Kezdőlap Felfedezés Súgó
Bejelentkezés
kris
/
Musare
tükrözi: https://github.com/Musare/Musare.git
1
0
Másolás 0
Fájlok Problémák 0 Wiki
Fa: d857096cc0
Branch-ok Tag-ek
Musare
/
backend
/
logic
/
actions
/
users.js

users.js 6.9 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. 'use strict';
    2. 

  2. 

  3. const async = require('async');
    4. 

  4. const config = require('config');
    5. 

  5. const request = require('request');
    6. 

  6. const bcrypt = require('bcrypt');
    7. 

  7. 

  8. const db = require('../db');
    9. 

  9. const cache = require('../cache');
    10. 

  10. const utils = require('../utils');
    11. 

  11. const hooks = require('./hooks');
    12. 

  12. 

  13. module.exports = {
    14. 

  14. 

  15. 	login: (session, identifier, password, cb) => {
    16. 

  16. 

  17. 		async.waterfall([
    18. 

  18. 

  19. 			// check if a user with the requested identifier exists
    20. 

  20. 			(next) => db.models.user.findOne({
    21. 

  21. 				//TODO Handle lowercase
    22. 

  22. 				$or: [{ 'username': identifier }, { 'email.address': identifier }]
    23. 

  23. 			}, next),
    24. 

  24. 

  25. 			// if the user doesn't exist, respond with a failure
    26. 

  26. 			// otherwise compare the requested password and the actual users password
    27. 

  27. 			(user, next) => {
    28. 

  28. 				if (!user) return next(true, { status: 'failure', message: 'User not found' });
    29. 

  29. 				bcrypt.compare(password, user.services.password.password, (err, match) => {
    30. 

  30. 

  31. 					if (err) return next(err);
    32. 

  32. 

  33. 					// if the passwords match
    34. 

  34. 					if (match) {
    35. 

  35. 

  36. 						// store the session in the cache
    37. 

  37. 						let sessionId = utils.guid();
    38. 

  38. 						cache.hset('sessions', sessionId, cache.schemas.session(sessionId, user._id), (err) => {
    39. 

  39. 							if (!err) {
    40. 

  40. 								//TODO See if it is necessary to add new SID to socket.
    41. 

  41. 								next(null, { status: 'success', message: 'Login successful', user, SID: sessionId });
    42. 

  42. 							} else {
    43. 

  43. 								next(null, { status: 'failure', message: 'Something went wrong' });
    44. 

  44. 							}
    45. 

  45. 						});
    46. 

  46. 					}
    47. 

  47. 					else {
    48. 

  48. 						next(null, { status: 'failure', message: 'Incorrect password' });
    49. 

  49. 					}
    50. 

  50. 				});
    51. 

  51. 			}
    52. 

  52. 

  53. 		], (err, payload) => {
    54. 

  54. 

  55. 			// log this error somewhere
    56. 

  56. 			if (err && err !== true) {
    57. 

  57. 				console.error(err);
    58. 

  58. 				return cb({ status: 'error', message: 'An error occurred while logging in' });
    59. 

  59. 			}
    60. 

  60. 

  61. 			cb(payload);
    62. 

  62. 		});
    63. 

  63. 

  64. 	},
    65. 

  65. 

  66. 	register: function(session, username, email, password, recaptcha, cb) {
    67. 

  67. 		email = email.toLowerCase();
    68. 

  68. 		async.waterfall([
    69. 

  69. 

  70. 			// verify the request with google recaptcha
    71. 

  71. 			/*(next) => {
    72. 

  72. 				request({
    73. 

  73. 					url: 'https://www.google.com/recaptcha/api/siteverify',
    74. 

  74. 					method: 'POST',
    75. 

  75. 					form: {
    76. 

  76. 						//'secret': config.get("apis.recaptcha.secret"),
    77. 

  77. 						'response': recaptcha
    78. 

  78. 					}
    79. 

  79. 				}, next);
    80. 

  80. 			},*/
    81. 

  81. 

  82. 			// check if the response from Google recaptcha is successful
    83. 

  83. 			// if it is, we check if a user with the requested username already exists
    84. 

  84. 			(/*response, body, */next) => {
    85. 

  85. 				/*let json = JSON.parse(body);*/
    86. 

  86. 				//if (json.success !== true) return next('Response from recaptcha was not successful');
    87. 

  87. 				db.models.user.findOne({ username: new RegExp(`^${username}$`, 'i') }, next);
    88. 

  88. 			},
    89. 

  89. 

  90. 			// if the user already exists, respond with that
    91. 

  91. 			// otherwise check if a user with the requested email already exists
    92. 

  92. 			(user, next) => {
    93. 

  93. 				if (user) return next(true, { status: 'failure', message: 'A user with that username already exists' });
    94. 

  94. 				db.models.user.findOne({ 'email.address': email }, next);
    95. 

  95. 			},
    96. 

  96. 

  97. 			// if the user already exists, respond with that
    98. 

  98. 			// otherwise, generate a salt to use with hashing the new users password
    99. 

  99. 			(user, next) => {
    100. 

  100. 				if (user) return next(true, { status: 'failure', message: 'A user with that email already exists' });
    101. 

  101. 				bcrypt.genSalt(10, next);
    102. 

  102. 			},
    103. 

  103. 

  104. 			// hash the password
    105. 

  105. 			(salt, next) => {
    106. 

  106. 				bcrypt.hash(password, salt, next)
    107. 

  107. 			},
    108. 

  108. 

  109. 			// save the new user to the database
    110. 

  110. 			(hash, next) => {
    111. 

  111. 				db.models.user.create({
    112. 

