2017-04-11 19:38:07 -06:00
'use strict' ;
const slug = require ( 'slug' ) ,
xss = require ( 'xss' ) ,
2017-04-15 08:22:13 -06:00
mellt = require ( 'mellt' ) ,
2017-04-11 19:38:07 -06:00
mw = require ( '../middleware.js' ) ,
User = require ( '../models.js' ) . user ,
mail = require ( '../mail.js' ) ,
env = require ( '../env.js' ) ,
router = require ( 'express' ) . Router ( ) ;
// Settings form
router . route ( '/' )
2017-04-13 16:53:18 -06:00
. all ( mw . ensureAuth , ( req , res , next ) => {
2017-04-11 19:38:07 -06:00
next ( ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-11 19:38:07 -06:00
// Get settings form
2017-04-14 20:10:52 -06:00
. get ( ( req , res ) => {
res . render ( 'settings' ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-11 19:38:07 -06:00
// Set new settings
2017-04-13 16:53:18 -06:00
. post ( ( req , res , next ) => {
2017-04-14 20:10:52 -06:00
//TODO: Validate everything!
User . findByIdAndUpdate ( req . user . id , { $set : {
2017-04-16 15:23:15 -06:00
name : xss ( req . body . name ) ,
slug : slug ( xss ( req . body . slug ) ) ,
email : req . body . email ,
settings : {
units : req . body . units ,
defaultMap : req . body . map ,
defaultZoom : req . body . zoom ,
showSpeed : ( req . body . showSpeed ) ? true : false ,
showAlt : ( req . body . showAlt ) ? true : false ,
showStreetview : ( req . body . showStreet ) ? true : false
}
} } )
. then ( ( user ) => {
req . flash ( 'success' , 'Settings updated. ' ) ;
res . redirect ( '/settings' ) ;
} )
. catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/settings' ) ;
} ) ;
2017-04-14 20:10:52 -06:00
2017-04-13 16:53:18 -06:00
} )
2017-04-11 19:38:07 -06:00
// Delete user account
2017-04-13 16:53:18 -06:00
. delete ( ( req , res , next ) => {
2017-04-14 20:10:52 -06:00
//TODO: Reenter password?
User . findByIdAndRemove ( req . user )
. then ( ( ) => {
2017-04-13 16:53:18 -06:00
req . flash ( 'success' , 'Your account has been deleted. ' ) ;
2017-04-12 11:41:27 -06:00
res . redirect ( '/' ) ;
2017-04-14 20:10:52 -06:00
} )
. catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/settings' ) ;
} ) ;
2017-04-13 16:53:18 -06:00
} ) ;
2017-04-11 19:38:07 -06:00
// Set password
2017-04-14 20:10:52 -06:00
router . route ( '/password' )
2017-04-13 16:53:18 -06:00
. all ( mw . ensureAuth , ( req , res , next ) => {
2017-04-11 19:38:07 -06:00
next ( ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-12 11:41:27 -06:00
// Email user a token, proceed at /password/:token
2017-04-13 16:53:18 -06:00
. get ( ( req , res , next ) => {
2017-04-12 11:41:27 -06:00
// Create token for password change
2017-04-14 20:10:52 -06:00
req . user . createToken ( )
. then ( ( token ) => {
// Confirm password change request by email.
mail . send ( {
to : mail . to ( req . user ) ,
from : mail . from ,
subject : 'Request to change your Tracman password' ,
text : mail . text ( ` A request has been made to change your tracman password. If you did not initiate this request, please contact support at keith@tracman.org. \n \n To change your password, follow this link: \n ${ env . url } /settings/password/ ${ token } . \n \n This request will expire in 1 hour. ` ) ,
html : mail . html ( ` <p>A request has been made to change your tracman password. If you did not initiate this request, please contact support at <a href="mailto:keith@tracman.org">keith@tracman.org</a>. </p><p>To change your password, follow this link:<br><a href=" ${ env . url } /settings/password/ ${ token } "> ${ env . url } /settings/password/ ${ token } </a>. </p><p>This request will expire in 1 hour. </p> ` )
} ) . then ( ( ) => {
// Alert user to check email.
