Refactor password recover, email set, profile get/set

2013-08-11 18:55:53 -04:00 · 2013-08-11 18:55:53 -04:00 · 25a877dc3c
parent c4588fab49
commit 25a877dc3c
1 changed files with 139 additions and 126 deletions
--- a/api.js
+++ b/api.js
@ -171,7 +171,7 @@ module.exports = function (Server) {
    });
    /* password change */
-    app.get("/api/account/passwordchange", function (req, res) {
+    app.post("/api/account/passwordchange", function (req, res) {
        res.type("application/jsonp");
        var name = req.body.name;
@ -214,7 +214,7 @@ module.exports = function (Server) {
    });
    /* password reset */
-    app.get("/api/account/passwordreset", function (req, res) {
+    app.post("/api/account/passwordreset", function (req, res) {
        res.type("application/jsonp");
        var name = req.body.name;
        var email = req.body.email;
@ -280,60 +280,61 @@ module.exports = function (Server) {
        });
    });
-    var x = {
+    /* password recovery */
-        handlePasswordRecover: function (params, req, res) {
+    app.get("/api/account/passwordrecover", function (req, res) {
-            var hash = params.hash || "";
+        res.type("application/jsonp");
        var hash = req.query.hash;
        var ip = getIP(req);
        try {
            var info = Server.db.recoverPassword(hash);
-                this.sendJSON(res, {
+            res.jsonp({
                success: true,
                name: info[0],
                pw: info[1]
            });
            ActionLog.record(ip, info[0], "password-recover-success");
-                Logger.syslog.log(ip + " recovered password for " + info[0]);
+        } catch(e) {
-                return;
+            ActionLog.record(ip, "", "password-recover-failure", hash);
-            }
+            res.jsonp({
            catch(e) {
                ActionLog.record(ip, "", "password-recover-failure");
                this.sendJSON(res, {
                success: false,
                error: e
            });
        }
-        },
+    });
-        handleProfileGet: function (params, req, res) {
+    /* profile retrieval */
-            var name = params.name || "";
+    app.get("/api/users/:user/profile", function (req, res) {
        res.type("application/jsonp");
        var name = req.params.user;
        try {
            var prof = Server.db.getProfile(name);
-                this.sendJSON(res, {
+            res.jsonp({
                success: true,
                profile_image: prof.profile_image,
                profile_text: prof.profile_text
            });
-            }
+        } catch(e) {
-            catch(e) {
+            res.jsonp({
                this.sendJSON(res, {
                success: false,
                error: e
            });
        }
-        },
+    });
-        handleProfileChange: function (params, req, res) {
+    /* profile change */
-            var name = params.name || "";
+    app.post("/api/account/profile", function (req, res) {
-            var pw = params.pw || "";
+        res.type("application/jsonp");
-            var session = params.session || "";
+        var name = req.body.name;
-            var img = params.profile_image || "";
+        var pw = req.body.pw;
-            var text = params.profile_text || "";
+        var session = req.body.session;
        var img = req.body.profile_image;
        var text = req.body.profile_text;
        var row = Auth.login(name, pw, session);
        if(!row) {
-                this.sendJSON(res, {
+            res.jsonp({
                success: false,
                error: "Invalid login"
            });
@ -345,74 +346,86 @@ module.exports = function (Server) {
            text: text
        });
-            this.sendJSON(res, {
+        if(!result) {
-                success: result,
+            res.jsonp({
-                error: result ? "" : "Internal error.  Contact an administrator"
+                success: false,
                error: "Server error.  Contact an administrator for assistance"
            });
            return;
        }
        res.jsonp({
            success: true
        });
-            var all = Server.channels;
+        // Update profile on all channels the user is connected to
-            for(var n in all) {
+        name = name.toLowerCase();
-                var chan = all[n];
+        for(var i in Server.channels) {
-                for(var i = 0; i < chan.users.length; i++) {
+            var chan = Server.channels[i];
-                    if(chan.users[i].name.toLowerCase() == name) {
+            for(var j in chan.users) {
-                        chan.users[i].profile = {
+                var user = chan.users[j];
                if(user.name.toLowerCase() == name) {
                    user.profile = {
                        image: img,
                        text: text
                    };
-                        chan.broadcastUserUpdate(chan.users[i]);
+                    chan.broadcastUserUpdate(user);
                        break;
                }
            }
        }
        },
-        handleEmailChange: function (params, req, res) {
+    });
-            var name = params.name || "";
+
-            var pw = params.pw || "";
+    /* set email */
-            var email = params.email || "";
+    app.post("/api/account/email", function (req, res) {
-            // perhaps my email regex isn't perfect, but there's no freaking way
+        res.type("application/jsonp");
-            // I'm implementing this monstrosity:
+        var name = req.body.name;
-            // <http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html>
+        var pw = req.body.pw;
-            if(!email.match(/^[a-z0-9_\.]+@[a-z0-9_\.]+[a-z]+$/)) {
+        var email = req.body.email;
-                this.sendJSON(res, {
+
        if(!email.match(/^[\w_\.]+@[\w_\.]+[a-z]+$/i)) {
            res.jsonp({
                success: false,
-                    error: "Invalid email"
+                error: "Invalid email address"
            });
            return;
        }
        if(email.match(/.*@(localhost|127\.0\.0\.1)/i)) {
-                this.sendJSON(res, {
+            res.jsonp({
                success: false,
-                    error: "Nice try, but no."
+                error: "Nice try, but no"
            });
            return;
        }
-            if(pw == "") {
+        var row = Auth.login(name, pw);
-                this.sendJSON(res, {
+        if(!row) {
            res.jsonp({
                success: false,
-                    error: "Password cannot be empty"
+                error: "Invalid login credentials"
            });
            return;
        }
-            var row = Auth.login(name, pw);
+
            if(row) {
        var success = Server.db.setUserEmail(name, email);
        if(!success) {
            res.jsonp({
                success: false,
                error: "Email update failed.  Contact an administrator "+
                       "for assistance."
            });
            return false;
        }
        ActionLog.record(getIP(req), name, "email-update", email);
-                this.sendJSON(res, {
+        res.jsonp({
-                    success: success,
+            success: true,
                    error: success ? "" : "Email update failed",
            session: row.session_hash
        });
            }
            else {
                this.sendJSON(res, {
                    success: false,
                    error: "Invalid username/password"
    });
-            }
+
-        },
+    var x = {
        handleRegister: function (params, req, res) {
            var name = params.name || "";