[vchess.git] / models / User.js

var db = require("../utils/database");
var maild = require("../utils/mailer.js");
var genToken = require("../utils/tokenGenerator");
var params = require("../config/parameters");

/*
 * Structure:
 *   _id: integer
 *   name: varchar
 *   email: varchar
 *   loginToken: token on server only
 *   loginTime: datetime (validity)
 *   sessionToken: token in cookies for authentication
 *   notify: boolean (send email notifications for corr games)
 */

// NOTE: parameters are already cleaned (in controller), thus no sanitization here
exports.create = function(name, email, notify, callback)
{
	db.serialize(function() {
		const insertQuery =
			"INSERT INTO Users " +
			"(name, email, notify) VALUES " +
			"('" + name + "', '" + email + "', " + notify + ")";
		db.run(insertQuery, err => {
			if (!!err)
				return callback(err);
			db.get("SELECT last_insert_rowid() AS rowid", callback);
		});
	});
}

// Find one user (by id, name, email, or token)
exports.getOne = function(by, value, cb)
{
	const delimiter = (typeof value === "string" ? "'" : "");
	db.serialize(function() {
		const query =
			"SELECT * " +
			"FROM Users " +
			"WHERE " + by + " = " + delimiter + value + delimiter;
		db.get(query, cb);
	});
}

/////////
// MODIFY

exports.setLoginToken = function(token, uid, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
			"WHERE id = " + uid;
		db.run(query, cb);
	});
}

// Set session token only if empty (first login)
// TODO: weaker security (but avoid to re-login everywhere after each logout)
exports.trySetSessionToken = function(uid, cb)
{
	// Also empty the login token to invalidate future attempts
	db.serialize(function() {
		const querySessionToken =
			"SELECT sessionToken " +
			"FROM Users " +
			"WHERE id = " + uid;
		db.get(querySessionToken, (err,ret) => {
			if (!!err)
				return cb(err);
			const token = ret.sessionToken || genToken(params.token.length);
			const queryUpdate =
				"UPDATE Users " +
				"SET loginToken = NULL" +
				(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
				"WHERE id = " + uid;
			db.run(queryUpdate);
			cb(null, token);
		});
	});
}

exports.updateSettings = function(user, cb)
{
	db.serialize(function() {
		const query =
			"UPDATE Users " +
			"SET name = '" + user.name + "'" +
			", email = '" + user.email + "'" +
			", notify = " + user.notify + " " +
			"WHERE id = " + user.id;
		db.run(query, cb);
	});
}
Commit	Line	Data
8d7e2786 BA	1	var db = require("../utils/database");
8d7e2786 BA	2	var maild = require("../utils/mailer.js");
badeb466	3	var genToken = require("../utils/tokenGenerator");
c018b304	4	var params = require("../config/parameters");
8d7e2786 BA	5
	6	/*
	7	* Structure:
	8	* _id: integer
	9	* name: varchar
	10	* email: varchar
	11	* loginToken: token on server only
	12	* loginTime: datetime (validity)
	13	* sessionToken: token in cookies for authentication
	14	* notify: boolean (send email notifications for corr games)
	15	*/
	16
badeb466	17	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
8d7e2786 BA	18	exports.create = function(name, email, notify, callback)
8d7e2786 BA	19	{
8d7e2786	20	db.serialize(function() {
c018b304	21	const insertQuery =
8d7e2786 BA	22	"INSERT INTO Users " +
8d7e2786 BA	23	"(name, email, notify) VALUES " +
8a477a7e	24	"('" + name + "', '" + email + "', " + notify + ")";
c018b304 BA	25	db.run(insertQuery, err => {
	26	if (!!err)
	27	return callback(err);
	28	db.get("SELECT last_insert_rowid() AS rowid", callback);
	29	});
8d7e2786 BA	30	});
	31	}
	32
	33	// Find one user (by id, name, email, or token)
	34	exports.getOne = function(by, value, cb)
	35	{
	36	const delimiter = (typeof value === "string" ? "'" : "");
	37	db.serialize(function() {
8a477a7e	38	const query =
c018b304 BA	39	"SELECT * " +
c018b304 BA	40	"FROM Users " +
8a477a7e BA	41	"WHERE " + by + " = " + delimiter + value + delimiter;
8a477a7e BA	42	db.get(query, cb);
8d7e2786 BA	43	});
	44	}
	45
	46	/////////
	47	// MODIFY
	48
	49	exports.setLoginToken = function(token, uid, cb)
	50	{
	51	db.serialize(function() {
8a477a7e	52	const query =
8d7e2786	53	"UPDATE Users " +
c018b304	54	"SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
8a477a7e BA	55	"WHERE id = " + uid;
8a477a7e BA	56	db.run(query, cb);
8d7e2786 BA	57	});
	58	}
	59
0bd5933d BA	60	// Set session token only if empty (first login)
	61	// TODO: weaker security (but avoid to re-login everywhere after each logout)
	62	exports.trySetSessionToken = function(uid, cb)
8d7e2786 BA	63	{
	64	// Also empty the login token to invalidate future attempts
	65	db.serialize(function() {
c018b304	66	const querySessionToken =
0bd5933d BA	67	"SELECT sessionToken " +
0bd5933d BA	68	"FROM Users " +
8a477a7e	69	"WHERE id = " + uid;
c018b304	70	db.get(querySessionToken, (err,ret) => {
8a477a7e BA	71	if (!!err)
8a477a7e BA	72	return cb(err);
badeb466	73	const token = ret.sessionToken \|\| genToken(params.token.length);
8a477a7e BA	74	const queryUpdate =
8a477a7e BA	75	"UPDATE Users " +
c018b304 BA	76	"SET loginToken = NULL" +
c018b304 BA	77	(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
8a477a7e BA	78	"WHERE id = " + uid;
8a477a7e BA	79	db.run(queryUpdate);
c018b304	80	cb(null, token);
0bd5933d	81	});
8d7e2786 BA	82	});
	83	}
	84
0bd5933d	85	exports.updateSettings = function(user, cb)
8d7e2786 BA	86	{
8d7e2786 BA	87	db.serialize(function() {
8a477a7e	88	const query =
8d7e2786	89	"UPDATE Users " +
c018b304 BA	90	"SET name = '" + user.name + "'" +
	91	", email = '" + user.email + "'" +
	92	", notify = " + user.notify + " " +
	93	"WHERE id = " + user.id;
8a477a7e	94	db.run(query, cb);
8d7e2786 BA	95	});
8d7e2786 BA	96	}