nodebb/src/user.js

var	config = require('../config.js'),
	utils = require('../utils.js'),
	RDB = require('./redis.js'),
	emailjs = require('emailjs'),
	emailjsServer = emailjs.server.connect(config.mailer);

(function(User) {

	User.login = function(user) {
		if (user.username == null || user.password == null) {
			return global.socket.emit('user.login', {'status': 0, 'message': 'Missing fields'});
		}

		RDB.get('username:' + user.username + ':uid', function(uid) {
			if (uid == null) {
				return global.socket.emit('user.login', {'status': 0, 'message': 'Username does not exist.'});
			}

			RDB.get('uid:' + uid + ':password', function(password) {
				if (user.password != password) {
					return global.socket.emit('user.login', {'status': 0, 'message': 'Incorrect username / password combination.'});
				} else {
					// Start, replace, or extend a session
					RDB.get('sess:' + user.sessionID, function(session) {
						if (session !== user.sessionID) {
							RDB.set('sess:' + user.sessionID + ':uid', uid, 60*60*24*14);	// Login valid for two weeks
							RDB.set('uid:' + uid + ':session', user.sessionID, 60*60*24*14);
						} else {
							RDB.expire('sess:' + user.sessionID + ':uid', 60*60*24*14);	// Defer expiration to two weeks from now
							RDB.expire('uid:' + uid + ':session', 60*60*24*14);
						}
					});

					return socket.emit('user.login', {'status': 1, 'message': 'Logged in!'});
				}
			});
		});
	};

	User.logout = function(sessionID, callback) {
		User.get_uid_by_session(sessionID, function(uid) {
			if (uid) {
				RDB.del('sess:' + sessionID + ':uid');
				RDB.del('uid:' + uid + ':session');
				callback(true);
			} else callback(false);
		});
	}

	User.create = function(username, password, email) {
		if (username == null || password == null) {
			return; global.socket.emit('user.create', {'status': 0, 'message': 'Missing fields'});
		}


		User.exists(username, function(exists) {
			if (exists) {
				return;
			}

			RDB.incr('global:next_user_id', function(uid) {
				RDB.set('username:' + username + ':uid', uid);
				RDB.set('uid:' + uid + ':username', username);
				RDB.set('uid:' + uid + ':password', password);
				RDB.set('uid:' + uid + ':email', email);
				RDB.set('email:' + email, uid);
				
				RDB.incr('user:count', function(count) {
					io.sockets.emit('user.count', {count: count});
				});

				RDB.lpush('user:users', username);
				io.sockets.emit('user.latest', {username: username});

				global.socket.emit('user.create', {'status': 1});

				global.socket.emit('event:alert', {
					title: 'Thank you for registering',
					message: 'You have successfully registered - welcome to nodebb!',
					type: 'notify',
					timeout: 2000
				});
			});
		});
	};


	User.exists = function(username, callback) {
		User.get_uid_by_username(username, function(exists) {
			exists = !!exists;
			global.socket.emit('user.exists', {exists: exists})

			if (callback) {
				callback(exists);
			}
		});
	};
	User.count = function() {
		RDB.get('user:count', function(count) {
			global.socket.emit('user.count', {count: (count === null) ? 0 : count});
		});
	};
	User.latest = function() {
		RDB.lrange('user:users', 0, 0, function(username) {
			global.socket.emit('user.latest', {username: username});
		});	
	}

	User.get_uid_by_username = function(username, callback) {
		RDB.get('username:' + username + ':uid', callback);
	};

	User.get_uid_by_email = function(email, callback) {
		RDB.get('email:' + email, callback)
	};

	User.get_uid_by_session = function(session, callback) {
		RDB.get('sess:' + session + ':uid', callback);
	};

	User.reset = {
		validate: function(code, callback) {
			if (typeof callback !== 'function') callback = undefined;

			RDB.get('reset:' + code + ':uid', function(uid) {
				if (uid !== null) {
					RDB.get('reset:' + code + ':expiry', function(expiry) {
						if (expiry >= +new Date()/1000|0) {
							if (!callback) global.socket.emit('user:reset.valid', { valid: true });
							else callback(true);
						} else {
							// Expired, delete from db
							RDB.del('reset:' + code + ':uid');
							RDB.del('reset:' + code + ':expiry');
							if (!callback) global.socket.emit('user:reset.valid', { valid: false });
							else callback(false);
						}
					});
				} else {
					if (!callback) global.socket.emit('user:reset.valid', { valid: false });
					else callback(false);
				}
			});
		},
		send: function(email) {
			User.get_uid_by_email(email, function(uid) {
				if (uid !== null) {
					// Generate a new reset code
					var reset_code = utils.generateUUID();
					RDB.set('reset:' + reset_code + ':uid', uid);
					RDB.set('reset:' + reset_code + ':expiry', (60*60)+new Date()/1000|0);	// Active for one hour

