var bcrypt = require('bcrypt'), async = require('async'), emailjs = require('emailjs'), nconf = require('nconf'), winston = require('winston'), gravatar = require('gravatar'), userSearch = require('reds').createSearch('nodebbusersearch'), check = require('validator').check, sanitize = require('validator').sanitize, utils = require('./../public/src/utils'), RDB = require('./redis'), meta = require('./meta'), emailjsServer = emailjs.server.connect(meta.config['email:smtp:host'] || '127.0.0.1'), Groups = require('./groups'), notifications = require('./notifications'), topics = require('./topics'); (function(User) { 'use strict'; User.create = function(username, password, email, callback) { var userslug = utils.slugify(username); username = username.trim(); if (email !== undefined) { email = email.trim(); } async.parallel([ function(next) { if (email !== undefined) { next(!utils.isEmailValid(email) ? new Error('Invalid Email!') : null); } else { next(); } }, function(next) { next((!utils.isUserNameValid(username) || !userslug) ? new Error('Invalid Username!') : null); }, function(next) { if (password !== undefined) { next(!utils.isPasswordValid(password) ? new Error('Invalid Password!') : null); } else { next(); } }, function(next) { User.exists(userslug, function(exists) { next(exists ? new Error('Username taken!') : null); }); }, function(next) { if (email !== undefined) { User.isEmailAvailable(email, function(err, available) { if (err) { return next(err); } next(!available ? new Error('Email taken!') : null); }); } else { next(); } } ], function(err, results) { if (err) { return callback(err, null); } RDB.incr('global:next_user_id', function(err, uid) { RDB.handle(err); var gravatar = User.createGravatarURLFromEmail(email); var timestamp = Date.now(); RDB.hmset('user:' + uid, { 'uid': uid, 'username': username, 'userslug': userslug, 'fullname': '', 'location': '', 'birthday': '', 'website': '', 'email': email || '', 'signature': '', 'joindate': timestamp, 'picture': gravatar, 'gravatarpicture': gravatar, 'uploadedpicture': '', 'profileviews': 0, 'reputation': 0, 'postcount': 0, 'lastposttime': 0, 'banned': 0, 'showemail': 0 }); RDB.hset('username:uid', username, uid); RDB.hset('userslug:uid', userslug, uid); if (email !== undefined) { RDB.hset('email:uid', email, uid); User.sendConfirmationEmail(email); } RDB.incr('usercount'); RDB.zadd('users:joindate', timestamp, uid); RDB.zadd('users:postcount', 0, uid); RDB.zadd('users:reputation', 0, uid); userSearch.index(username, uid); if (password !== undefined) { User.hashPassword(password, function(err, hash) { User.setUserField(uid, 'password', hash); callback(null, uid); }); } else { callback(null, uid); } }); }); }; User.ban = function(uid, callback) { User.setUserField(uid, 'banned', 1, callback); }; User.unban = function(uid, callback) { User.setUserField(uid, 'banned', 0, callback); }; User.getUserField = function(uid, field, callback) { RDB.hget('user:' + uid, field, callback); }; User.getUserFields = function(uid, fields, callback) { RDB.hmgetObject('user:' + uid, fields, callback); }; User.getMultipleUserFields = function(uids, fields, callback) { if (uids.length === 0) { return callback(null, []); } var returnData = []; var uuids = uids.filter(function(value, index, self) { return self.indexOf(value) === index; }); function iterator(uid, next) { User.getUserFields(uid, fields, function(err, userData) { if (err) { return next(err); } returnData.push(userData); next(null); }); } async.eachSeries(uuids, iterator, function(err) { callback(err, returnData); }); }; User.getUserData = function(uid, callback) { RDB.hgetall('user:' + uid, function(err, data) { if (data && data.password) { delete data.password; } callback(err, data); }); }; User.filterBannedUsers = function(users) { return users.filter(function(user) { return (!user.banned || user.banned === '0'); }); }; User.updateProfile = function(uid, data, callback) { var fields = ['email', 'fullname', 'website', 'location', 'birthday', 'signature']; var returnData = { success: false }; function isSignatureValid(next) { if (data.signature !== undefined && data.signature.length > 150) { next({ error: 'Signature can\'t be longer than 150 characters!' }, false); } else { next(null, true); } } function isEmailAvailable(next) { if (!data.email) { return next(null, true); } User.getUserField(uid, 'email', function(err, email) { if (email !