routes/users.js

   1 let router = require("express").Router();
   2 const validator = require('../public/javascripts/utils/validation');
   3 const UserModel = require('../models/user');
   4 const maild = require('../utils/mailer');
   5 const TokenGen = require("../utils/tokenGenerator");
   6 const access = require("../utils/access");
   7 const params = require("../config/parameters");
   8
   9 // to: object user
  10 function sendLoginToken(subject, to, res)
  11 {
  12     // Set login token and send welcome(back) email with auth link
  13     let token = TokenGen.generate(params.token.length);
  14     UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
  15         access.checkRequest(res, err, ret, "Cannot set login token", () => {
  16             maild.send({
  17                 from: params.mail.from,
  18                 to: to.email,
  19                 subject: subject,
  20                 body: "Hello " + to.initials + "!\n" +
  21                     "Access your account here: " +
  22                     params.siteURL + "/authenticate?token=" + token + "\\n" +
  23                     "Token will expire in " + params.token.expire/(1000*60) + " minutes."
  24             }, err => {
  25                 res.json(err || {});
  26             });
  27         });
  28     });
  29 }
  30
  31 router.get('/register', access.ajax, access.unlogged, (req,res) => {
  32     let email = decodeURIComponent(req.query.email);
  33     let name = decodeURIComponent(req.query.name);
  34     const newUser = {
  35         email: email,
  36         name: name,
  37     };
  38     let error = validator(newUser, "User");
  39     if (error.length > 0)
  40         return res.json({errmsg:error});
  41     if (!UserModel.whitelistCheck(newUser.email))
  42         return res.json({errmsg: "Email not in whitelist"});
  43     UserModel.getByEmail(newUser.email, (err,user0) => {
  44         access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
  45             UserModel.create(newUser, (err,user) => {
  46                 access.checkRequest(res, err, user, "Registration failed", () => {
  47                     user.ip = req.ip;
  48                     sendLoginToken("Welcome to " + params.siteURL, user, res);
  49                 });
  50             });
  51         });
  52     });
  53 });
  54
  55 // Login:
  56 router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
  57     let email = decodeURIComponent(req.query.email);
  58     let error = validator({email:email}, "User");
  59     if (error.length > 0)
  60         return res.json({errmsg:error});
  61     UserModel.getByEmail(email, (err,user) => {
  62         access.checkRequest(res, err, user, "Unknown user", () => {
  63             user.ip = req.ip;
  64             sendLoginToken("Token for " + params.siteURL, user, res);
  65         });
  66     });
  67 });
  68
  69 // Authentication process, optionally with email changing:
  70 router.get('/authenticate', access.unlogged, (req,res) => {
  71     let loginToken = req.query.token;
  72     let error = validator({token:loginToken}, "User");
  73     if (error.length > 0)
  74         return res.json({errmsg:error});
  75     UserModel.getByLoginToken(loginToken, (err,user) => {
  76         access.checkRequest(res, err, user, "Invalid token", () => {
  77             if (user.loginToken.ip != req.ip)
  78                 return res.json({errmsg: "IP address mismatch"});
  79             let now = new Date();
  80             let tsNow = now.getTime();
  81             // If token older than params.tokenExpire, do nothing
  82             if (user.loginToken.timestamp + params.token.expire < tsNow)
  83                 return res.json({errmsg: "Token expired"});
  84             // Generate and update session token + destroy login token
  85             let token = TokenGen.generate(params.token.length);
  86             UserModel.setSessionToken(token, user._id, (err,ret) => {
  87                 access.checkRequest(res, err, ret, "Authentication failed", () => {
  88                     // Set cookies and redirect to user main control panel
  89                     res.cookie("token", token, {
  90                         httpOnly: true,
  91                         maxAge: params.cookieExpire,
  92                     });
  93                     res.cookie("initials", user.initials, {
  94                         httpOnly: true,
  95                         maxAge: params.cookieExpire,
  96                     });
  97                     res.redirect("/" + user.initials);
  98                 });
  99             });
 100         });
 101     });
 102 });
 103
 104 router.get('/logout', access.logged, (req,res) => {
 105     UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
 106         access.checkRequest(res, err, ret, "Logout failed", () => {
 107             res.clearCookie("initials");
 108             res.clearCookie("token");
 109             res.redirect('/');
 110         });
 111     });
 112 });
 113
 114 module.exports = router;