X-Git-Url: https://git.auder.net/pieces/Checkered/cq.svg?a=blobdiff_plain;f=models%2FUser.js;h=4b5c840a6730976a196b8b8f5c15edc5f370edc8;hb=badeb466c977ed9a8e1b464a2236001126decb9e;hp=777eeaa2c3213e2211722f3f8794d6c93d3160ea;hpb=0bd5933d97a90473233d0f90f465a43aba430ffa;p=vchess.git diff --git a/models/User.js b/models/User.js index 777eeaa2..4b5c840a 100644 --- a/models/User.js +++ b/models/User.js @@ -1,6 +1,7 @@ var db = require("../utils/database"); var maild = require("../utils/mailer.js"); -var TokenGen = require("../utils/tokenGenerator"); +var genToken = require("../utils/tokenGenerator"); +var params = require("../config/parameters"); /* * Structure: @@ -13,16 +14,19 @@ var TokenGen = require("../utils/tokenGenerator"); * notify: boolean (send email notifications for corr games) */ -// User creation +// NOTE: parameters are already cleaned (in controller), thus no sanitization here exports.create = function(name, email, notify, callback) { - if (!notify) - notify = false; //default db.serialize(function() { - db.run( + const insertQuery = "INSERT INTO Users " + "(name, email, notify) VALUES " + - "(" + name + "," + email + "," + notify + ")"); + "('" + name + "', '" + email + "', " + notify + ")"; + db.run(insertQuery, err => { + if (!!err) + return callback(err); + db.get("SELECT last_insert_rowid() AS rowid", callback); + }); }); } @@ -31,10 +35,11 @@ exports.getOne = function(by, value, cb) { const delimiter = (typeof value === "string" ? "'" : ""); db.serialize(function() { - db.get( - "SELECT * FROM Users " + - "WHERE " + by + " = " + delimiter + value + delimiter, - callback); + const query = + "SELECT * " + + "FROM Users " + + "WHERE " + by + " = " + delimiter + value + delimiter; + db.get(query, cb); }); } @@ -44,10 +49,11 @@ exports.getOne = function(by, value, cb) exports.setLoginToken = function(token, uid, cb) { db.serialize(function() { - db.run( + const query = "UPDATE Users " + - "SET loginToken = " + token + " AND loginTime = " + Date.now() + " " + - "WHERE id = " + uid); + "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " + + "WHERE id = " + uid; + db.run(query, cb); }); } @@ -57,19 +63,21 @@ exports.trySetSessionToken = function(uid, cb) { // Also empty the login token to invalidate future attempts db.serialize(function() { - db.get( + const querySessionToken = "SELECT sessionToken " + "FROM Users " + - "WHERE id = " + uid, (err,token) => { - if (!!err) - return cb(err); - const newToken = token || TokenGen.generate(params.token.length); - db.run( - "UPDATE Users " + - "SET loginToken = NULL " + - (!token ? "AND sessionToken = " + newToken + " " : "") + - "WHERE id = " + uid); - cb(null, newToken); + "WHERE id = " + uid; + db.get(querySessionToken, (err,ret) => { + if (!!err) + return cb(err); + const token = ret.sessionToken || genToken(params.token.length); + const queryUpdate = + "UPDATE Users " + + "SET loginToken = NULL" + + (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " + + "WHERE id = " + uid; + db.run(queryUpdate); + cb(null, token); }); }); } @@ -77,11 +85,12 @@ exports.trySetSessionToken = function(uid, cb) exports.updateSettings = function(user, cb) { db.serialize(function() { - db.run( + const query = "UPDATE Users " + - "SET name = " + user.name + - " AND email = " + user.email + - " AND notify = " + user.notify + " " + - "WHERE id = " + user._id); + "SET name = '" + user.name + "'" + + ", email = '" + user.email + "'" + + ", notify = " + user.notify + " " + + "WHERE id = " + user.id; + db.run(query, cb); }); }