|
|
|
|
const { Route, Handler } = require('../service/server.js');
|
|
|
|
|
const user = require('../model/user');
|
|
|
|
|
const token = require('../model/token');
|
|
|
|
|
const system = require('../model/system');
|
|
|
|
|
const { sendMail } = require('../lib/mail');
|
|
|
|
|
const misc = require('../lib/misc');
|
|
|
|
|
const validator = require('../lib/validator');
|
|
|
|
|
const options = require('../options');
|
|
|
|
|
const { PERM_REGISTER_USER, PERM_LOGGEDIN } = require('../permission');
|
|
|
|
|
const {
|
|
|
|
|
UserAlreadyExistError, InvalidTokenError, VerifyPasswordError,
|
|
|
|
|
UserNotFoundError, LoginError, SystemError,
|
|
|
|
|
} = require('../error');
|
|
|
|
|
|
|
|
|
|
class UserLoginHandler extends Handler {
|
|
|
|
|
async get() {
|
|
|
|
|
this.response.template = 'user_login.html';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post({ uname, password, rememberme = false }) {
|
|
|
|
|
const udoc = await user.getByUname(uname);
|
|
|
|
|
if (!udoc) throw new LoginError(uname);
|
|
|
|
|
if (udoc) udoc.checkPassword(password);
|
|
|
|
|
await user.setById(udoc._id, { loginat: new Date(), loginip: this.request.ip });
|
|
|
|
|
udoc.salt = '';
|
|
|
|
|
udoc.password = '';
|
|
|
|
|
this.session.uid = udoc._id;
|
|
|
|
|
this.session.rememberme = rememberme;
|
|
|
|
|
this.response.body = {};
|
|
|
|
|
const referer = this.request.headers.referer || '/';
|
|
|
|
|
this.response.redirect = referer.endsWith('/login') ? '/' : referer;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserLogoutHandler extends Handler {
|
|
|
|
|
constructor(ctx) {
|
|
|
|
|
super(ctx);
|
|
|
|
|
this.checkPerm(PERM_LOGGEDIN);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get() {
|
|
|
|
|
this.response.template = 'user_logout.html';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post() {
|
|
|
|
|
this.session = { uid: 1 };
|
|
|
|
|
this.response.body = {};
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserRegisterHandler extends Handler {
|
|
|
|
|
constructor(ctx) {
|
|
|
|
|
super(ctx);
|
|
|
|
|
this.checkPerm(PERM_REGISTER_USER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get() {
|
|
|
|
|
this.response.template = 'user_register.html';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post({ mail }) {
|
|
|
|
|
validator.checkEmail(mail);
|
|
|
|
|
if (await user.getByEmail(mail, true)) throw new UserAlreadyExistError(mail);
|
|
|
|
|
this.limitRate('send_mail', 3600, 30);
|
|
|
|
|
const t = await token.add(
|
|
|
|
|
token.TYPE_REGISTRATION,
|
|
|
|
|
options.registration_token_expire_seconds,
|
|
|
|
|
{ mail },
|
|
|
|
|
);
|
|
|
|
|
if (options.smtp.user) {
|
|
|
|
|
const m = await this.renderHTML('user_register_mail', { url: `/register/${t}` });
|
|
|
|
|
await sendMail(mail, 'Sign Up', 'user_register_mail', m);
|
|
|
|
|
this.response.body = {};
|
|
|
|
|
this.response.template = 'user_register_mail_sent.html';
|
|
|
|
|
} else {
|
|
|
|
|
this.response.redirect = `/register/${t[0]}`;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserRegisterWithCodeHandler extends Handler {
|
|
|
|
|
constructor(ctx) {
|
|
|
|
|
super(ctx);
|
|
|
|
|
this.checkPerm(PERM_REGISTER_USER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get({ code }) {
|
|
|
|
|
this.response.template = 'user_register_with_code.html';
|
|
|
|
|
const { mail } = await token.get(code, token.TYPE_REGISTRATION);
|
|
|
|
|
if (!mail) throw new InvalidTokenError(token.TYPE_REGISTRATION, code);
|
|
|
|
|
this.response.body = { mail };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post({
|
|
|
|
|
code, password, verifyPassword, uname,
|
|
|
|
|
}) {
|
|
|
|
|
const { mail } = await token.get(code, token.TYPE_REGISTRATION);
|
|
|
|
|
if (!mail) throw new InvalidTokenError(token.TYPE_REGISTRATION, code);
|
|
|
|
|
if (password !== verifyPassword) throw new VerifyPasswordError();
