// User creation
exports.create = function(name, email, notify, callback)
{
- if (!notify)
- notify = false; //default
db.serialize(function() {
- db.run(
+ const query =
"INSERT INTO Users " +
"(name, email, notify) VALUES " +
- "(" + name + "," + email + "," + notify + ")");
+ "('" + name + "', '" + email + "', " + notify + ")";
+ db.run(query, callback); //TODO: need to get the inserted user (how ?)
});
}
{
const delimiter = (typeof value === "string" ? "'" : "");
db.serialize(function() {
- db.get(
+ const query =
"SELECT * FROM Users " +
- "WHERE " + by + " = " + delimiter + value + delimiter,
- callback);
+ "WHERE " + by + " = " + delimiter + value + delimiter;
+ db.get(query, cb);
});
}
exports.setLoginToken = function(token, uid, cb)
{
db.serialize(function() {
- db.run(
+ const query =
"UPDATE Users " +
"SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
- "WHERE id = " + uid);
+ "WHERE id = " + uid;
+ db.run(query, cb);
});
}
{
// Also empty the login token to invalidate future attempts
db.serialize(function() {
- db.get(
+ const querySessionTOken =
"SELECT sessionToken " +
"FROM Users " +
- "WHERE id = " + uid, (err,token) => {
- if (!!err)
- return cb(err);
- const newToken = token || TokenGen.generate(params.token.length);
- db.run(
- "UPDATE Users " +
- "SET loginToken = NULL " +
- (!token ? "AND sessionToken = " + newToken + " " : "") +
- "WHERE id = " + uid);
+ "WHERE id = " + uid;
+ db.get(querySessionToken, (err,token) => {
+ if (!!err)
+ return cb(err);
+ const newToken = token || TokenGen.generate(params.token.length);
+ const queryUpdate =
+ "UPDATE Users " +
+ "SET loginToken = NULL " +
+ (!token ? "AND sessionToken = " + newToken + " " : "") +
+ "WHERE id = " + uid;
+ db.run(queryUpdate);
cb(null, newToken);
});
});
exports.updateSettings = function(user, cb)
{
db.serialize(function() {
- db.run(
+ const query =
"UPDATE Users " +
"SET name = " + user.name +
" AND email = " + user.email +
" AND notify = " + user.notify + " " +
- "WHERE id = " + user._id);
+ "WHERE id = " + user._id;
+ db.run(query, cb);
});
}