| 1 | let router = require("express").Router(); |
| 2 | const validator = require('../public/javascripts/utils/validation'); |
| 3 | const UserModel = require('../models/user'); |
| 4 | const maild = require('../utils/mailer'); |
| 5 | const TokenGen = require("../utils/tokenGenerator"); |
| 6 | const access = require("../utils/access"); |
| 7 | const params = require("../config/parameters"); |
| 8 | |
| 9 | // to: object user |
| 10 | function setAndSendLoginToken(subject, to, res) |
| 11 | { |
| 12 | // Set login token and send welcome(back) email with auth link |
| 13 | let token = TokenGen.generate(params.token.length); |
| 14 | UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => { |
| 15 | access.checkRequest(res, err, ret, "Cannot set login token", () => { |
| 16 | maild.send({ |
| 17 | from: params.mail.from, |
| 18 | to: to.email, |
| 19 | subject: subject, |
| 20 | body: "Hello " + to.initials + "!\n" + |
| 21 | "Access your account here: " + |
| 22 | params.siteURL + "/authenticate?token=" + token + "\\n" + |
| 23 | "Token will expire in " + params.token.expire/(1000*60) + " minutes." |
| 24 | }, err => { |
| 25 | res.json(err || {}); |
| 26 | }); |
| 27 | }); |
| 28 | }); |
| 29 | } |
| 30 | |
| 31 | router.post('/register', access.ajax, access.unlogged, (req,res) => { |
| 32 | const newUser = { |
| 33 | email: req.body.email, |
| 34 | name: req.body.name, |
| 35 | }; |
| 36 | let error = validator(newUser, "User"); |
| 37 | if (error.length > 0) |
| 38 | return res.json({errmsg:error}); |
| 39 | if (!UserModel.whitelistCheck(newUser.email)) |
| 40 | return res.json({errmsg: "Email not in whitelist"}); |
| 41 | UserModel.getByEmail(newUser.email, (err,user0) => { |
| 42 | access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => { |
| 43 | UserModel.create(newUser, (err,user) => { |
| 44 | access.checkRequest(res, err, user, "Registration failed", () => { |
| 45 | user.ip = req.ip; |
| 46 | setAndSendLoginToken("Welcome to " + params.siteURL, user, res); |
| 47 | }); |
| 48 | }); |
| 49 | }); |
| 50 | }); |
| 51 | }); |
| 52 | |
| 53 | // Login: |
| 54 | router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => { |
| 55 | const email = req.body.email; |
| 56 | let error = validator({email:email}, "User"); |
| 57 | if (error.length > 0) |
| 58 | return res.json({errmsg:error}); |
| 59 | UserModel.getByEmail(email, (err,user) => { |
| 60 | access.checkRequest(res, err, user, "Unknown user", () => { |
| 61 | user.ip = req.ip; |
| 62 | setAndSendLoginToken("Token for " + params.siteURL, user, res); |
| 63 | }); |
| 64 | }); |
| 65 | }); |
| 66 | |
| 67 | // Authentication process, optionally with email changing: |
| 68 | router.put('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => { |
| 69 | const loginToken = req.params.token; |
| 70 | UserModel.getByLoginToken(loginToken, (err,user) => { |
| 71 | access.checkRequest(res, err, user, "Invalid token", () => { |
| 72 | if (user.loginToken.ip != req.ip) |
| 73 | return res.json({errmsg: "IP address mismatch"}); |
| 74 | let now = new Date(); |
| 75 | let tsNow = now.getTime(); |
| 76 | // If token older than params.tokenExpire, do nothing |
| 77 | if (user.loginToken.timestamp + params.token.expire < tsNow) |
| 78 | return res.json({errmsg: "Token expired"}); |
| 79 | // Generate and update session token + destroy login token |
| 80 | let token = TokenGen.generate(params.token.length); |
| 81 | UserModel.setSessionToken(token, user._id, (err,ret) => { |
| 82 | access.checkRequest(res, err, ret, "Authentication failed", () => { |
| 83 | // Set cookies and redirect to user main control panel |
| 84 | res.cookie("token", token, { |
| 85 | httpOnly: true, |
| 86 | maxAge: params.cookieExpire, |
| 87 | }); |
| 88 | res.cookie("initials", user.initials, { |
| 89 | httpOnly: true, |
| 90 | maxAge: params.cookieExpire, |
| 91 | }); |
| 92 | res.redirect("/" + user.initials); |
| 93 | }); |
| 94 | }); |
| 95 | }); |
| 96 | }); |
| 97 | }); |
| 98 | |
| 99 | router.put('/logout', access.logged, (req,res) => { |
| 100 | UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => { |
| 101 | access.checkRequest(res, err, ret, "Logout failed", () => { |
| 102 | res.clearCookie("initials"); |
| 103 | res.clearCookie("token"); |
| 104 | res.redirect('/'); |
| 105 | }); |
| 106 | }); |
| 107 | }); |
| 108 | |
| 109 | module.exports = router; |