Commit | Line | Data |
---|---|---|
582df349 BA |
1 | // AJAX methods to get, create, update or delete a user |
2 | ||
8d7e2786 BA |
3 | var router = require("express").Router(); |
4 | var UserModel = require('../models/User'); | |
0bd5933d | 5 | var sendEmail = require('../utils/mailer'); |
badeb466 | 6 | var genToken = require("../utils/tokenGenerator"); |
8d7e2786 | 7 | var access = require("../utils/access"); |
0bd5933d | 8 | var params = require("../config/parameters"); |
8d7e2786 | 9 | |
a7f9f050 BA |
10 | router.get("/whoami", access.ajax, (req,res) => { |
11 | const callback = (user) => { | |
12 | return res.json({ | |
13 | name: user.name, | |
14 | email: user.email, | |
15 | id: user.id, | |
16 | notify: user.notify, | |
17 | }); | |
18 | }; | |
19 | const anonymous = {name:"", email:"", id:0, notify:false}; | |
20 | console.log(req.cookies); //TODO: cookie not found after authenticate ? | |
21 | if (!req.cookies.token) | |
22 | return callback(anonymous); | |
23 | UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { | |
24 | if (!!err || !user) | |
25 | callback(anonymous); | |
26 | else (!!user) | |
27 | callback(user); | |
28 | }); | |
29 | }); | |
30 | ||
c018b304 | 31 | // to: object user (to who we send an email) |
8d7e2786 BA |
32 | function setAndSendLoginToken(subject, to, res) |
33 | { | |
34 | // Set login token and send welcome(back) email with auth link | |
badeb466 | 35 | const token = genToken(params.token.length); |
c018b304 BA |
36 | UserModel.setLoginToken(token, to.id, err => { |
37 | if (!!err) | |
38 | return res.json({errmsg: err.toString()}); | |
39 | const body = | |
40 | "Hello " + to.name + "!\n" + | |
41 | "Access your account here: " + | |
1aeed627 | 42 | params.siteURL + "/#/authenticate/" + token + "\\n" + |
c018b304 BA |
43 | "Token will expire in " + params.token.expire/(1000*60) + " minutes." |
44 | sendEmail(params.mail.noreply, to.email, subject, body, err => { | |
f05815d7 | 45 | // "id" is generally the only info missing on client side, |
625022fd BA |
46 | // but the name is also unknown if log-in with the email. |
47 | res.json(err || {id: to.id, name: to.name}); | |
8d7e2786 BA |
48 | }); |
49 | }); | |
50 | } | |
51 | ||
8d7e2786 | 52 | router.post('/register', access.unlogged, access.ajax, (req,res) => { |
8a477a7e BA |
53 | const name = req.body.name; |
54 | const email = req.body.email; | |
55 | const notify = !!req.body.notify; | |
98db2082 | 56 | const error = UserModel.checkNameEmail({name: name, email: email}); |
8a477a7e | 57 | if (!!error) |
8d7e2786 | 58 | return res.json({errmsg: error}); |
c018b304 BA |
59 | UserModel.create(name, email, notify, (err,uid) => { |
60 | if (!!err) | |
61 | return res.json({errmsg: err.toString()}); | |
62 | const user = { | |
63 | id: uid["rowid"], | |
64 | name: name, | |
65 | email: email, | |
66 | }; | |
67 | setAndSendLoginToken("Welcome to " + params.siteURL, user, res); | |
8d7e2786 BA |
68 | }); |
69 | }); | |
70 | ||
8a477a7e BA |
71 | router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { |
72 | const nameOrEmail = decodeURIComponent(req.query.nameOrEmail); | |
73 | const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name"); | |
98db2082 | 74 | const error = UserModel.checkNameEmail({[type]: nameOrEmail}); |
8a477a7e | 75 | if (!!error) |
8d7e2786 | 76 | return res.json({errmsg: error}); |
8a477a7e | 77 | UserModel.getOne(type, nameOrEmail, (err,user) => { |
8d7e2786 BA |
78 | access.checkRequest(res, err, user, "Unknown user", () => { |
79 | setAndSendLoginToken("Token for " + params.siteURL, user, res); | |
80 | }); | |
81 | }); | |
82 | }); | |
83 | ||
1aeed627 BA |
84 | router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { |
85 | UserModel.getOne("loginToken", req.query.token, (err,user) => { | |
8d7e2786 | 86 | access.checkRequest(res, err, user, "Invalid token", () => { |
8d7e2786 | 87 | // If token older than params.tokenExpire, do nothing |
0bd5933d | 88 | if (Date.now() > user.loginTime + params.token.expire) |
8d7e2786 | 89 | return res.json({errmsg: "Token expired"}); |
0bd5933d | 90 | // Generate session token (if not exists) + destroy login token |
c018b304 | 91 | UserModel.trySetSessionToken(user.id, (err,token) => { |
8d7e2786 | 92 | if (!!err) |
c018b304 | 93 | return res.json({errmsg: err.toString()}); |
8d7e2786 | 94 | // Set cookie |
a7f9f050 | 95 | res.cookie("token", token, { |
8d7e2786 | 96 | httpOnly: true, |
c018b304 BA |
97 | secure: !!params.siteURL.match(/^https/), |
98 | maxAge: params.cookieExpire, | |
8d7e2786 | 99 | }); |
a7f9f050 BA |
100 | res.json({ |
101 | id: user.id, | |
102 | name: user.name, | |
103 | email: user.email, | |
104 | notify: user.notify, | |
105 | }); | |
8d7e2786 BA |
106 | }); |
107 | }); | |
108 | }); | |
109 | }); | |
110 | ||
c018b304 BA |
111 | router.put('/update', access.logged, access.ajax, (req,res) => { |
112 | const name = req.body.name; | |
113 | const email = req.body.email; | |
98db2082 | 114 | const error = UserModel.checkNameEmail({name: name, email: email}); |
8a477a7e BA |
115 | if (!!error) |
116 | return res.json({errmsg: error}); | |
c018b304 BA |
117 | const user = { |
118 | id: req.userId, | |
119 | name: name, | |
120 | email: email, | |
121 | notify: !!req.body.notify, | |
122 | }; | |
123 | UserModel.updateSettings(user, err => { | |
124 | res.json(err ? {errmsg: err.toString()} : {}); | |
8d7e2786 BA |
125 | }); |
126 | }); | |
127 | ||
1aeed627 | 128 | router.get('/logout', access.logged, access.ajax, (req,res) => { |
0bd5933d | 129 | res.clearCookie("token"); |
1aeed627 | 130 | res.json({}); |
8d7e2786 BA |
131 | }); |
132 | ||
133 | module.exports = router; |