1 // AJAX methods to get, create, update or delete a user
3 let router
= require("express").Router();
4 const UserModel
= require('../models/User');
5 const sendEmail
= require('../utils/mailer');
6 const genToken
= require("../utils/tokenGenerator");
7 const access
= require("../utils/access");
8 const params
= require("../config/parameters");
10 // NOTE: this method is safe because the sessionToken must be guessed
11 router
.get("/whoami", access
.ajax
, (req
,res
) => {
12 const callback
= (user
) => {
20 const anonymous
= {name:"", email:"", id:0, notify:false};
21 if (!req
.cookies
.token
)
22 return callback(anonymous
);
23 if (!req
.cookies
.token
.match(/^[a-z0-9]+$/))
24 return res
.json({errmsg: "Bad token"});
25 UserModel
.getOne("sessionToken", req
.cookies
.token
, function(err
, user
) {
33 // NOTE: this method is safe because only IDs and names are returned
34 router
.get("/users", access
.ajax
, (req
,res
) => {
35 const ids
= req
.query
["ids"];
36 if (!!ids
&& !ids
.match(/^([0-9]+,?)+$/)) //NOTE: slightly too permissive
37 return res
.json({errmsg: "Bad IDs array"});
38 UserModel
.getByIds(ids
, (err
,users
) => {
40 return res
.json({errmsg: err
.toString()});
41 return res
.json({users:users
});
45 // to: object user (to who we send an email)
46 function setAndSendLoginToken(subject
, to
, res
)
48 // Set login token and send welcome(back) email with auth link
49 const token
= genToken(params
.token
.length
);
50 UserModel
.setLoginToken(token
, to
.id
, err
=> {
52 return res
.json({errmsg: err
.toString()});
54 "Hello " + to
.name
+ "!\\n" +
55 "Access your account here: " +
56 params
.siteURL
+ "/#/authenticate/" + token
+ "\\n" +
57 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
58 sendEmail(params
.mail
.noreply
, to
.email
, subject
, body
, err
=> {
64 router
.post('/register', access
.unlogged
, access
.ajax
, (req
,res
) => {
65 const name
= req
.body
.name
;
66 const email
= req
.body
.email
;
67 const notify
= !!req
.body
.notify
;
68 const error
= UserModel
.checkNameEmail({name: name
, email: email
});
70 return res
.json({errmsg: error
});
71 UserModel
.create(name
, email
, notify
, (err
,uid
) => {
73 return res
.json({errmsg: err
.toString()});
79 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
83 router
.get('/sendtoken', access
.unlogged
, access
.ajax
, (req
,res
) => {
84 const nameOrEmail
= decodeURIComponent(req
.query
.nameOrEmail
);
85 const type
= (nameOrEmail
.indexOf('@') >= 0 ? "email" : "name");
86 const error
= UserModel
.checkNameEmail({[type
]: nameOrEmail
});
88 return res
.json({errmsg: error
});
89 UserModel
.getOne(type
, nameOrEmail
, (err
,user
) => {
90 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
91 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
96 router
.get('/authenticate', access
.unlogged
, access
.ajax
, (req
,res
) => {
97 if (!req
.query
.token
.match(/^[a-z0-9]+$/))
98 return res
.json({errmsg: "Bad token"});
99 UserModel
.getOne("loginToken", req
.query
.token
, (err
,user
) => {
100 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
101 // If token older than params.tokenExpire, do nothing
102 if (Date
.now() > user
.loginTime
+ params
.token
.expire
)
103 return res
.json({errmsg: "Token expired"});
104 // Generate session token (if not exists) + destroy login token
105 UserModel
.trySetSessionToken(user
.id
, (err
,token
) => {
107 return res
.json({errmsg: err
.toString()});
109 res
.cookie("token", token
, {
111 secure: !!params
.siteURL
.match(/^https/),
112 maxAge: params
.cookieExpire
,
125 router
.put('/update', access
.logged
, access
.ajax
, (req
,res
) => {
126 const name
= req
.body
.name
;
127 const email
= req
.body
.email
;
128 const error
= UserModel
.checkNameEmail({name: name
, email: email
});
130 return res
.json({errmsg: error
});
135 notify: !!req
.body
.notify
,
137 UserModel
.updateSettings(user
, err
=> {
138 res
.json(err
? {errmsg: err
.toString()} : {});
142 router
.get('/logout', access
.logged
, access
.ajax
, (req
,res
) => {
143 res
.clearCookie("token");
147 module
.exports
= router
;