					var reset_link = config.url + 'reset/' + reset_code,
						reset_email = global.templates['emails/reset'].parse({'RESET_LINK': reset_link}),
						reset_email_plaintext = global.templates['emails/reset_plaintext'].parse({ 'RESET_LINK': reset_link });

					var message = emailjs.message.create({
						text: reset_email_plaintext,
						from: config.mailer.from,
						to: email,
						subject: 'Password Reset Requested',
						attachment: [
							{
								data: reset_email,
								alternative: true
							}
						]
					});
					
					emailjsServer.send(message, function(err, success) {
						if (err === null) {
							global.socket.emit('user.send_reset', {
								status: "ok",
								message: "code-sent",
								email: email
							});
						} else {
							global.socket.emit('user.send_reset', {
								status: "error",
								message: "send-failed"
							});
							throw new Error(err);
						}
					});
				} else {
					global.socket.emit('user.send_reset', {
						status: "error",
						message: "invalid-email",
						email: email
					});
				}
			});
		},
		commit: function(code, password) {
			this.validate(code, function(validated) {
				if (validated) {
					RDB.get('reset:' + code + ':uid', function(uid) {
						RDB.set('uid:' + uid + ':password', password);
						RDB.del('reset:' + code + ':uid');
						RDB.del('reset:' + code + ':expiry');

						global.socket.emit('user:reset.commit', { status: 'ok' });
					});
				}
			});
		}
	}

	User.email = {
		exists: function(email, callback) {
			User.get_uid_by_email(email, function(exists) {
				exists = !!exists;
				if (typeof callback !== 'function') global.socket.emit('user.email.exists', { exists: exists });
				else callback(exists);
			});
		}
	}

	User.active = {
		get: function(callback) {
			RDB.keys('active:*', function(active) {
				var	returnObj = {
						users: 0,
						anon: 0,
						uids: []
					},
					keys = [];

				if (active.length > 0) {
					for(var a in active) {
						keys.push('sess:' + active[a].split(':')[1] + ':uid');
					}

					RDB.mget(keys, function(uids) {
						for(var u in uids) {
							if (uids[u] !== null) {
								if (returnObj.uids.indexOf(uids[u]) === -1) {
									returnObj.users++;
									returnObj.uids.push(uids[u]);
								}
							} else {
								returnObj.anon++;
							}
						}

						if (callback === undefined) {
							io.sockets.emit('api:user.active.get', returnObj)
						} else {
							callback(returnObj);
						}
					});
				} else {
					io.sockets.emit('api:user.active.get', returnObj)
				}
			});
		},
		register: function(sessionID) {
			RDB.set('active:' + sessionID, '', 60*10);	// Active state persists for 10 minutes
			this.get();
		}
	}
}(exports));
more work with reset page 12 years ago			`var config = require('../config.js'),`
			`utils = require('../utils.js'),`
			`RDB = require('./redis.js'),`
			`emailjs = require('emailjs'),`
			`emailjsServer = emailjs.server.connect(config.mailer);`
init, just some testing 12 years ago
			`(function(User) {`

added login, fixed gitignore 12 years ago			`User.login = function(user) {`
			`if (user.username == null \|\| user.password == null) {`
			`return global.socket.emit('user.login', {'status': 0, 'message': 'Missing fields'});`
			`}`

			`RDB.get('username:' + user.username + ':uid', function(uid) {`
			`if (uid == null) {`
			`return global.socket.emit('user.login', {'status': 0, 'message': 'Username does not exist.'});`
			`}`

			`RDB.get('uid:' + uid + ':password', function(password) {`
			`if (user.password != password) {`
			`return global.socket.emit('user.login', {'status': 0, 'message': 'Incorrect username / password combination.'});`
			`} else {`
some work on session login etc 12 years ago			`// Start, replace, or extend a session`
logout functionality 12 years ago			`RDB.get('sess:' + user.sessionID, function(session) {`
fixing issue with auth (removed session saving stuff by mistake) 12 years ago			`if (session !== user.sessionID) {`
logout functionality 12 years ago			`RDB.set('sess:' + user.sessionID + ':uid', uid, 606024*14); // Login valid for two weeks`
			`RDB.set('uid:' + uid + ':session', user.sessionID, 606024*14);`
fixing issue with auth (removed session saving stuff by mistake) 12 years ago			`} else {`
logout functionality 12 years ago			`RDB.expire('sess:' + user.sessionID + ':uid', 606024*14); // Defer expiration to two weeks from now`
			`RDB.expire('uid:' + uid + ':session', 606024*14);`
fixing issue with auth (removed session saving stuff by mistake) 12 years ago			`}`
			`});`
some work on session login etc 12 years ago
merging changes for stash pop 12 years ago			`return socket.emit('user.login', {'status': 1, 'message': 'Logged in!'});`
added login, fixed gitignore 12 years ago			`}`
			`});`
			`});`
			`};`

