specter/CyTube
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactor password recover, email set, profile get/set

Browse source
This commit is contained in:
calzoneman 2013-08-11 18:55:53 -04:00
parent c4588fab49
commit 25a877dc3c
1 changed files with 139 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

265
api.js
View file

@ -171,7 +171,7 @@ module.exports = function (Server) {
}); });
/* password change */ /* password change */
app.get("/api/account/passwordchange", function (req, res) { app.post("/api/account/passwordchange", function (req, res) {
res.type("application/jsonp"); res.type("application/jsonp");
var name = req.body.name; var name = req.body.name;
@ -214,7 +214,7 @@ module.exports = function (Server) {
}); });
/* password reset */ /* password reset */
app.get("/api/account/passwordreset", function (req, res) { app.post("/api/account/passwordreset", function (req, res) {
res.type("application/jsonp"); res.type("application/jsonp");
var name = req.body.name; var name = req.body.name;
var email = req.body.email; var email = req.body.email;
@ -280,139 +280,152 @@ module.exports = function (Server) {
}); });
}); });
var x = { /* password recovery */
handlePasswordRecover: function (params, req, res) { app.get("/api/account/passwordrecover", function (req, res) {
var hash = params.hash || ""; res.type("application/jsonp");
var ip = getIP(req); var hash = req.query.hash;
var ip = getIP(req);
try { try {
var info = Server.db.recoverPassword(hash); var info = Server.db.recoverPassword(hash);
this.sendJSON(res, { res.jsonp({
success: true, success: true,
name: info[0], name: info[0],
pw: info[1] pw: info[1]
});
ActionLog.record(ip, info[0], "password-recover-success");
Logger.syslog.log(ip + " recovered password for " + info[0]);
return;
}
catch(e) {
ActionLog.record(ip, "", "password-recover-failure");
this.sendJSON(res, {
success: false,
error: e
});
}
},
handleProfileGet: function (params, req, res) {
var name = params.name || "";
try {
var prof = Server.db.getProfile(name);
this.sendJSON(res, {
success: true,
profile_image: prof.profile_image,
profile_text: prof.profile_text
});
}
catch(e) {
this.sendJSON(res, {
success: false,
error: e
});
}
},
handleProfileChange: function (params, req, res) {
var name = params.name || "";
var pw = params.pw || "";
var session = params.session || "";
var img = params.profile_image || "";
var text = params.profile_text || "";
var row = Auth.login(name, pw, session);
if(!row) {
this.sendJSON(res, {
success: false,
error: "Invalid login"
});
return;
}
var result = Server.db.setProfile(name, {
image: img,
text: text
}); });
ActionLog.record(ip, info[0], "password-recover-success");
this.sendJSON(res, { } catch(e) {
success: result, ActionLog.record(ip, "", "password-recover-failure", hash);
error: result ? "" : "Internal error. Contact an administrator" res.jsonp({
success: false,
error: e
}); });
}
});
var all = Server.channels; /* profile retrieval */
for(var n in all) { app.get("/api/users/:user/profile", function (req, res) {
var chan = all[n]; res.type("application/jsonp");
for(var i = 0; i < chan.users.length; i++) { var name = req.params.user;
if(chan.users[i].name.toLowerCase() == name) {
chan.users[i].profile = { try {
image: img, var prof = Server.db.getProfile(name);
text: text res.jsonp({
}; success: true,
chan.broadcastUserUpdate(chan.users[i]); profile_image: prof.profile_image,
break; profile_text: prof.profile_text
} });
} catch(e) {
res.jsonp({
success: false,
error: e
});
}
});
/* profile change */
app.post("/api/account/profile", function (req, res) {
res.type("application/jsonp");
var name = req.body.name;
var pw = req.body.pw;
var session = req.body.session;
var img = req.body.profile_image;
var text = req.body.profile_text;
var row = Auth.login(name, pw, session);
if(!row) {
res.jsonp({
success: false,
error: "Invalid login"
});
return;
}
var result = Server.db.setProfile(name, {
image: img,
text: text
});
if(!result) {
res.jsonp({
success: false,
error: "Server error. Contact an administrator for assistance"
});
return;
}
res.jsonp({
success: true
});
// Update profile on all channels the user is connected to
name = name.toLowerCase();
for(var i in Server.channels) {
var chan = Server.channels[i];
for(var j in chan.users) {
var user = chan.users[j];
if(user.name.toLowerCase() == name) {
user.profile = {
image: img,
text: text
};
chan.broadcastUserUpdate(user);
} }
} }
}, }
handleEmailChange: function (params, req, res) { });
var name = params.name || "";
var pw = params.pw || "";
var email = params.email || "";
// perhaps my email regex isn't perfect, but there's no freaking way
// I'm implementing this monstrosity:
// <http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html>
if(!email.match(/^[a-z0-9_\.]+@[a-z0-9_\.]+[a-z]+$/)) {
this.sendJSON(res, {
success: false,
error: "Invalid email"
});
return;
}
if(email.match(/.*@(localhost|127\.0\.0\.1)/i)) { /* set email */
this.sendJSON(res, { app.post("/api/account/email", function (req, res) {
success: false, res.type("application/jsonp");
error: "Nice try, but no." var name = req.body.name;
}); var pw = req.body.pw;
return; var email = req.body.email;
}
if(pw == "") { if(!email.match(/^[\w_\.]+@[\w_\.]+[a-z]+$/i)) {
this.sendJSON(res, { res.jsonp({
success: false, success: false,
error: "Password cannot be empty" error: "Invalid email address"
}); });
return; return;
} }
var row = Auth.login(name, pw);
if(row) { if(email.match(/.*@(localhost|127\.0\.0\.1)/i)) {
var success = Server.db.setUserEmail(name, email); res.jsonp({
ActionLog.record(getIP(req), name, "email-update", email); success: false,
this.sendJSON(res, { error: "Nice try, but no"
success: success, });
error: success ? "" : "Email update failed", return;
session: row.session_hash }
});
} var row = Auth.login(name, pw);
else { if(!row) {
this.sendJSON(res, { res.jsonp({
success: false, success: false,
error: "Invalid username/password" error: "Invalid login credentials"
}); });
} return;
}, }
var success = Server.db.setUserEmail(name, email);
if(!success) {
res.jsonp({
success: false,
error: "Email update failed. Contact an administrator "+
"for assistance."
});
return false;
}
ActionLog.record(getIP(req), name, "email-update", email);
res.jsonp({
success: true,
session: row.session_hash
});
});
var x = {
handleRegister: function (params, req, res) { handleRegister: function (params, req, res) {
var name = params.name || ""; var name = params.name || "";