993c15eb54d7a0a5d8ed94ad2a1a5348764633f5
1 let router
= require("express").Router();
2 const validator
= require('../public/javascripts/utils/validation');
3 const UserModel
= require('../models/user');
4 const maild
= require('../utils/mailer');
5 const TokenGen
= require("../utils/tokenGenerator");
6 const access
= require("../utils/access");
7 const params
= require("../config/parameters");
10 function setAndSendLoginToken(subject
, to
, res
)
12 // Set login token and send welcome(back) email with auth link
13 let token
= TokenGen
.generate(params
.token
.length
);
14 UserModel
.setLoginToken(token
, to
._id
, to
.ip
, (err
,ret
) => {
15 access
.checkRequest(res
, err
, ret
, "Cannot set login token", () => {
17 from: params
.mail
.from,
20 body: "Hello " + to
.initials
+ "!\n" +
21 "Access your account here: " +
22 params
.siteURL
+ "/authenticate?token=" + token
+ "\\n" +
23 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
31 router
.post('/register', access
.ajax
, access
.unlogged
, (req
,res
) => {
33 email: req
.body
.email
,
36 let error
= validator(newUser
, "User");
38 return res
.json({errmsg:error
});
39 if (!UserModel
.whitelistCheck(newUser
.email
))
40 return res
.json({errmsg: "Email not in whitelist"});
41 UserModel
.getByEmail(newUser
.email
, (err
,user0
) => {
42 access
.checkRequest(res
, err
, !user0
?["ok"]:{}, "An account exists with this email", () => {
43 UserModel
.create(newUser
, (err
,user
) => {
44 access
.checkRequest(res
, err
, user
, "Registration failed", () => {
46 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
54 router
.put('/sendtoken', access
.ajax
, access
.unlogged
, (req
,res
) => {
55 const email
= req
.body
.email
;
56 let error
= validator({email:email
}, "User");
58 return res
.json({errmsg:error
});
59 UserModel
.getByEmail(email
, (err
,user
) => {
60 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
62 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
67 // Authentication process, optionally with email changing:
68 router
.put('/authenticate/:token([a-z0-9]+)', access
.unlogged
, (req
,res
) => {
69 const loginToken
= req
.params
.token
;
70 UserModel
.getByLoginToken(loginToken
, (err
,user
) => {
71 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
72 if (user
.loginToken
.ip
!= req
.ip
)
73 return res
.json({errmsg: "IP address mismatch"});
75 let tsNow
= now
.getTime();
76 // If token older than params.tokenExpire, do nothing
77 if (user
.loginToken
.timestamp
+ params
.token
.expire
< tsNow
)
78 return res
.json({errmsg: "Token expired"});
79 // Generate and update session token + destroy login token
80 let token
= TokenGen
.generate(params
.token
.length
);
81 UserModel
.setSessionToken(token
, user
._id
, (err
,ret
) => {
82 access
.checkRequest(res
, err
, ret
, "Authentication failed", () => {
83 // Set cookies and redirect to user main control panel
84 res
.cookie("token", token
, {
86 maxAge: params
.cookieExpire
,
88 res
.cookie("initials", user
.initials
, {
90 maxAge: params
.cookieExpire
,
92 res
.redirect("/" + user
.initials
);
99 router
.put('/logout', access
.logged
, (req
,res
) => {
100 UserModel
.removeToken(req
.user
._id
, req
.cookies
.token
, (err
,ret
) => {
101 access
.checkRequest(res
, err
, ret
, "Logout failed", () => {
102 res
.clearCookie("initials");
103 res
.clearCookie("token");
109 module
.exports
= router
;