== data.email) { User.isEmailAvailable(data.email, function(err, available) { if (err) { return next(err, null); } if (!available) { next({ error: 'Email not available!' }, false); } else { next(null, true); } }); } else { next(null, true); } }); } async.series([isSignatureValid, isEmailAvailable], function(err, results) { if (err) { callback(err, returnData); } else { async.each(fields, updateField, function(err) { if (err) { callback(err, returnData); } else { returnData.success = true; callback(null, returnData); } }); } }); function updateField(field, next) { if (data[field] !== undefined && typeof data[field] === 'string') { data[field] = data[field].trim(); data[field] = sanitize(data[field]).escape(); if (field === 'email') { var gravatarpicture = User.createGravatarURLFromEmail(data[field]); User.setUserField(uid, 'gravatarpicture', gravatarpicture); User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) { if (err) { return next(err); } RDB.hdel('email:uid', userData.email); RDB.hset('email:uid', data.email, uid); User.setUserField(uid, field, data[field]); if (userData.picture !== userData.uploadedpicture) { returnData.picture = gravatarpicture; User.setUserField(uid, 'picture', gravatarpicture); } returnData.gravatarpicture = gravatarpicture; next(null); }); return; } else if (field === 'signature') { data[field] = utils.strip_tags(data[field]); } else if (field === 'website') { if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') { data[field] = 'http://' + data[field]; } } User.setUserField(uid, field, data[field]); next(null); } else { next(null); } } }; User.isEmailAvailable = function(email, callback) { RDB.hexists('email:uid', email, function(err, exists) { callback(err, !exists); }); }; User.changePassword = function(uid, data, callback) { if (!utils.isPasswordValid(data.newPassword)) { return callback({ error: 'Invalid password!' }); } User.getUserField(uid, 'password', function(err, user_password) { bcrypt.compare(data.currentPassword, user_password, function(err, res) { if (err) { return callback(err); } if (res) { User.hashPassword(data.newPassword, function(err, hash) { User.setUserField(uid, 'password', hash); callback(null); }); } else { callback({ error: 'Your current password is not correct!' }); } }); }); }; User.setUserField = function(uid, field, value, callback) { RDB.hset('user:' + uid, field, value, callback); }; User.setUserFields = function(uid, data, callback) { RDB.hmset('user:' + uid, data, callback); }; User.incrementUserFieldBy = function(uid, field, value, callback) { RDB.hincrby('user:' + uid, field, value, callback); }; User.decrementUserFieldBy = function(uid, field, value, callback) { RDB.hincrby('user:' + uid, field, -value, callback); }; User.getUsers = function(set, start, stop, callback) { var data = []; RDB.zrevrange(set, start, stop, function(err, uids) { if (err) { return callback(err, null); } function iterator(uid, callback) { User.getUserData(uid, function(err, userData) { User.isAdministrator(uid, function(err, isAdmin) { if (userData) { userData.administrator = isAdmin?"1":"0"; data.push(userData); } callback(null); }); }); } async.eachSeries(uids, iterator, function(err) { callback(err, data); }); }); }; User.createGravatarURLFromEmail = function(email) { var options = { size: '128', default: 'identicon', rating: 'pg' }, https = nconf.get('https'); if (!email) { email = ''; options.forcedefault = 'y'; } return gravatar.url(email, options, https); }; User.hashPassword = function(password, callback) { if (!password) { callback(password); return; } bcrypt.genSalt(nconf.get('bcrypt_rounds'), function(err, salt) { bcrypt.hash(password, salt, callback); }); }; User.reIndexAll = function(callback) { User.getUsers('users:joindate', 0, -1, function(err, usersData) { if (err) { return callback(err, null); } function reIndexUser(uid, username) { userSearch.remove(uid, function() { userSearch.index(username, uid); }); } for (var i = 0; i < usersData.length; ++i) { reIndexUser(usersData[i].uid, usersData[i].username); } callback(null, 1); }); }; User.search = function(username, callback) { if (!username) { callback([]); return; } userSearch.query(username).type('or').end(function(err, uids) { if (err) { console.log(err); return; } if (uids && uids.length) { User.getDataForUsers(uids, function(userdata) { callback(userdata); }); } else { callback([]); } }); }; User.onNewPostMade = function(uid, tid, pid, timestamp) { User.addPostIdToUser(uid, pid); User.incrementUserFieldBy(uid, 'postcount', 1, function(err, newpostcount) { RDB.zadd('users:postcount', newpostcount, uid); }); User.setUserField(uid, 'lastposttime', timestamp); User.sendPostNotificationToFollowers(uid, tid, pid); }; User.addPostIdToUser = function(uid, pid) { RDB.lpush('uid:' + uid + ':posts', pid); }; User.addTopicIdToUser = function(uid, tid) { RDB.lpush('uid:' + uid + ':topics', tid); }; User.getPostIds = function(uid, start, end, callback) { RDB.lrange('uid:' + uid + ':posts', start, end, function(err, pids) { if (!err) { if (pids && pids.length) { callback(pids); } else { callback([]); } } else { console.log(err); callback([]); } }); }; User.sendConfirmationEmail = function(email) { if (meta.config['email:smtp:host'] && meta.config['email:smtp:port'] && meta.config['email:from']) { var confirm_code = utils.generateUUID(), confirm_link = nconf.get('url') + 'confirm/' + confirm_code, confirm_email = global.templates['emails/header'] + global.templates['emails/email_confirm'].parse({ 'CONFIRM_LINK': confirm_link }) + global.templates['emails/footer'], confirm_email_plaintext = global.templates['emails/email_confirm_plaintext'].parse({ 'CONFIRM_LINK': confirm_link }); // Email confirmation code var expiry_time = 60 * 60 * 2, // Expire after 2 hours email_key = 'email:' + email + ':confirm', confirm_key = 'confirm:' + confirm_code + ':email'; RDB.set(email_key, confirm_code); RDB.expire(email_key, expiry_time); RDB.set(confirm_key, email); RDB.expire(confirm_key, expiry_time); // Send intro email w/ confirm code var message = emailjs.message.create({ text: confirm_email_plaintext, from: meta.config['email:from'] || 'localhost@example.org', to: email, subject: '[NodeBB] Registration Email Verification', attachment: [{ data: confirm_email, alternative: true }] }); emailjsServer.send(message, function(err, success) { if (err) { console.log(err); } }); } }; User.follow = function(uid, followid, callback) { RDB.sadd('following:' + uid, followid, function(err, data) { if (!err) { RDB.sadd('followers:' + followid, uid, function(err, data) { if (!err) { callback(true); } else { console.log(err); callback(false); } }); } else { console.log(err); callback(false); } }); }; User.unfollow = function(uid, unfollowid, callback) { RDB.srem('following:' + uid, unfollowid, function(err, data) { if (!err) { RDB.srem('followers:' + unfollowid, uid, function(err, data) { callback(data); }); } else { console.log(err); } }); }; User.getFollowing = function(uid, callback) { RDB.smembers('following:' + uid, function(err, userIds) { if (!err) { User.getDataForUsers(userIds, callback); } else { console.log(err); } }); }; User.getFollowers = function(uid, callback) { RDB.smembers('followers:' + uid, function(err, userIds) { if (!err) { User.getDataForUsers(userIds, callback); } else { console.log(err); } }); }; User.getFollowingCount = function(uid, callback) { RDB.smembers('following:' + uid, function(err, userIds) { if (err) { console.log(err); } else { userIds = userIds.filter(function(value) { return value !== '0'; }); callback(userIds.length); } }); }; User.getFollowerCount = function(uid, callback) { RDB.smembers('followers:' + uid, function(err, userIds) { if(err) { console.log(err); } else { userIds = userIds.filter(function(value) { return value !== '0'; }); callback(userIds.length); } }); }; User.getDataForUsers = function(uids, callback) { var returnData = []; if (!uids || !Array.isArray(uids) || uids.length === 0) { callback(returnData); return; } function iterator(uid, callback) { if(uid === "0") { return callback(null); } User.getUserData(uid, function(err, userData) { returnData.push(userData); callback(null); }); } async.eachSeries(uids, iterator, function(err) { callback(returnData); }); }; User.sendPostNotificationToFollowers = function(uid, tid, pid) { User.getUserField(uid, 'username', function(err, username) { RDB.smembers('followers:' + uid, function(err, followers) { topics.getTopicField(tid, 'slug', function(err, slug) { var message = '' + username + ' made a new