Add unambiguous section in the PGN + some fixes + code formatting and fix typos
[vchess.git] / server / models / User.js
1 const db = require("../utils/database");
2 const genToken = require("../utils/tokenGenerator");
3 const params = require("../config/parameters");
4 const sendEmail = require('../utils/mailer');
5
6 /*
7 * Structure:
8 * _id: integer
9 * name: varchar
10 * email: varchar
11 * loginToken: token on server only
12 * loginTime: datetime (validity)
13 * sessionToken: token in cookies for authentication
14 * notify: boolean (send email notifications for corr games)
15 * created: datetime
16 * newsRead: datetime
17 */
18
19 const UserModel = {
20 checkNameEmail: function(o) {
21 return (
22 (!o.name || !!(o.name.match(/^[\w-]+$/))) &&
23 (!o.email || !!(o.email.match(/^[\w.+-]+@[\w.+-]+$/)))
24 );
25 },
26
27 create: function(name, email, notify, cb) {
28 db.serialize(function() {
29 const query =
30 "INSERT INTO Users " +
31 "(name, email, notify, created) VALUES " +
32 "('" + name + "','" + email + "'," + notify + "," + Date.now() + ")";
33 db.run(query, function(err) {
34 cb(err, { id: this.lastID });
35 });
36 });
37 },
38
39 // Find one user by id, name, email, or token
40 getOne: function(by, value, cb) {
41 const delimiter = (typeof value === "string" ? "'" : "");
42 db.serialize(function() {
43 const query =
44 "SELECT * " +
45 "FROM Users " +
46 "WHERE " + by + " = " + delimiter + value + delimiter;
47 db.get(query, cb);
48 });
49 },
50
51 getByIds: function(ids, cb) {
52 db.serialize(function() {
53 const query =
54 "SELECT id, name " +
55 "FROM Users " +
56 "WHERE id IN (" + ids + ")";
57 db.all(query, cb);
58 });
59 },
60
61 /////////
62 // MODIFY
63
64 setLoginToken: function(token, id) {
65 db.serialize(function() {
66 const query =
67 "UPDATE Users " +
68 "SET loginToken = '" + token + "',loginTime = " + Date.now() + " " +
69 "WHERE id = " + id;
70 db.run(query);
71 });
72 },
73
74 setNewsRead: function(id) {
75 db.serialize(function() {
76 const query =
77 "UPDATE Users " +
78 "SET newsRead = " + Date.now() + " " +
79 "WHERE id = " + id;
80 db.run(query);
81 });
82 },
83
84 // Set session token only if empty (first login)
85 // NOTE: weaker security (but avoid to re-login everywhere after each logout)
86 // TODO: option would be to reset all tokens periodically (every 3 months?)
87 trySetSessionToken: function(id, cb) {
88 db.serialize(function() {
89 let query =
90 "SELECT sessionToken " +
91 "FROM Users " +
92 "WHERE id = " + id;
93 db.get(query, (err, ret) => {
94 const token = ret.sessionToken || genToken(params.token.length);
95 const setSessionToken =
96 (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
97 query =
98 "UPDATE Users " +
99 // Also empty the login token to invalidate future attempts
100 "SET loginToken = NULL" +
101 setSessionToken + " " +
102 "WHERE id = " + id;
103 db.run(query);
104 cb(token);
105 });
106 });
107 },
108
109 updateSettings: function(user) {
110 db.serialize(function() {
111 const query =
112 "UPDATE Users " +
113 "SET name = '" + user.name + "'" +
114 ", email = '" + user.email + "'" +
115 ", notify = " + user.notify + " " +
116 "WHERE id = " + user.id;
117 db.run(query);
118 });
119 },
120
121 /////////////////
122 // NOTIFICATIONS
123
124 notify: function(user, message) {
125 const subject = "vchess.club - notification";
126 const body = "Hello " + user.name + " !" + `
127 ` + message;
128 sendEmail(params.mail.noreply, user.email, subject, body);
129 },
130
131 tryNotify: function(id, message) {
132 UserModel.getOne("id", id, (err,user) => {
133 if (!err && user.notify) UserModel.notify(user, message);
134 });
135 },
136
137 ////////////
138 // CLEANING
139
140 cleanUsersDb: function() {
141 const tsNow = Date.now();
142 // 86400000 = 24 hours in milliseconds
143 const day = 86400000;
144 db.serialize(function() {
145 const query =
146 "SELECT id, sessionToken, created, name, email " +
147 "FROM Users";
148 db.all(query, (err, users) => {
149 let toRemove = [];
150 users.forEach(u => {
151 // Remove users unlogged for > 24h
152 if (!u.sessionToken && tsNow - u.created > day)
153 {
154 toRemove.push(u.id);
155 UserModel.notify(
156 u,
157 "Your account has been deleted because " +
158 "you didn't log in for 24h after registration"
159 );
160 }
161 });
162 if (toRemove.length > 0) {
163 db.run(
164 "DELETE FROM Users " +
165 "WHERE id IN (" + toRemove.join(",") + ")"
166 );
167 }
168 });
169 });
170 },
171 }
172
173 module.exports = UserModel;