2786 BA	39	setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
	40	});
	41	});
	42	});
	43
8a477a7e BA	44	router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	45	const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
	46	const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
	47	const error = checkNameEmail({[type]: nameOrEmail});
	48	if (!!error)
8d7e2786	49	return res.json({errmsg: error});
8a477a7e	50	UserModel.getOne(type, nameOrEmail, (err,user) => {
8d7e2786 BA	51	access.checkRequest(res, err, user, "Unknown user", () => {
	52	setAndSendLoginToken("Token for " + params.siteURL, user, res);
	53	});
	54	});
	55	});
	56
	57	router.get('/authenticate', access.unlogged, (req,res) => {
	58	UserModel.getByLoginToken(req.query.token, (err,user) => {
	59	access.checkRequest(res, err, user, "Invalid token", () => {
8d7e2786	60	// If token older than params.tokenExpire, do nothing
0bd5933d	61	if (Date.now() > user.loginTime + params.token.expire)
8d7e2786	62	return res.json({errmsg: "Token expired"});
0bd5933d BA	63	// Generate session token (if not exists) + destroy login token
0bd5933d BA	64	UserModel.trySetSessionToken(user._id, (err,token) => {
8d7e2786 BA	65	if (!!err)
	66	return res.json(err);
	67	// Set cookie
	68	res.cookie("token", token, {
	69	httpOnly: true,
0bd5933d	70	secure: true,
8d7e2786 BA	71	maxAge: params.cookieExpire
	72	});
	73	res.redirect("/");
	74	});
	75	});
	76	});
	77	});
	78
	79	router.put('/settings', access.logged, access.ajax, (req,res) => {
8a477a7e BA	80	let user = JSON.parse(req.body.user);
	81	const error = checkNameEmail({name: user.name, email: user.email});
	82	if (!!error)
	83	return res.json({errmsg: error});
	84	user.notify = !!user.notify; //in case of...
	85	user._id = res.locals.user._id; //in case of...
8d7e2786 BA	86	UserModel.updateSettings(user, (err,ret) => {
	87	access.checkRequest(res, err, ret, "Settings update failed", () => {
	88	res.json({});
	89	});
	90	});
	91	});
	92
0bd5933d	93	// Logout on server because the token cookie is secured + http-only
8d7e2786	94	router.get('/logout', access.logged, (req,res) => {
0bd5933d BA	95	res.clearCookie("token");
0bd5933d BA	96	res.redirect('/');
8d7e2786 BA	97	});
	98
	99	module.exports = router;