  112. 					username,
    113. 

  113. 					email: {
    114. 

  114. 						address: email,
    115. 

  115. 						verificationToken: utils.generateRandomString(64)
    116. 

  116. 					},
    117. 

  117. 					services: {
    118. 

  118. 						password: {
    119. 

  119. 							password: hash
    120. 

  120. 						}
    121. 

  121. 					}
    122. 

  122. 				}, next);
    123. 

  123. 			},
    124. 

  124. 

  125. 			// respond with the new user
    126. 

  126. 			(newUser, next) => {
    127. 

  127. 				//TODO Send verification email
    128. 

  128. 				next(null, { status: 'success', user: newUser })
    129. 

  129. 			}
    130. 

  130. 

  131. 		], (err, payload) => {
    132. 

  132. 			// log this error somewhere
    133. 

  133. 			if (err && err !== true) {
    134. 

  134. 				console.error(err);
    135. 

  135. 				return cb({ status: 'error', message: 'An error occurred while registering for an account' });
    136. 

  136. 			}
    137. 

  137. 			// respond with the payload that was passed to us earlier
    138. 

  138. 			module.exports.login(session, email, password, (result) => {
    139. 

  139. 				let obj = { status: 'success', message: 'Successfully registered.' };
    140. 

  140. 				if (result.status === 'success') {
    141. 

  141. 					obj.SID = result.SID;
    142. 

  142. 				}
    143. 

  143. 				cb(obj);
    144. 

  144. 			});
    145. 

  145. 		});
    146. 

  146. 

  147. 	},
    148. 

  148. 

  149. 	logout: (session, cb) => {
    150. 

  150. 

  151. 		cache.hget('sessions', session.sessionId, (err, session) => {
    152. 

  152. 			if (err || !session) return cb({ 'status': 'failure', message: 'Something went wrong while logging you out.' });
    153. 

  153. 

  154. 			cache.hdel('sessions', session.sessionId, (err) => {
    155. 

  155. 				if (err) return cb({ 'status': 'failure', message: 'Something went wrong while logging you out.' });
    156. 

  156. 				return cb({ 'status': 'success', message: 'You have been successfully logged out.' });
    157. 

  157. 			});
    158. 

  158. 		});
    159. 

  159. 

  160. 	},
    161. 

  161. 

  162. 	findByUsername: (session, username, cb) => {
    163. 

  163. 		db.models.user.find({ username }, (err, account) => {
    164. 

  164. 			if (err) throw err;
    165. 

  165. 			else if (account.length == 0) {
    166. 

  166. 				return cb({
    167. 

  167. 					status: 'error',
    168. 

  168. 					message: 'Username cannot be found'
    169. 

  169. 				});
    170. 

  170. 			} else {
    171. 

  171. 				account = account[0];
    172. 

  172. 				return cb({
    173. 

  173. 					status: 'success',
    174. 

  174. 					data: {
    175. 

  175. 						_id: account._id,
    176. 

  176. 						username: account.username,
    177. 

  177. 						role: account.role,
    178. 

  178. 						email: account.email.address,
    179. 

  179. 						password: '',
    180. 

  180. 						createdAt: account.createdAt,
    181. 

  181. 						statistics: account.statistics
    182. 

  182. 					}
    183. 

  183. 				});
    184. 

  184. 			}
    185. 

  185. 		});
    186. 

  186. 	},
    187. 

  187. 

  188. 	findBySession: (session, cb) => {
    189. 

  189. 		cache.hget('sessions', session.sessionId, (err, session) => {
    190. 

  190. 			if (err) return cb({ 'status': 'error', message: err });
    191. 

  191. 			if (!session) return cb({ 'status': 'error', message: 'You are not logged in' });
    192. 

  192. 			db.models.user.findOne({ _id: session.userId }, (err, user) => {
    193. 

  193. 				if (err) { throw err; } else if (user) {
    194. 

  194. 					return cb({
    195. 

  195. 						status: 'success',
    196. 

  196. 						data: user
    197. 

  197. 					});
    198. 

  198. 				}
    199. 

  199. 			});
    200. 

  200. 		});
    201. 

  201. 

  202. 	},
    203. 

  203. 

  204. 	update: hooks.loginRequired((session, user_id, property, value, cb) => {
    205. 

  205.         db.models.user.findOne({ _id: session.userId }, (err, user) => {
    206. 

  206.             if (err) throw err;
    207. 

  207.             else if (!user) cb({ status: 'error', message: 'Invalid User ID' });
    208. 

  208.             else if (user[property] !== undefined && user[property] !== value) {
    209. 

  209.                 if (property === 'services.password.password') {
    210. 

  210.                     bcrypt.compare(user[property], value, (err, res) => {
    211. 

  211.                         if (err) throw err;
    212. 

  212.                         bcrypt.genSalt(10, (err, salt) => {
    213. 

  213.                             if (err) throw err;
    214. 

  214.                             bcrypt.hash(value, salt, (err, hash) => {
    215. 

  215.                                 if (err) throw err;
    216. 

  216.                                 user[property] = hash;
    217. 

  217.                             });
    218. 

  218.                         });
    219. 

  219.                     });
    220. 

  220.                 } else user[property] = value;
    221. 

  221.                 user.save(err => {
    222. 

  222.                     if (err) cb({ status: 'error', message: err.message });
    223. 

  223. 					else cb({ status: 'success', message: 'Field saved successfully' });
    224. 

  224.                 });
    225. 

  225.             } else cb({ status: 'error', message: 'Field has not changed' });
    226. 

  226.         });
    227. 

  227.     })
    228. 

  228. 

  229. };
    230.