1 var router
= require("express").Router();
2 var UserModel
= require('../models/User');
3 var sendEmail
= require('../utils/mailer');
4 var TokenGen
= require("../utils/tokenGenerator");
5 var access
= require("../utils/access");
6 var params
= require("../config/parameters");
7 var checkNameEmail
= require("../public/javascripts/shared/userCheck")
9 // to: object user (to who we send an email)
10 function setAndSendLoginToken(subject
, to
, res
)
12 // Set login token and send welcome(back) email with auth link
13 const token
= TokenGen
.generate(params
.token
.length
);
14 UserModel
.setLoginToken(token
, to
.id
, err
=> {
16 return res
.json({errmsg: err
.toString()});
18 "Hello " + to
.name
+ "!\n" +
19 "Access your account here: " +
20 params
.siteURL
+ "/authenticate?token=" + token
+ "\\n" +
21 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
22 sendEmail(params
.mail
.noreply
, to
.email
, subject
, body
, err
=> {
28 // AJAX user life cycle...
30 router
.post('/register', access
.unlogged
, access
.ajax
, (req
,res
) => {
31 const name
= req
.body
.name
;
32 const email
= req
.body
.email
;
33 const notify
= !!req
.body
.notify
;
34 const error
= checkNameEmail({name: name
, email: email
});
36 return res
.json({errmsg: error
});
37 UserModel
.create(name
, email
, notify
, (err
,uid
) => {
39 return res
.json({errmsg: err
.toString()});
45 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
49 router
.get('/sendtoken', access
.unlogged
, access
.ajax
, (req
,res
) => {
50 const nameOrEmail
= decodeURIComponent(req
.query
.nameOrEmail
);
51 const type
= (nameOrEmail
.indexOf('@') >= 0 ? "email" : "name");
52 const error
= checkNameEmail({[type
]: nameOrEmail
});
54 return res
.json({errmsg: error
});
55 UserModel
.getOne(type
, nameOrEmail
, (err
,user
) => {
56 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
57 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
62 router
.get('/authenticate', access
.unlogged
, (req
,res
) => {
63 UserModel
.getOne("loginToken", req
.query
.token
, (err
,user
) => {
64 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
65 // If token older than params.tokenExpire, do nothing
66 if (Date
.now() > user
.loginTime
+ params
.token
.expire
)
67 return res
.json({errmsg: "Token expired"});
68 // Generate session token (if not exists) + destroy login token
69 UserModel
.trySetSessionToken(user
.id
, (err
,token
) => {
71 return res
.json({errmsg: err
.toString()});
73 res
.cookie("token", token
, {
75 secure: !!params
.siteURL
.match(/^https/),
76 maxAge: params
.cookieExpire
,
84 router
.put('/update', access
.logged
, access
.ajax
, (req
,res
) => {
85 const name
= req
.body
.name
;
86 const email
= req
.body
.email
;
87 const error
= checkNameEmail({name: name
, email: email
});
89 return res
.json({errmsg: error
});
94 notify: !!req
.body
.notify
,
96 UserModel
.updateSettings(user
, err
=> {
97 res
.json(err
? {errmsg: err
.toString()} : {});
101 // Logout on server because the token cookie is httpOnly
102 router
.get('/logout', access
.logged
, (req
,res
) => {
103 res
.clearCookie("token");
107 module
.exports
= router
;