| 1 | let router = require("express").Router(); |
| 2 | const validator = require('../public/javascripts/utils/validation'); |
| 3 | const UserModel = require('../models/user'); |
| 4 | const UserEntity = require('../entities/user'); |
| 5 | const maild = require('../utils/mailer'); |
| 6 | const TokenGen = require("../utils/tokenGenerator"); |
| 7 | const access = require("../utils/access"); |
| 8 | const params = require("../config/parameters"); |
| 9 | |
| 10 | // to: object user |
| 11 | function sendLoginToken(subject, to, res) |
| 12 | { |
| 13 | // Set login token and send welcome(back) email with auth link |
| 14 | let token = TokenGen.generate(params.token.length); |
| 15 | UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => { |
| 16 | access.checkRequest(res, err, ret, "Cannot set login token", () => { |
| 17 | maild.send({ |
| 18 | from: params.mail.from, |
| 19 | to: to.email, |
| 20 | subject: subject, |
| 21 | body: "Hello " + to.initials + "!\n" + |
| 22 | "Access your account here: " + |
| 23 | params.siteURL + "/authenticate?token=" + token + "\\n" + |
| 24 | "Token will expire in " + params.token.expire/(1000*60) + " minutes." |
| 25 | }, err => { |
| 26 | res.json(err || {}); |
| 27 | }); |
| 28 | }); |
| 29 | }); |
| 30 | } |
| 31 | |
| 32 | router.get('/register', access.ajax, access.unlogged, (req,res) => { |
| 33 | let email = decodeURIComponent(req.query.email); |
| 34 | let forename = decodeURIComponent(req.query.forename); |
| 35 | let name = decodeURIComponent(req.query.name); |
| 36 | const newUser = { |
| 37 | email: email, |
| 38 | name: name, |
| 39 | forename: forename, |
| 40 | }; |
| 41 | let error = validator(newUser, "User"); |
| 42 | if (error.length > 0) |
| 43 | return res.json({errmsg:error}); |
| 44 | if (!UserModel.whitelistCheck(newUser.email)) |
| 45 | return res.json({errmsg: "Email not in whitelist"}); |
| 46 | UserEntity.getByEmail(newUser.email, (err,user0) => { |
| 47 | access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => { |
| 48 | UserModel.create(newUser, (err,user) => { |
| 49 | access.checkRequest(res, err, user, "Registration failed", () => { |
| 50 | user.ip = req.ip; |
| 51 | sendLoginToken("Welcome to " + params.siteURL, user, res); |
| 52 | }); |
| 53 | }); |
| 54 | }); |
| 55 | }); |
| 56 | }); |
| 57 | |
| 58 | // Login: |
| 59 | router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => { |
| 60 | let email = decodeURIComponent(req.query.email); |
| 61 | let error = validator({email:email}, "User"); |
| 62 | if (error.length > 0) |
| 63 | return res.json({errmsg:error}); |
| 64 | UserEntity.getByEmail(email, (err,user) => { |
| 65 | access.checkRequest(res, err, user, "Unknown user", () => { |
| 66 | user.ip = req.ip; |
| 67 | sendLoginToken("Token for " + params.siteURL, user, res); |
| 68 | }); |
| 69 | }); |
| 70 | }); |
| 71 | |
| 72 | // Authentication process, optionally with email changing: |
| 73 | router.get('/authenticate', access.unlogged, (req,res) => { |
| 74 | let loginToken = req.query.token; |
| 75 | let error = validator({token:loginToken}, "User"); |
| 76 | if (error.length > 0) |
| 77 | return res.json({errmsg:error}); |
| 78 | UserEntity.getByLoginToken(loginToken, (err,user) => { |
| 79 | access.checkRequest(res, err, user, "Invalid token", () => { |
| 80 | if (user.loginToken.ip != req.ip) |
| 81 | return res.json({errmsg: "IP address mismatch"}); |
| 82 | let now = new Date(); |
| 83 | let tsNow = now.getTime(); |
| 84 | // If token older than params.tokenExpire, do nothing |
| 85 | if (user.loginToken.timestamp + params.token.expire < tsNow) |
| 86 | return res.json({errmsg: "Token expired"}); |
| 87 | // Generate and update session token + destroy login token |
| 88 | let token = TokenGen.generate(params.token.length); |
| 89 | UserEntity.setSessionToken(token, user._id, (err,ret) => { |
| 90 | access.checkRequest(res, err, ret, "Authentication failed", () => { |
| 91 | // Set cookies and redirect to user main control panel |
| 92 | res.cookie("token", token, { |
| 93 | httpOnly: true, |
| 94 | maxAge: params.cookieExpire, |
| 95 | }); |
| 96 | res.cookie("initials", user.initials, { |
| 97 | httpOnly: true, |
| 98 | maxAge: params.cookieExpire, |
| 99 | }); |
| 100 | res.redirect("/" + user.initials); |
| 101 | }); |
| 102 | }); |
| 103 | }); |
| 104 | }); |
| 105 | }); |
| 106 | |
| 107 | router.get('/logout', access.logged, (req,res) => { |
| 108 | UserModel.logout(req.user._id, req.cookies.token, (err,ret) => { |
| 109 | access.checkRequest(res, err, ret, "Logout failed", () => { |
| 110 | res.clearCookie("initials"); |
| 111 | res.clearCookie("token"); |
| 112 | res.redirect('/'); |
| 113 | }); |
| 114 | }); |
| 115 | }); |
| 116 | |
| 117 | module.exports = router; |