Hydro/hydro/handler/user.js

const { Route, Handler } = require('../service/server.js');
const user = require('../model/user');
const token = require('../model/token');
const system = require('../model/system');
const { sendMail } = require('../lib/mail');
const misc = require('../lib/misc');
const { PERM_LOGGEDIN } = require('../permission');
const {
    UserAlreadyExistError, InvalidTokenError, VerifyPasswordError,
    UserNotFoundError, LoginError, SystemError,
    PermissionError,
} = require('../error');

class UserLoginHandler extends Handler {
    async get() {
        this.response.template = 'user_login.html';
    }

    async post({
        domainId, uname, password, rememberme = false,
    }) {
        const udoc = await user.getByUname(domainId, uname);
        if (!udoc) throw new LoginError(uname);
        if (udoc) udoc.checkPassword(password);
        await user.setById(udoc._id, { loginat: new Date(), loginip: this.request.ip });
        udoc.salt = '';
        udoc.password = '';
        this.session.uid = udoc._id;
        this.session.rememberme = rememberme;
        const referer = this.request.headers.referer || '/';
        this.response.redirect = referer.endsWith('/login') ? '/' : referer;
    }
}

class UserLogoutHandler extends Handler {
    async get() {
        this.response.template = 'user_logout.html';
    }

    async post() {
        this.session.uid = 1;
    }
}

class UserRegisterHandler extends Handler {
    async prepare() { // eslint-disable-line class-methods-use-this
        if (!await system.get('user.register')) {
            throw new PermissionError('Register');
        }
    }

    async get() {
        this.response.template = 'user_register.html';
    }

    async post({ mail }) {
        if (await user.getByEmail(mail, true)) throw new UserAlreadyExistError(mail);
        this.limitRate('send_mail', 3600, 30);
        const t = await token.add(
            token.TYPE_REGISTRATION,
            await system.get('registration_token_expire_seconds'),
            { mail },
        );
        if (await system.get('smtp.user')) {
            const m = await this.renderHTML('user_register_mail', { url: `/register/${t[0]}` });
            await sendMail(mail, 'Sign Up', 'user_register_mail', m);
            this.response.template = 'user_register_mail_sent.html';
        } else {
            this.response.redirect = `/register/${t[0]}`;
        }
    }
}

class UserRegisterWithCodeHandler extends Handler {
    async get({ code }) {
        this.response.template = 'user_register_with_code.html';
        const { mail } = await token.get(code, token.TYPE_REGISTRATION);
        if (!mail) throw new InvalidTokenError(token.TYPE_REGISTRATION, code);
        this.response.body = { mail };
    }

    async post({
        code, password, verifyPassword, uname,
    }) {
        const { mail } = await token.get(code, token.TYPE_REGISTRATION);
        if (!mail) throw new InvalidTokenError(token.TYPE_REGISTRATION, code);
        if (password !== verifyPassword) throw new VerifyPasswordError();
        const uid = await system.inc('user');
        await user.create({
            uid, uname, password, mail, regip: this.request.ip,
        });
        await token.delete(code, token.TYPE_REGISTRATION);
        this.session.uid = uid;
        this.response.redirect = '/';
    }
}

class UserLostPassHandler extends Handler {
    async get() {
        if (!await system.get('smtp.user')) throw new SystemError('Cannot send mail');
        this.response.template = 'user_lostpass.html';
    }

    async post({ mail }) {
        if (!await system.get('smtp.user')) throw new SystemError('Cannot send mail');
        const udoc = await user.getByEmail(mail);
        if (!udoc) throw new UserNotFoundError(mail);
        const tid = await token.add(
            token.TYPE_LOSTPASS,
            await system.get('lostpass_token_expire_seconds'),
            { uid: udoc._id },
        );
        const m = await this.renderHTML('user_lostpass_mail', { url: `/lostpass/${tid}`, uname: udoc.uname });
        await sendMail(mail, 'Lost Password', 'user_lostpass_mail', m);
        this.response.template = 'user_lostpass_mail_sent.html';
    }
}

class UserLostPassWithCodeHandler extends Handler {
    async get({ domainId, code }) {
        const tdoc = await token.get(code, token.TYPE_LOSTPASS);
        if (!tdoc) throw new InvalidTokenError(token.TYPE_LOSTPASS, code);
        const udoc = await user.getById(domainId, tdoc.uid);
        this.response.body = { uname: udoc.uname };
    }

    async post({ code, password, verifyPassword }) {
        const tdoc = await token.get(code, token.TYPE_LOSTPASS);
        if (!tdoc) throw new InvalidTokenError(token.TYPE_LOSTPASS, code);
        if (password !== verifyPassword) throw new VerifyPasswordError();
        await user.setPassword(tdoc.uid, password);
        await token.delete(code, token.TYPE_LOSTPASS);
        this.response.redirect = '/';
    }
}

class UserDetailHandler extends Handler {
    async get({ domainId, uid }) {
        const isSelfProfile = this.user._id === uid;
        const udoc = await user.getById(domainId, uid);
        if (!udoc) throw new UserNotFoundError(uid);
        const sdoc = await token.getMostRecentSessionByUid(uid);
        this.response.template = 'user_detail.html';
        this.response.body = { isSelfProfile, udoc, sdoc };
    }
}

class UserSearchHandler extends Handler {
    async get({ domainId, q, exactMatch = false }) {
        let udocs;
        if (exactMatch) udocs = [];
        else udocs = await user.getPrefixList(q, 20);
        try {
            const udoc = await user.getById(domainId, parseInt(q));
            if (udoc) udocs.push(udoc);
        } catch (e) {
            /* Ignore */
        }
        for (const i in udocs) {
            if (udocs[i].gravatar) {
                udocs[i].gravatar_url = misc.gravatar(udocs[i].gravatar);
            }
        }
        this.response.body = udocs;
    }
}

async function apply() {
    Route('/login', module.exports.UserLoginHandler);
    Route('/register', module.exports.UserRegisterHandler);
    Route('/register/:code', module.exports.UserRegisterWithCodeHandler);
    Route('/logout', module.exports.UserLogoutHandler, PERM_LOGGEDIN);
    Route('/lostpass', module.exports.UserLostPassHandler);
    Route('/lostpass/:code', module.exports.UserLostPassWithCodeHandler);
    Route('/user/search', module.exports.UserSearchHandler);
    Route('/user/:uid', module.exports.UserDetailHandler);
}

global.Hydro.handler.user = module.exports = {
    UserLoginHandler,
    UserRegisterHandler,
    UserRegisterWithCodeHandler,
    UserLogoutHandler,
    UserLostPassHandler,
    UserLostPassWithCodeHandler,
    UserSearchHandler,
    UserDetailHandler,
    apply,
};