fixing login and logout sessions 12 years ago			`User.logout = function(sessionID, callback) {`
			`User.get_uid_by_session(sessionID, function(uid) {`
			`if (uid) {`
logout functionality 12 years ago			`RDB.del('sess:' + sessionID + ':uid');`
fixing login and logout sessions 12 years ago			`RDB.del('uid:' + uid + ':session');`
logout functionality 12 years ago			`callback(true);`
			`} else callback(false);`
			`});`
			`}`
added login, fixed gitignore 12 years ago
added email to registration fields, email existence check 12 years ago			`User.create = function(username, password, email) {`
init, just some testing 12 years ago			`if (username == null \|\| password == null) {`
added login, fixed gitignore 12 years ago			`return; global.socket.emit('user.create', {'status': 0, 'message': 'Missing fields'});`
init, just some testing 12 years ago			`}`


			`User.exists(username, function(exists) {`
			`if (exists) {`
			`return;`
			`}`

			`RDB.incr('global:next_user_id', function(uid) {`
			`RDB.set('username:' + username + ':uid', uid);`
			`RDB.set('uid:' + uid + ':username', username);`
			`RDB.set('uid:' + uid + ':password', password);`
added email to registration fields, email existence check 12 years ago			`RDB.set('uid:' + uid + ':email', email);`
			`RDB.set('email:' + email, uid);`
init, just some testing 12 years ago
			`RDB.incr('user:count', function(count) {`
moved RedisDB.js to src/redis.js 12 years ago			`io.sockets.emit('user.count', {count: count});`
init, just some testing 12 years ago			`});`

			`RDB.lpush('user:users', username);`
moved RedisDB.js to src/redis.js 12 years ago			`io.sockets.emit('user.latest', {username: username});`
init, just some testing 12 years ago
			`global.socket.emit('user.create', {'status': 1});`
moved event alert to serverside, now node controls the registration alert. added some transition animation to page changes 12 years ago
			`global.socket.emit('event:alert', {`
			`title: 'Thank you for registering',`
			`message: 'You have successfully registered - welcome to nodebb!',`
			`type: 'notify',`
			`timeout: 2000`
			`});`
init, just some testing 12 years ago			`});`
			`});`
			`};`


			`User.exists = function(username, callback) {`
			`User.get_uid_by_username(username, function(exists) {`
			`exists = !!exists;`
			`global.socket.emit('user.exists', {exists: exists})`

			`if (callback) {`
			`callback(exists);`
			`}`
			`});`
			`};`
			`User.count = function() {`
			`RDB.get('user:count', function(count) {`
			`global.socket.emit('user.count', {count: (count === null) ? 0 : count});`
			`});`
			`};`
			`User.latest = function() {`
			`RDB.lrange('user:users', 0, 0, function(username) {`
			`global.socket.emit('user.latest', {username: username});`
			`});`
			`}`

			`User.get_uid_by_username = function(username, callback) {`
			`RDB.get('username:' + username + ':uid', callback);`
			`};`

more work with reset page 12 years ago			`User.get_uid_by_email = function(email, callback) {`
			`RDB.get('email:' + email, callback)`
			`};`

auth... 12 years ago			`User.get_uid_by_session = function(session, callback) {`
logout functionality 12 years ago			`RDB.get('sess:' + session + ':uid', callback);`
auth... 12 years ago			`};`

timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`User.reset = {`
finished pw reset page, finally 12 years ago			`validate: function(code, callback) {`
			`if (typeof callback !== 'function') callback = undefined;`

timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`RDB.get('reset:' + code + ':uid', function(uid) {`
			`if (uid !== null) {`
			`RDB.get('reset:' + code + ':expiry', function(expiry) {`
finished pw reset page, finally 12 years ago			`if (expiry >= +new Date()/1000\|0) {`
			`if (!callback) global.socket.emit('user:reset.valid', { valid: true });`
			`else callback(true);`
			`} else {`
added DEL support to redis wrapper lib 12 years ago			`// Expired, delete from db`
			`RDB.del('reset:' + code + ':uid');`
			`RDB.del('reset:' + code + ':expiry');`
finished pw reset page, finally 12 years ago			`if (!callback) global.socket.emit('user:reset.valid', { valid: false });`
			`else callback(false);`
added DEL support to redis wrapper lib 12 years ago			`}`
timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`});`
finished pw reset page, finally 12 years ago			`} else {`
			`if (!callback) global.socket.emit('user:reset.valid', { valid: false });`
			`else callback(false);`
			`}`
timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`});`
			`},`
			`send: function(email) {`
			`User.get_uid_by_email(email, function(uid) {`
			`if (uid !== null) {`
			`// Generate a new reset code`
			`var reset_code = utils.generateUUID();`
			`RDB.set('reset:' + reset_code + ':uid', uid);`
			`RDB.set('reset:' + reset_code + ':expiry', (60*60)+new Date()/1000\|0); // Active for one hour`

