routes/users.js

   1 let router = require("express").Router();
   2 const validator = require('../public/javascripts/utils/validation');
   3 const UserModel = require('../models/user');
   4 const UserEntity = require('../entities/user');
   5 const maild = require('../utils/mailer');
   6 const TokenGen = require("../utils/tokenGenerator");
   7 const access = require("../utils/access");
   8 const params = require("../config/parameters");
   9
  10 // to: object user
  11 function sendLoginToken(subject, to, res)
  12 {
  13     // Set login token and send welcome(back) email with auth link
  14     let token = TokenGen.generate(params.token.length);
  15     UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => {
  16         access.checkRequest(res, err, ret, "Cannot set login token", () => {
  17             maild.send({
  18                 from: params.mail.from,
  19                 to: to.email,
  20                 subject: subject,
  21                 body: "Hello " + to.initials + "!\n" +
  22                     "Access your account here: " +
  23                     params.siteURL + "/authenticate?token=" + token + "\\n" +
  24                     "Token will expire in " + params.token.expire/(1000*60) + " minutes."
  25             }, err => {
  26                 res.json(err || {});
  27             });
  28         });
  29     });
  30 }
  31
  32 router.get('/register', access.ajax, access.unlogged, (req,res) => {
  33     let email = decodeURIComponent(req.query.email);
  34     let name = decodeURIComponent(req.query.name);
  35     const newUser = {
  36         email: email,
  37         name: name,
  38     };
  39     let error = validator(newUser, "User");
  40     if (error.length > 0)
  41         return res.json({errmsg:error});
  42     if (!UserModel.whitelistCheck(newUser.email))
  43         return res.json({errmsg: "Email not in whitelist"});
  44     UserEntity.getByEmail(newUser.email, (err,user0) => {
  45         access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
  46             UserModel.create(newUser, (err,user) => {
  47                 access.checkRequest(res, err, user, "Registration failed", () => {
  48                     user.ip = req.ip;
  49                     sendLoginToken("Welcome to " + params.siteURL, user, res);
  50                 });
  51             });
  52         });
  53     });
  54 });
  55
  56 // Login:
  57 router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
  58     let email = decodeURIComponent(req.query.email);
  59     let error = validator({email:email}, "User");
  60     if (error.length > 0)
  61         return res.json({errmsg:error});
  62     UserEntity.getByEmail(email, (err,user) => {
  63         access.checkRequest(res, err, user, "Unknown user", () => {
  64             user.ip = req.ip;
  65             sendLoginToken("Token for " + params.siteURL, user, res);
  66         });
  67     });
  68 });
  69
  70 // Authentication process, optionally with email changing:
  71 router.get('/authenticate', access.unlogged, (req,res) => {
  72     let loginToken = req.query.token;
  73     let error = validator({token:loginToken}, "User");
  74     if (error.length > 0)
  75         return res.json({errmsg:error});
  76     UserEntity.getByLoginToken(loginToken, (err,user) => {
  77         access.checkRequest(res, err, user, "Invalid token", () => {
  78             if (user.loginToken.ip != req.ip)
  79                 return res.json({errmsg: "IP address mismatch"});
  80             let now = new Date();
  81             let tsNow = now.getTime();
  82             // If token older than params.tokenExpire, do nothing
  83             if (user.loginToken.timestamp + params.token.expire < tsNow)
  84                 return res.json({errmsg: "Token expired"});
  85             // Generate and update session token + destroy login token
  86             let token = TokenGen.generate(params.token.length);
  87             UserEntity.setSessionToken(token, user._id, (err,ret) => {
  88                 access.checkRequest(res, err, ret, "Authentication failed", () => {
  89                     // Set cookies and redirect to user main control panel
  90                     res.cookie("token", token, {
  91                         httpOnly: true,
  92                         maxAge: params.cookieExpire,
  93                     });
  94                     res.cookie("initials", user.initials, {
  95                         httpOnly: true,
  96                         maxAge: params.cookieExpire,
  97                     });
  98                     res.redirect("/" + user.initials);
  99                 });
 100             });
 101         });
 102     });
 103 });
 104
 105 router.get('/logout', access.logged, (req,res) => {
 106     UserModel.logout(req.user._id, req.cookies.token, (err,ret) => {
 107         access.checkRequest(res, err, ret, "Logout failed", () => {
 108             res.clearCookie("initials");
 109             res.clearCookie("token");
 110             res.redirect('/');
 111         });
 112     });
 113 });
 114
 115 module.exports = router;