var db = require("../utils/database");
var maild = require("../utils/mailer.js");
+var genToken = require("../utils/tokenGenerator");
+var params = require("../config/parameters");
/*
* Structure:
* notify: boolean (send email notifications for corr games)
*/
-// User creation
-exports.create = function(name, email, notify, callback)
+const UserModel =
{
- if (!notify)
- notify = false; //default
- db.serialize(function() {
- db.run(
- "INSERT INTO Users " +
- "(name, email, notify) VALUES " +
- "(" + name + "," + email + "," + notify + ")");
- });
-}
+ // NOTE: parameters are already cleaned (in controller), thus no sanitization here
+ create: function(name, email, notify, callback)
+ {
+ db.serialize(function() {
+ const insertQuery =
+ "INSERT INTO Users " +
+ "(name, email, notify) VALUES " +
+ "('" + name + "', '" + email + "', " + notify + ")";
+ db.run(insertQuery, err => {
+ if (!!err)
+ return callback(err);
+ db.get("SELECT last_insert_rowid() AS rowid", callback);
+ });
+ });
+ },
-// Find one user (by id, name, email, or token)
-exports.getOne = function(by, value, cb)
-{
- const delimiter = (typeof value === "string" ? "'" : "");
- db.serialize(function() {
- db.get(
- "SELECT * FROM Users " +
- "WHERE " + by " = " + delimiter + value + delimiter,
- callback);
- });
-}
+ // Find one user (by id, name, email, or token)
+ getOne: function(by, value, cb)
+ {
+ const delimiter = (typeof value === "string" ? "'" : "");
+ db.serialize(function() {
+ const query =
+ "SELECT * " +
+ "FROM Users " +
+ "WHERE " + by + " = " + delimiter + value + delimiter;
+ db.get(query, cb);
+ });
+ },
-/////////
-// MODIFY
+ /////////
+ // MODIFY
-exports.setLoginToken = function(token, uid, cb)
-{
- db.serialize(function() {
- db.run(
- "UPDATE Users " +
- "SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
- "WHERE id = " + uid);
- });
-}
+ setLoginToken: function(token, uid, cb)
+ {
+ db.serialize(function() {
+ const query =
+ "UPDATE Users " +
+ "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
+ "WHERE id = " + uid;
+ db.run(query, cb);
+ });
+ },
-exports.setSessionToken = function(token, uid, cb)
-{
- // Also empty the login token to invalidate future attempts
- db.serialize(function() {
- db.run(
- "UPDATE Users " +
- "SET loginToken = NULL AND sessionToken = " + token + " " +
- "WHERE id = " + uid);
- });
-}
+ // Set session token only if empty (first login)
+ // TODO: weaker security (but avoid to re-login everywhere after each logout)
+ trySetSessionToken: function(uid, cb)
+ {
+ // Also empty the login token to invalidate future attempts
+ db.serialize(function() {
+ const querySessionToken =
+ "SELECT sessionToken " +
+ "FROM Users " +
+ "WHERE id = " + uid;
+ db.get(querySessionToken, (err,ret) => {
+ if (!!err)
+ return cb(err);
+ const token = ret.sessionToken || genToken(params.token.length);
+ const queryUpdate =
+ "UPDATE Users " +
+ "SET loginToken = NULL" +
+ (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+ "WHERE id = " + uid;
+ db.run(queryUpdate);
+ cb(null, token);
+ });
+ });
+ },
-exports.updateSettings = function(name, email, notify, cb)
-{
- db.serialize(function() {
- db.run(
- "UPDATE Users " +
- "SET name = " + name +
- " AND email = " + email +
- " AND notify = " + notify + " " +
- "WHERE id = " + uid);
- });
+ updateSettings: function(user, cb)
+ {
+ db.serialize(function() {
+ const query =
+ "UPDATE Users " +
+ "SET name = '" + user.name + "'" +
+ ", email = '" + user.email + "'" +
+ ", notify = " + user.notify + " " +
+ "WHERE id = " + user.id;
+ db.run(query, cb);
+ });
+ },
}
+
+module.exports = UserModel;