[vchess.git] / routes / users.js

var router = require("express").Router();
var UserModel = require('../models/User');
var maild = require('../utils/mailer');
var TokenGen = require("../utils/tokenGenerator");
var access = require("../utils/access");

// to: object user
function setAndSendLoginToken(subject, to, res)
{
	// Set login token and send welcome(back) email with auth link
	let token = TokenGen.generate(params.token.length);
	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
		access.checkRequest(res, err, ret, "Cannot set login token", () => {
			maild.send({
				from: params.mail.from,
				to: to.email,
				subject: subject,
				body: "Hello " + to.initials + "!\n" +
					"Access your account here: " +
					params.siteURL + "/authenticate?token=" + token + "\\n" +
					"Token will expire in " + params.token.expire/(1000*60) + " minutes."
			}, err => {
				res.json(err || {});
			});
		});
	});
}

// AJAX user life cycle...

router.post('/register', access.unlogged, access.ajax, (req,res) => {
	let name = decodeURIComponent(req.body.name);
	let email = decodeURIComponent(req.body.email);
	let error = checkObject({name:name, email:email}, "User");
	if (error.length > 0)
		return res.json({errmsg: error});
	UserModel.create(name, email, (err,user) => {
		access.checkRequest(res, err, user, "Registration failed", () => {
			user.ip = req.ip;
			setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
		});
	});
});

router.put('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	let email = decodeURIComponent(req.body.email);
	let error = checkObject({email:email}, "User");
	console.log(email)
	if (error.length > 0)
		return res.json({errmsg: error});
	UserModel.getByEmail(email, (err,user) => {
		access.checkRequest(res, err, user, "Unknown user", () => {
			setAndSendLoginToken("Token for " + params.siteURL, user, res);
		});
	});
});

router.get('/authenticate', access.unlogged, (req,res) => {
	UserModel.getByLoginToken(req.query.token, (err,user) => {
		access.checkRequest(res, err, user, "Invalid token", () => {
			if (user.loginToken.ip != req.ip)
				return res.json({errmsg: "IP address mismatch"});
			let now = new Date();
			let tsNow = now.getTime();
			// If token older than params.tokenExpire, do nothing
			if (user.loginToken.timestamp + params.token.expire < tsNow)
				return res.json({errmsg: "Token expired"});
			// Generate and update session token + destroy login token
			let token = TokenGen.generate(params.token.length);
			UserModel.setSessionToken(token, user._id, (err,ret) => {
				if (!!err)
					return res.json(err);
				// Set cookie
				res.cookie("token", token, {
					httpOnly: true,
					maxAge: params.cookieExpire
				});
				res.redirect("/");
			});
		});
	});
});

router.put('/settings', access.logged, access.ajax, (req,res) => {
	let user = JSON.parse(req.body.user);
	let error = checkObject(user, "User");
	if (error.length > 0)
		return res.json({errmsg: error});
	user._id = ObjectID(req.user._id);
	UserModel.updateSettings(user, (err,ret) => {
		access.checkRequest(res, err, ret, "Settings update failed", () => {
			res.json({});
		});
	});
});

router.get('/logout', access.logged, (req,res) => {
	// TODO: cookie + redirect is enough (https, secure cookie
	// https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/ )
	UserModel.logout(req.cookies.token, (err,ret) => {
		access.checkRequest(res, err, ret, "Logout failed", () => {
			res.clearCookie("token");
			req.user = null;
			res.redirect('/');
		});
	});
});

module.exports = router;
Commit	Line	Data
8d7e2786 BA	1	var router = require("express").Router();
	2	var UserModel = require('../models/User');
	3	var maild = require('../utils/mailer');
	4	var TokenGen = require("../utils/tokenGenerator");
	5	var access = require("../utils/access");
	6
	7	// to: object user
	8	function setAndSendLoginToken(subject, to, res)
	9	{
	10	// Set login token and send welcome(back) email with auth link
	11	let token = TokenGen.generate(params.token.length);
	12	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
	13	access.checkRequest(res, err, ret, "Cannot set login token", () => {
	14	maild.send({
	15	from: params.mail.from,
	16	to: to.email,
	17	subject: subject,
	18	body: "Hello " + to.initials + "!\n" +
	19	"Access your account here: " +
	20	params.siteURL + "/authenticate?token=" + token + "\\n" +
	21	"Token will expire in " + params.token.expire/(1000*60) + " minutes."
	22	}, err => {
	23	res.json(err \|\| {});
	24	});
	25	});
	26	});
	27	}
	28
	29	// AJAX user life cycle...
	30
	31	router.post('/register', access.unlogged, access.ajax, (req,res) => {
	32	let name = decodeURIComponent(req.body.name);
	33	let email = decodeURIComponent(req.body.email);
	34	let error = checkObject({name:name, email:email}, "User");
	35	if (error.length > 0)
	36	return res.json({errmsg: error});
	37	UserModel.create(name, email, (err,user) => {
	38	access.checkRequest(res, err, user, "Registration failed", () => {
	39	user.ip = req.ip;
	40	setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
	41	});
	42	});
	43	});
	44
	45	router.put('/sendtoken', access.unlogged, access.ajax, (req,res) => {
	46	let email = decodeURIComponent(req.body.email);
	47	let error = checkObject({email:email}, "User");
	48	console.log(email)
	49	if (error.length > 0)
	50	return res.json({errmsg: error});
	51	UserModel.getByEmail(email, (err,user) => {
	52	access.checkRequest(res, err, user, "Unknown user", () => {
	53	setAndSendLoginToken("Token for " + params.siteURL, user, res);
	54	});
	55	});
	56	});
	57
	58	router.get('/authenticate', access.unlogged, (req,res) => {
	59	UserModel.getByLoginToken(req.query.token, (err,user) => {
	60	access.checkRequest(res, err, user, "Invalid token", () => {
	61	if (user.loginToken.ip != req.ip)
	62	return res.json({errmsg: "IP address mismatch"});
	63	let now = new Date();
	64	let tsNow = now.getTime();
65	// If token older than params.tokenExpire, do nothing
66	if (user.loginToken.timestamp + params.token.expire < tsNow)
67	return res.json({errmsg: "Token expired"});
68	// Generate and update session token + destroy login token
69	let token = TokenGen.generate(params.token.length);
70	UserModel.setSessionToken(token, user._id, (err,ret) => {
71	if (!!err)
72	return res.json(err);
73	// Set cookie
74	res.cookie("token", token, {
75	httpOnly: true,
76	maxAge: params.cookieExpire
77	});
78	res.redirect("/");
79	});
80	});
81	});
82	});
83
84	router.put('/settings', access.logged, access.ajax, (req,res) => {
85	let user = JSON.parse(req.body.user);
86	let error = checkObject(user, "User");
87	if (error.length > 0)
88	return res.json({errmsg: error});
89	user._id = ObjectID(req.user._id);
90	UserModel.updateSettings(user, (err,ret) => {
91	access.checkRequest(res, err, ret, "Settings update failed", () => {
92	res.json({});
93	});
94	});
95	});
96
97	router.get('/logout', access.logged, (req,res) => {
98	// TODO: cookie + redirect is enough (https, secure cookie
99	// https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/ )
100	UserModel.logout(req.cookies.token, (err,ret) => {
101	access.checkRequest(res, err, ret, "Logout failed", () => {
102	res.clearCookie("token");
103	req.user = null;
104	res.redirect('/');
105	});
106	});
107	});
108
109	module.exports = router;