'update'
[qomet.git] / routes / users.js
... / ...
CommitLineData
1let router = require("express").Router();
2const validator = require('../public/javascripts/utils/validation');
3const UserModel = require('../models/user');
4const maild = require('../utils/mailer');
5const TokenGen = require("../utils/tokenGenerator");
6const access = require("../utils/access");
7const params = require("../config/parameters");
8
9// to: object user
10function setAndSendLoginToken(subject, to, res)
11{
12 // Set login token and send welcome(back) email with auth link
13 let token = TokenGen.generate(params.token.length);
14 UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
15 access.checkRequest(res, err, ret, "Cannot set login token", () => {
16 maild.send({
17 from: params.mail.from,
18 to: to.email,
19 subject: subject,
20 body: "Hello " + to.initials + "!\n" +
21 "Access your account here: " +
22 params.siteURL + "/authenticate?token=" + token + "\\n" +
23 "Token will expire in " + params.token.expire/(1000*60) + " minutes."
24 }, err => {
25 res.json(err || {});
26 });
27 });
28 });
29}
30
31router.post('/register', access.ajax, access.unlogged, (req,res) => {
32 const newUser = {
33 email: req.body.email,
34 name: req.body.name,
35 };
36 let error = validator(newUser, "User");
37 if (error.length > 0)
38 return res.json({errmsg:error});
39 if (!UserModel.whitelistCheck(newUser.email))
40 return res.json({errmsg: "Email not in whitelist"});
41 UserModel.getByEmail(newUser.email, (err,user0) => {
42 access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
43 UserModel.create(newUser, (err,user) => {
44 access.checkRequest(res, err, user, "Registration failed", () => {
45 user.ip = req.ip;
46 setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
47 });
48 });
49 });
50 });
51});
52
53// Login:
54router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
55 const email = req.body.email;
56 let error = validator({email:email}, "User");
57 if (error.length > 0)
58 return res.json({errmsg:error});
59 UserModel.getByEmail(email, (err,user) => {
60 access.checkRequest(res, err, user, "Unknown user", () => {
61 user.ip = req.ip;
62 setAndSendLoginToken("Token for " + params.siteURL, user, res);
63 });
64 });
65});
66
67// Authentication process, optionally with email changing:
68router.put('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
69 const loginToken = req.params.token;
70 UserModel.getByLoginToken(loginToken, (err,user) => {
71 access.checkRequest(res, err, user, "Invalid token", () => {
72 if (user.loginToken.ip != req.ip)
73 return res.json({errmsg: "IP address mismatch"});
74 let now = new Date();
75 let tsNow = now.getTime();
76 // If token older than params.tokenExpire, do nothing
77 if (user.loginToken.timestamp + params.token.expire < tsNow)
78 return res.json({errmsg: "Token expired"});
79 // Generate and update session token + destroy login token
80 let token = TokenGen.generate(params.token.length);
81 UserModel.setSessionToken(token, user._id, (err,ret) => {
82 access.checkRequest(res, err, ret, "Authentication failed", () => {
83 // Set cookies and redirect to user main control panel
84 res.cookie("token", token, {
85 httpOnly: true,
86 maxAge: params.cookieExpire,
87 });
88 res.cookie("initials", user.initials, {
89 httpOnly: true,
90 maxAge: params.cookieExpire,
91 });
92 res.redirect("/" + user.initials);
93 });
94 });
95 });
96 });
97});
98
99router.put('/logout', access.logged, (req,res) => {
100 UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
101 access.checkRequest(res, err, ret, "Logout failed", () => {
102 res.clearCookie("initials");
103 res.clearCookie("token");
104 res.redirect('/');
105 });
106 });
107});
108
109module.exports = router;