req . flash ( 'success' , ` An email has been sent to <u> ${ req . user . email } </u>. Check your inbox to complete your password change. ` ) ;
res . redirect ( '/login#login' ) ;
} ) . catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/login#login' ) ;
} ) ;
} )
. catch ( ( err ) => {
2017-04-12 11:41:27 -06:00
mw . throwErr ( err , req ) ;
2017-04-14 20:10:52 -06:00
res . redirect ( '/password' ) ;
2017-04-12 11:41:27 -06:00
} ) ;
2017-04-13 16:53:18 -06:00
} ) ;
2017-04-12 11:41:27 -06:00
router . route ( '/password/:token' )
2017-04-13 16:53:18 -06:00
2017-04-12 11:41:27 -06:00
// Check token
2017-04-13 16:53:18 -06:00
. all ( ( req , res , next ) => {
2017-04-12 11:41:27 -06:00
User
. findOne ( { 'auth.passToken' : req . params . token } )
. where ( 'auth.tokenExpires' ) . gt ( Date . now ( ) )
2017-04-13 16:59:46 -06:00
. then ( ( user ) => {
2017-04-12 11:41:27 -06:00
if ( ! user ) {
req . flash ( 'danger' , 'Password reset token is invalid or has expired. ' ) ;
res . redirect ( ( req . isAuthenticated ) ? '/settings' : '/login' ) ;
} else {
res . locals . passwordUser = user ;
next ( ) ;
}
2017-04-14 20:10:52 -06:00
} )
. catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/password' ) ;
2017-04-12 11:41:27 -06:00
} ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-12 11:41:27 -06:00
// Show password change form
2017-04-13 16:53:18 -06:00
. get ( ( req , res ) => {
2017-04-12 11:41:27 -06:00
res . render ( 'password' ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-15 08:22:13 -06:00
// Set new password
2017-04-13 16:53:18 -06:00
. post ( ( req , res , next ) => {
2017-04-14 20:10:52 -06:00
2017-04-15 08:22:13 -06:00
// Validate password
let daysToCrack = mellt . CheckPassword ( req . body . password ) ;
if ( daysToCrack < 10 ) {
mw . throwErr ( new Error ( ` That password could be cracked in ${ daysToCrack } days! Come up with a more complex password that would take at least 10 days to crack. ` ) ) ;
res . redirect ( ` /settings/password/ ${ req . params . token } ` ) ;
2017-04-16 15:23:15 -06:00
}
else {
2017-04-15 08:22:13 -06:00
// Delete token
res . locals . passwordUser . auth . passToken = undefined ;
res . locals . passwordUser . auth . tokenExpires = undefined ;
// Create hash
res . locals . passwordUser . generateHash ( req . body . password , ( err , hash ) => {
if ( err ) {
mw . throwErr ( err , req ) ;
res . redirect ( ` /password/ ${ req . params . token } ` ) ;
}
else {
// Save new password to db
res . locals . passwordUser . auth . password = hash ;
res . locals . passwordUser . save ( )
. then ( ( ) => {
req . flash ( 'success' , 'Password set. You can use it to log in now. ' ) ;
res . redirect ( '/login#login' ) ;
} )
. catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/login#signup' ) ;
} ) ;
}
} ) ;
}
2017-04-14 20:10:52 -06:00
2017-04-13 16:53:18 -06:00
} ) ;
2017-04-11 19:38:07 -06:00
// Tracman pro
2017-04-12 11:41:27 -06:00
router . route ( '/pro' )
2017-04-13 16:53:18 -06:00
. all ( mw . ensureAuth , ( req , res , next ) => {
2017-04-11 19:38:07 -06:00
next ( ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-11 19:38:07 -06:00
// Get info about pro
2017-04-13 16:53:18 -06:00
. get ( ( req , res , next ) => {
2017-04-12 11:41:27 -06:00
res . render ( 'pro' ) ;
2017-04-13 16:53:18 -06:00
} )
2017-04-11 19:38:07 -06:00
// Join Tracman pro
2017-04-13 16:53:18 -06:00
. post ( ( req , res ) => {
2017-04-12 11:41:27 -06:00
User . findByIdAndUpdate ( req . user . id ,
2017-04-14 20:10:52 -06:00
{ $set : { isPro : true } } )
. then ( ( user ) => {
req . flash ( 'success' , 'You have been signed up for pro. ' ) ;
2017-04-11 19:38:07 -06:00
res . redirect ( '/map' ) ;
2017-04-14 20:10:52 -06:00
} )
. catch ( ( err ) => {
mw . throwErr ( err , req ) ;
res . redirect ( '/pro' ) ;
} ) ;
2017-04-13 16:53:18 -06:00
} ) ;
2017-04-11 19:38:07 -06:00
module . exports = router ;