post'; notifications.create(message, nconf.get('relative_path') + '/topic/' + slug + '#' + pid, 'topic:' + tid, function(nid) { notifications.push(nid, followers); }); }); }); }); }; User.isFollowing = function(uid, theirid, callback) { RDB.sismember('following:' + uid, theirid, function(err, data) { if (!err) { callback(data === 1); } else { console.log(err); } }); }; User.exists = function(userslug, callback) { User.getUidByUserslug(userslug, function(err, exists) { callback( !! exists); }); }; User.count = function(socket) { RDB.get('usercount', function(err, count) { RDB.handle(err); socket.emit('user.count', { count: count ? count : 0 }); }); }; User.getUidByUsername = function(username, callback) { RDB.hget('username:uid', username, callback); }; User.getUidByUserslug = function(userslug, callback) { RDB.hget('userslug:uid', userslug, callback); }; User.getUsernamesByUids = function(uids, callback) { var usernames = []; if (!Array.isArray(uids)) { return callback([]); } function iterator(uid, callback) { User.getUserField(uid, 'username', function(err, username) { usernames.push(username); callback(null); }); } async.eachSeries(uids, iterator, function(err) { callback(usernames); }); }; User.getUserSlugsByUids = function(uids, callback) { var userslugs = []; if (!Array.isArray(uids)) { return callback([]); } function iterator(uid, callback) { User.getUserField(uid, 'userslug', function(err, userslug) { userslugs.push(userslug); callback(null); }); } async.eachSeries(uids, iterator, function(err) { callback(userslugs); }); }; User.getUidByEmail = function(email, callback) { RDB.hget('email:uid', email, function(err, data) { if (err) { RDB.handle(err); } callback(data); }); }; User.getUidByTwitterId = function(twid, callback) { RDB.hget('twid:uid', twid, function(err, uid) { if (err) { RDB.handle(err); } callback(uid); }); }; User.getUidByGoogleId = function(gplusid, callback) { RDB.hget('gplusid:uid', gplusid, function(err, uid) { if (err) { RDB.handle(err); } callback(uid); }); }; User.getUidByFbid = function(fbid, callback) { RDB.hget('fbid:uid', fbid, function(err, uid) { if (err) { RDB.handle(err); } callback(uid); }); }; User.isModerator = function(uid, cid, callback) { RDB.sismember('cid:' + cid + ':moderators', uid, function(err, exists) { RDB.handle(err); callback(err, !! exists); }); }; User.isAdministrator = function(uid, callback) { Groups.getGidFromName('Administrators', function(err, gid) { Groups.isMember(uid, gid, function(err, isAdmin) { callback(err, !! isAdmin); }); }); }; User.reset = { validate: function(socket, code, callback) { if (typeof callback !== 'function') { callback = null; } RDB.hget('reset:uid', code, function(err, uid) { if (err) { RDB.handle(err); } if (uid !== null) { RDB.hget('reset:expiry', code, function(err, expiry) { if (err) { RDB.handle(err); } if (expiry >= +Date.now() / 1000 | 0) { if (!callback) { socket.emit('user:reset.valid', { valid: true }); } else { callback(true); } } else { // Expired, delete from db RDB.hdel('reset:uid', code); RDB.hdel('reset:expiry', code); if (!callback) { socket.emit('user:reset.valid', { valid: false }); } else { callback(false); } } }); } else { if (!callback) { socket.emit('user:reset.valid', { valid: false }); } else { callback(false); } } }); }, send: function(socket, email) { User.getUidByEmail(email, function(uid) { if (uid !== null) { // Generate a new reset code var reset_code = utils.generateUUID(); RDB.hset('reset:uid', reset_code, uid); RDB.hset('reset:expiry', reset_code, (60 * 60) + new Date() / 1000 | 0); // Active for one hour var reset_link = nconf.get('url') + 'reset/' + reset_code, reset_email = global.templates['emails/reset'].parse({ 'RESET_LINK': reset_link }), reset_email_plaintext = global.templates['emails/reset_plaintext'].parse({ 'RESET_LINK': reset_link }); var message = emailjs.message.create({ text: reset_email_plaintext, from: meta.config['email:from'] ? meta.config['email:from'] : 'localhost@example.org', to: email, subject: 'Password Reset Requested', attachment: [{ data: reset_email, alternative: true }] }); emailjsServer.send(message, function(err, success) { if (err === null) { socket.emit('user.send_reset', { status: "ok", message: "code-sent", email: email }); } else { socket.emit('user.send_reset', { status: "error", message: "send-failed" }); winston.err(err); } }); } else { socket.emit('user.send_reset', { status: "error", message: "invalid-email", email: email }); } }); }, commit: function(socket, code, password) { this.validate(socket, code, function(validated) { if (validated) { RDB.hget('reset:uid', code, function(err, uid) { if (err) { RDB.handle(err); } User.hashPassword(password, function(err, hash) { User.setUserField(uid, 'password', hash); }); RDB.hdel('reset:uid', code); RDB.hdel('reset:expiry', code); socket.emit('user:reset.commit', { status: 'ok' }); }); } }); } }; User.email = { exists: function(socket, email, callback) { User.getUidByEmail(email, function(exists) { exists = !! exists; if (typeof callback !== 'function') { socket.emit('user.email.exists', { exists: exists }); } else { callback(exists); } }); }, confirm: function(code, callback) { RDB.get('confirm:' + code + ':email', function(err, email) { if (err) { RDB.handle(err); } if (email !== null) { RDB.set('email:' + email + ':confirm', true); RDB.del('confirm:' + code + ':email'); callback({ status: 'ok' }); } else { callback({ status: 'not_ok' }); } }); } }; User.notifications = { get: function(uid, callback) { var maxNotifs = 15; async.parallel({ unread: function(next) { RDB.zrevrange('uid:' + uid + ':notifications:unread', 0, 10, function(err, nids) { // @todo handle err var unread = []; // Cap the number of notifications returned if (nids.length > maxNotifs) { nids.length = maxNotifs; } if (nids && nids.length > 0) { async.eachSeries(nids, function(nid, next) { notifications.get(nid, uid, function(notif_data) { // If the notification could not be found, silently drop it if (notif_data) { unread.push(notif_data); } else { RDB.zrem('uid:' + uid + ':notifications:unread', nid); } next(); }); }, function(err) { next(null, unread); }); } else { next(null, unread); } }); }, read: function(next) { RDB.zrevrange('uid:' + uid + ':notifications:read', 0, 10, function(err, nids) { // @todo handle err var read = []; // Cap the number of notifications returned if (nids.length > maxNotifs) { nids.length = maxNotifs; } if (nids && nids.length > 0) { async.eachSeries(nids, function(nid, next) { notifications.get(nid, uid, function(notif_data) { // If the notification could not be found, silently drop it if (notif_data) { read.push(notif_data); } else { RDB.zrem('uid:' + uid + ':notifications:read', nid); } next(); }); }, function(err) { next(null, read); }); } else { next(null, read); } }); } }, function(err, notifications) { // Limit the number of notifications to `maxNotifs`, prioritising unread notifications if (notifications.read.length + notifications.unread.length > maxNotifs) { notifications.read.length = maxNotifs - notifications.unread.length; } callback(notifications); }); }, getAll: function(uid, limit, before, callback) { var now = new Date(); if (!limit || parseInt(limit,10) <= 0) { limit = 25; } if (before) { before = new Date(parseInt(before, 10)); } RDB.multi() .zrevrangebyscore('uid:' + uid + ':notifications:read', before ? before.getTime(): now.getTime(), -Infinity, 'LIMIT', 0, limit) .zrevrangebyscore('uid:' + uid + ':notifications:unread', before ? before.getTime(): now.getTime(), -Infinity, 'LIMIT', 0, limit) .exec(function(err, results) { // Merge the read and unread notifications var nids = results[0].concat(results[1]); async.map(nids, function(nid, next) { notifications.get(nid, uid, function(notif_data) { next(null, notif_data); }); }, function(err, notifs) { notifs = notifs.filter(function(notif) { return notif !== null; }).sort(function(a, b) { return parseInt(b.datetime, 10) - parseInt(a.datetime, 10); }).map(function(notif) { notif.datetimeISO = new Date(parseInt(notif.datetime, 10)).toISOString(); notif.readClass = !notif.read ? 'unread' : ''; return notif; }); callback(err, notifs); }); }); }, getUnreadCount: function(uid, callback) { RDB.zcount('uid:' + uid + ':notifications:unread', 0, 10, callback); }, getUnreadByUniqueId: function(uid, uniqueId, callback) { RDB.zrange('uid:' + uid + ':notifications:unread', 0, -1, function(err, nids) { async.filter(nids, function(nid, next) { notifications.get(nid, uid, function(notifObj) { if (notifObj.uniqueId === uniqueId) { next(true); } else { next(false); } }); }, function(nids) { callback(null, nids); }); }); } }; }(exports));