|
|
|
|
|
const uid = await system.incUserCounter();
|
|
|
|
|
await user.create({
|
|
|
|
|
uid, uname, password, mail, regip: this.request.ip,
|
|
|
|
|
});
|
|
|
|
|
await token.delete(code, token.TYPE_REGISTRATION);
|
|
|
|
|
this.session.uid = uid;
|
|
|
|
|
this.response.body = {};
|
|
|
|
|
this.response.redirect = '/';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserLostPassHandler extends Handler {
|
|
|
|
|
constructor(ctx) {
|
|
|
|
|
if (!options.smtp.user) throw new SystemError('Cannot send mail');
|
|
|
|
|
super(ctx);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get() {
|
|
|
|
|
this.response.template = 'user_lostpass.html';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post({ mail }) {
|
|
|
|
|
validator.checkEmail(mail);
|
|
|
|
|
const udoc = await user.getByEmail(mail);
|
|
|
|
|
if (!udoc) throw new UserNotFoundError(mail);
|
|
|
|
|
const tid = await token.add(
|
|
|
|
|
token.TYPE_LOSTPASS,
|
|
|
|
|
options.lostpass_token_expire_seconds,
|
|
|
|
|
{ uid: udoc._id },
|
|
|
|
|
);
|
|
|
|
|
const m = await this.renderHTML('user_lostpass_mail', { url: `/lostpass/${tid}`, uname: udoc.uname });
|
|
|
|
|
await sendMail(mail, 'Lost Password', 'user_lostpass_mail', m);
|
|
|
|
|
this.response.body = {};
|
|
|
|
|
this.response.template = 'user_lostpass_mail_sent.html';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserLostPassWithCodeHandler extends Handler {
|
|
|
|
|
async get({ code }) {
|
|
|
|
|
const tdoc = await token.get(code, token.TYPE_LOSTPASS);
|
|
|
|
|
if (!tdoc) throw new InvalidTokenError(token.TYPE_LOSTPASS, code);
|
|
|
|
|
const udoc = await user.getById(tdoc.uid);
|
|
|
|
|
this.response.body = { uname: udoc.uname };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async post({ code, password, verifyPassword }) {
|
|
|
|
|
const tdoc = await token.get(code, token.TYPE_LOSTPASS);
|
|
|
|
|
if (!tdoc) throw new InvalidTokenError(token.TYPE_LOSTPASS, code);
|
|
|
|
|
if (password !== verifyPassword) throw new VerifyPasswordError();
|
|
|
|
|
await user.setPassword(tdoc.uid, password);
|
|
|
|
|
await token.delete(code, token.TYPE_LOSTPASS);
|
|
|
|
|
this.response.redirect = '/';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserDetailHandler extends Handler {
|
|
|
|
|
constructor(ctx) {
|
|
|
|
|
super(ctx);
|
|
|
|
|
this.response.template = 'user_detail.html';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get({ uid }) {
|
|
|
|
|
const isSelfProfile = this.ctx.state.user._id === uid;
|
|
|
|
|
const udoc = await user.getById(uid);
|
|
|
|
|
if (!udoc) throw new UserNotFoundError(uid);
|
|
|
|
|
const sdoc = await token.getMostRecentSessionByUid(uid);
|
|
|
|
|
this.ctx.body = { isSelfProfile, udoc, sdoc };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class UserSearchHandler extends Handler {
|
|
|
|
|
async get({ q, exactMatch = false }) {
|
|
|
|
|
let udocs;
|
|
|
|
|
if (exactMatch) udocs = [];
|
|
|
|
|
else udocs = await user.getPrefixList(q, 20);
|
|
|
|
|
try {
|
|
|
|
|
const udoc = await user.getById(parseInt(q));
|
|
|
|
|
if (udoc) udocs.insert(0, udoc);
|
|
|
|
|
} catch (e) {
|
|
|
|
|
/* Ignore */
|
|
|
|
|
}
|
|
|
|
|
for (const i in udocs) {
|
|
|
|
|
if (udocs[i].gravatar) {
|
|
|
|
|
udocs[i].gravatar_url = misc.gravatar_url[udocs[i].gravatar];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
this.ctx.body = { udocs };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Route('/login', UserLoginHandler);
|
|
|
|
|
Route('/register', UserRegisterHandler);
|
|
|
|
|
Route('/register/:code', UserRegisterWithCodeHandler);
|
|
|
|
|
Route('/logout', UserLogoutHandler);
|
|
|
|
|
Route('/lostpass', UserLostPassHandler);
|
|
|
|
|
Route('/lostpass/:code', UserLostPassWithCodeHandler);
|
|
|
|
|
Route('/user/:uid', UserDetailHandler);
|
|
|
|
|
Route('/user/search', UserSearchHandler);
|
