kris
/
Musare
zrcadlo https://github.com/Musare/Musare.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252
							'use strict';

const async = require('async');
const config = require('config');
const request = require('request');
const bcrypt = require('bcrypt');

const db = require('../db');
const cache = require('../cache');
const utils = require('../utils');
const hooks = require('./hooks');
const sha256 = require('sha256');

module.exports = {

	login: (session, identifier, password, cb) => {

		identifier = identifier.toLowerCase();

		async.waterfall([

			// check if a user with the requested identifier exists
			(next) => db.models.user.findOne({
				$or: [{ 'username': identifier }, { 'email.address': identifier }]
			}, next),

			// if the user doesn't exist, respond with a failure
			// otherwise compare the requested password and the actual users password
			(user, next) => {
				if (!user) return next(true, { status: 'failure', message: 'User not found' });
				bcrypt.compare(sha256(password), user.services.password.password, (err, match) => {

					if (err) return next(err);

					// if the passwords match
					if (match) {

						// store the session in the cache
						let sessionId = utils.guid();
						cache.hset('sessions', sessionId, cache.schemas.session(sessionId, user._id), (err) => {
							if (!err) {
								//TODO See if it is necessary to add new SID to socket.
								next(null, { status: 'success', message: 'Login successful', user, SID: sessionId });
							} else {
								next(null, { status: 'failure', message: 'Something went wrong' });
							}
						});
					}
					else {
						next(null, { status: 'failure', message: 'Incorrect password' });
					}
				});
			}

		], (err, payload) => {

			// log this error somewhere
			if (err && err !== true) {
				console.error(err);
				return cb({ status: 'error', message: 'An error occurred while logging in' });
			}

			cb(payload);
		});

	},

	register: function(session, username, email, password, recaptcha, cb) {
		email = email.toLowerCase();
		async.waterfall([

			// verify the request with google recaptcha
			(next) => {
				request({
					url: 'https://www.google.com/recaptcha/api/siteverify',
					method: 'POST',
					form: {
						'secret': config.get("apis").recaptcha.secret,
						'response': recaptcha
					}
				}, next);
			},

			// check if the response from Google recaptcha is successful
			// if it is, we check if a user with the requested username already exists
			(response, body, next) => {
				let json = JSON.parse(body);
				if (json.success !== true) return next('Response from recaptcha was not successful');
				db.models.user.findOne({ username: new RegExp(`^${username}$`, 'i') }, next);
			},

			// if the user already exists, respond with that
			// otherwise check if a user with the requested email already exists
			(user, next) => {
				if (user) return next(true, { status: 'failure', message: 'A user with that username already exists' });
				db.models.user.findOne({ 'email.address': email }, next);
			},

			// if the user already exists, respond with that
			// otherwise, generate a salt to use with hashing the new users password
			(user, next) => {
				if (user) return next(true, { status: 'failure', message: 'A user with that email already exists' });
				bcrypt.genSalt(10, next);
			},

			// hash the password
			(salt, next) => {
				bcrypt.hash(sha256(password), salt, next)
			},

			// save the new user to the database
			(hash, next) => {
				db.models.user.create({
					_id: utils.generateRandomString(12),//TODO Check if exists
					username,
					email: {
						address: email,
						verificationToken: utils.generateRandomString(64)
					},
					services: {
						password: {
							password: hash
						}
					}
				}, next);
			},

			// respond with the new user
			(newUser, next) => {
				//TODO Send verification email
				next(null, { status: 'success', user: newUser })
			}

		], (err, payload) => {
			// log this error somewhere
			if (err && err !== true) {
				console.error(err);
				return cb({ status: 'error', message: 'An error occurred while registering for an account' });
			} else {
				module.exports.login(session, email, password, (result) => {
					let obj = {status: 'success', message: 'Successfully registered.'};
					if (result.status === 'success') {
						obj.SID = result.SID;
					}
					cb(obj);
				});
			}
		});

	},

	logout: (session, cb) => {

		cache.hget('sessions', session.sessionId, (err, session) => {
			if (err || !session) return cb({ 'status': 'failure', message: 'Something went wrong while logging you out.' });

			cache.hdel('sessions', session.sessionId, (err) => {
				if (err) return cb({ 'status': 'failure', message: 'Something went wrong while logging you out.' });
				return cb({ 'status': 'success', message: 'You have been successfully logged out.' });
			});
		});

	},

	findByUsername: (session, username, cb) => {
		db.models.user.find({ username }, (err, account) => {
			if (err) throw err;
			else if (account.length == 0) {
				return cb({
					status: 'error',
					message: 'Username cannot be found'
				});
			} else {
				account = account[0];
				return cb({
					status: 'success',
					data: {
						_id: account._id,
						username: account.username,
						role: account.role,
						email: account.email.address,
						password: '',
						createdAt: account.createdAt,
						statistics: account.statistics,
						liked: account.liked,
						disliked: account.disliked
					}
				});
			}
		});
	},

	//TODO Fix security issues
	findBySession: (session, cb) => {
		cache.hget('sessions', session.sessionId, (err, session) => {
			if (err) return cb({ 'status': 'error', message: err });
			if (!session) return cb({ 'status': 'error', message: 'You are not logged in' });
			db.models.user.findOne({ _id: session.userId }, {username: 1, "email.address": 1}, (err, user) => {
				if (err) { throw err; } else if (user) {
					return cb({
						status: 'success',
						data: user
					});
				}
			});
		});

	},

	updateUsername: hooks.loginRequired((session, newUsername, cb, userId) => {
		db.models.user.findOne({ _id: userId }, (err, user) => {
			if (err) console.error(err);
			if (!user) return cb({ status: 'error', message: 'User not found.' });
			if (user.username !== newUsername) {
				if (user.username.toLowerCase() !== newUsername.toLowerCase()) {
					db.models.user.findOne({username: new RegExp(`^${newUsername}$`, 'i')}, (err, _user) => {
						if (err) return cb({ status: 'error', message: err.message });
						if (_user) return cb({ status: 'failure', message: 'That username is already in use.' });
						db.models.user.update({_id: userId}, {$set: {username: newUsername}}, (err) => {
							if (err) return cb({ status: 'error', message: err.message });
							cb({ status: 'success', message: 'Username updated successfully.' });
						});
					});
				} else {
					db.models.user.update({_id: userId}, {$set: {username: newUsername}}, (err) => {
						if (err) return cb({ status: 'error', message: err.message });
						cb({ status: 'success', message: 'Username updated successfully.' });
					});
				}
			} else cb({ status: 'error', message: 'Username has not changed. Your new username cannot be the same as your old username.' });
		});
	}),

	updateEmail: hooks.loginRequired((session, newEmail, cb, userId) => {
		newEmail = newEmail.toLowerCase();
		db.models.user.findOne({ _id: userId }, (err, user) => {
			if (err) console.error(err);
			if (!user) return cb({ status: 'error', message: 'User not found.' });
			if (user.email.address !== newEmail) {
				db.models.user.findOne({"email.address": newEmail}, (err, _user) => {
					if (err) return cb({ status: 'error', message: err.message });
					if (_user) return cb({ status: 'failure', message: 'That email is already in use.' });
					db.models.user.update({_id: userId}, {$set: {"email.address": newEmail}}, (err) => {
						if (err) return cb({ status: 'error', message: err.message });
						cb({ status: 'success', message: 'Email updated successfully.' });
					});
				});
			} else cb({ status: 'error', message: 'Email has not changed. Your new email cannot be the same as your old email.' });
		});
	})

};