			`var reset_link = config.url + 'reset/' + reset_code,`
			`reset_email = global.templates['emails/reset'].parse({'RESET_LINK': reset_link}),`
			`reset_email_plaintext = global.templates['emails/reset_plaintext'].parse({ 'RESET_LINK': reset_link });`

			`var message = emailjs.message.create({`
			`text: reset_email_plaintext,`
			`from: config.mailer.from,`
			`to: email,`
			`subject: 'Password Reset Requested',`
			`attachment: [`
			`{`
			`data: reset_email,`
			`alternative: true`
			`}`
			`]`
			`});`

			`emailjsServer.send(message, function(err, success) {`
			`if (err === null) {`
			`global.socket.emit('user.send_reset', {`
			`status: "ok",`
			`message: "code-sent",`
			`email: email`
			`});`
			`} else {`
			`global.socket.emit('user.send_reset', {`
			`status: "error",`
			`message: "send-failed"`
			`});`
			`throw new Error(err);`
more work with reset page 12 years ago			`}`
timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`});`
			`} else {`
			`global.socket.emit('user.send_reset', {`
			`status: "error",`
			`message: "invalid-email",`
			`email: email`
			`});`
			`}`
			`});`
finished pw reset page, finally 12 years ago			`},`
			`commit: function(code, password) {`
			`this.validate(code, function(validated) {`
			`if (validated) {`
			`RDB.get('reset:' + code + ':uid', function(uid) {`
			`RDB.set('uid:' + uid + ':password', password);`
			`RDB.del('reset:' + code + ':uid');`
			`RDB.del('reset:' + code + ':expiry');`

			`global.socket.emit('user:reset.commit', { status: 'ok' });`
			`});`
			`}`
			`});`
timing out reset codes, enhancing template replace so that a single placeholder can be used multiple times 12 years ago			`}`
socketing for reset page - started on emailer 12 years ago			`}`

added email to registration fields, email existence check 12 years ago			`User.email = {`
socketing for reset page - started on emailer 12 years ago			`exists: function(email, callback) {`
more work with reset page 12 years ago			`User.get_uid_by_email(email, function(exists) {`
added email to registration fields, email existence check 12 years ago			`exists = !!exists;`
socketing for reset page - started on emailer 12 years ago			`if (typeof callback !== 'function') global.socket.emit('user.email.exists', { exists: exists });`
			`else callback(exists);`
added email to registration fields, email existence check 12 years ago			`});`
			`}`
			`}`
user activity counter (bug present where all users register as same session? this isn't good....) 12 years ago
			`User.active = {`
			`get: function(callback) {`
			`RDB.keys('active:*', function(active) {`
			`var returnObj = {`
			`users: 0,`
			`anon: 0,`
			`uids: []`
			`},`
			`keys = [];`

fixing login and logout sessions 12 years ago			`if (active.length > 0) {`
			`for(var a in active) {`
			`keys.push('sess:' + active[a].split(':')[1] + ':uid');`
			`}`
user activity counter (bug present where all users register as same session? this isn't good....) 12 years ago
fixing login and logout sessions 12 years ago			`RDB.mget(keys, function(uids) {`
			`for(var u in uids) {`
			`if (uids[u] !== null) {`
			`if (returnObj.uids.indexOf(uids[u]) === -1) {`
			`returnObj.users++;`
			`returnObj.uids.push(uids[u]);`
			`}`
			`} else {`
			`returnObj.anon++;`
user activity counter (bug present where all users register as same session? this isn't good....) 12 years ago			`}`
			`}`

fixing login and logout sessions 12 years ago			`if (callback === undefined) {`
properly broadcasting a user.active change 12 years ago			`io.sockets.emit('api:user.active.get', returnObj)`
fixing login and logout sessions 12 years ago			`} else {`
			`callback(returnObj);`
			`}`
			`});`
			`} else {`
properly broadcasting a user.active change 12 years ago			`io.sockets.emit('api:user.active.get', returnObj)`
fixing login and logout sessions 12 years ago			`}`
user activity counter (bug present where all users register as same session? this isn't good....) 12 years ago			`});`
			`},`
			`register: function(sessionID) {`
fixing login and logout sessions 12 years ago			`RDB.set('active:' + sessionID, '', 60*10); // Active state persists for 10 minutes`
tweaking active.register so that it emits an active user change 12 years ago			`this.get();`
user activity counter (bug present where all users register as same session? this isn't good....) 12 years ago			`}`
			`}`
init, just some testing 12 years ago			`}(exports));`