2b39cc05f3fecd8b7e62f6b5ffbab0dc10838490
1 // AJAX methods to get, create, update or delete a user
3 var router
= require("express").Router();
4 var UserModel
= require('../models/User');
5 var sendEmail
= require('../utils/mailer');
6 var genToken
= require("../utils/tokenGenerator");
7 var access
= require("../utils/access");
8 var params
= require("../config/parameters");
9 var checkNameEmail
= require("../data/userCheck")
11 // to: object user (to who we send an email)
12 function setAndSendLoginToken(subject
, to
, res
)
14 // Set login token and send welcome(back) email with auth link
15 const token
= genToken(params
.token
.length
);
16 UserModel
.setLoginToken(token
, to
.id
, err
=> {
18 return res
.json({errmsg: err
.toString()});
20 "Hello " + to
.name
+ "!\n" +
21 "Access your account here: " +
22 params
.siteURL
+ "/authenticate?token=" + token
+ "\\n" +
23 "Token will expire in " + params
.token
.expire
/(1000*60) + " minutes."
24 sendEmail(params
.mail
.noreply
, to
.email
, subject
, body
, err
=> {
25 // "id" is generally the only info missing on client side,
26 // but the name is also unknown if log-in with the email.
27 res
.json(err
|| {id: to
.id
, name: to
.name
});
32 router
.post('/register', access
.unlogged
, access
.ajax
, (req
,res
) => {
33 const name
= req
.body
.name
;
34 const email
= req
.body
.email
;
35 const notify
= !!req
.body
.notify
;
36 const error
= checkNameEmail({name: name
, email: email
});
38 return res
.json({errmsg: error
});
39 UserModel
.create(name
, email
, notify
, (err
,uid
) => {
41 return res
.json({errmsg: err
.toString()});
47 setAndSendLoginToken("Welcome to " + params
.siteURL
, user
, res
);
51 router
.get('/sendtoken', access
.unlogged
, access
.ajax
, (req
,res
) => {
52 const nameOrEmail
= decodeURIComponent(req
.query
.nameOrEmail
);
53 const type
= (nameOrEmail
.indexOf('@') >= 0 ? "email" : "name");
54 const error
= checkNameEmail({[type
]: nameOrEmail
});
56 return res
.json({errmsg: error
});
57 UserModel
.getOne(type
, nameOrEmail
, (err
,user
) => {
58 access
.checkRequest(res
, err
, user
, "Unknown user", () => {
59 setAndSendLoginToken("Token for " + params
.siteURL
, user
, res
);
64 router
.get('/authenticate', access
.unlogged
, (req
,res
) => {
65 UserModel
.getOne("loginToken", req
.query
.token
, (err
,user
) => {
66 access
.checkRequest(res
, err
, user
, "Invalid token", () => {
67 // If token older than params.tokenExpire, do nothing
68 if (Date
.now() > user
.loginTime
+ params
.token
.expire
)
69 return res
.json({errmsg: "Token expired"});
70 // Generate session token (if not exists) + destroy login token
71 UserModel
.trySetSessionToken(user
.id
, (err
,token
) => {
73 return res
.json({errmsg: err
.toString()});
75 res
.cookie("token", token
, {
77 secure: !!params
.siteURL
.match(/^https/),
78 maxAge: params
.cookieExpire
,
86 router
.put('/update', access
.logged
, access
.ajax
, (req
,res
) => {
87 const name
= req
.body
.name
;
88 const email
= req
.body
.email
;
89 const error
= checkNameEmail({name: name
, email: email
});
91 return res
.json({errmsg: error
});
96 notify: !!req
.body
.notify
,
98 UserModel
.updateSettings(user
, err
=> {
99 res
.json(err
? {errmsg: err
.toString()} : {});
103 // Logout on server because the token cookie is httpOnly
104 router
.get('/logout', access
.logged
, (req
,res
) => {
105 res
.clearCookie("token");
109 module
.exports
= router
;