summaryrefslogtreecommitdiff
path: root/server.js
diff options
context:
space:
mode:
Diffstat (limited to 'server.js')
-rw-r--r--server.js96
1 files changed, 43 insertions, 53 deletions
diff --git a/server.js b/server.js
index 72dfec2..bbf3c59 100644
--- a/server.js
+++ b/server.js
@@ -139,6 +139,11 @@ if (process.env.MAIL_HOST && process.env.MAIL_PORT && process.env.MAIL_FROM) {
console.log("Mail notifications enabled: ", mailer.options)
} else {
console.log("Mail notifications disabled.")
+ mailer = {
+ sendMail(mail) {
+ console.log("MAIL (DEBUG):", mail)
+ }
+ }
}
/*
@@ -427,7 +432,7 @@ function must_pass_altcha(req, res, next) {
return next()
}
-app.get("/altcha-challenge", function (_req, res) {
+app.get("/api/altcha-challenge", function (_req, res) {
return res.json(altcha_create_challenge())
})
@@ -598,20 +603,16 @@ function create_and_mail_verification_token(user) {
mail_verification_token(user, SQL_CREATE_TOKEN.get(user.user_id))
}
-app.get("/verify-mail", must_be_logged_in, function (req, res) {
- if (SQL_SELECT_USER_VERIFIED.get(req.user.user_id))
- return res.redirect("/profile")
- create_and_mail_verification_token(req.user)
- res.render("verify_mail.pug", { user: req.user })
-})
-
-app.get("/verify-mail/:token", must_be_logged_in, function (req, res) {
+app.get("/account/mail/verify", must_be_logged_in, function (req, res) {
+ var token = req.query.token
if (SQL_SELECT_USER_VERIFIED.get(req.user.user_id))
return res.redirect("/profile")
- res.render("verify_mail.pug", { user: req.user, token: req.params.token })
+ if (!token)
+ create_and_mail_verification_token(req.user)
+ res.render("verify_mail.pug", { user: req.user, token })
})
-app.post("/verify-mail", must_be_logged_in, function (req, res) {
+app.post("/account/mail/verify", must_be_logged_in, function (req, res) {
if (SQL_VERIFY_TOKEN.get(req.user.user_id, req.body.token)) {
SQL_UPDATE_USER_VERIFIED.run(1, req.user.user_id)
res.redirect("/profile")
@@ -621,13 +622,13 @@ app.post("/verify-mail", must_be_logged_in, function (req, res) {
}
})
-app.get("/forgot-password", function (req, res) {
+app.get("/account/forgot-password", function (req, res) {
if (req.user)
return res.redirect("/")
res.render("forgot_password.pug")
})
-app.post("/forgot-password", must_pass_altcha, function (req, res) {
+app.post("/account/forgot-password", must_pass_altcha, function (req, res) {
let mail = req.body.mail
let user = SQL_SELECT_LOGIN_BY_MAIL.get(mail)
if (user) {
@@ -636,33 +637,20 @@ app.post("/forgot-password", must_pass_altcha, function (req, res) {
token = SQL_CREATE_TOKEN.get(user.user_id)
mail_password_reset_token(user, token)
}
- return res.redirect("/reset-password/" + mail)
+ return res.redirect("/account/reset-password?mail=" + mail)
}
res.render("forgot_password.pug", { flash: "User not found." })
})
-app.get("/reset-password", function (req, res) {
- if (req.user)
- return res.redirect("/")
- res.render("reset_password.pug", { mail: "", token: "" })
-})
-
-app.get("/reset-password/:mail", function (req, res) {
- if (req.user)
- return res.redirect("/")
- let mail = req.params.mail
- res.render("reset_password.pug", { mail: mail, token: "" })
-})
-
-app.get("/reset-password/:mail/:token", function (req, res) {
+app.get("/account/reset-password", function (req, res) {
if (req.user)
return res.redirect("/")
- let mail = req.params.mail
- let token = req.params.token
- res.render("reset_password.pug", { mail: mail, token: token })
+ var mail = req.query.mail
+ var token = req.query.token
+ res.render("reset_password.pug", { mail, token })
})
-app.post("/reset-password", must_pass_altcha, function (req, res) {
+app.post("/account/reset-password", must_pass_altcha, function (req, res) {
let mail = req.body.mail
let token = req.body.token
let password = req.body.password
@@ -686,11 +674,11 @@ app.post("/reset-password", must_pass_altcha, function (req, res) {
return res.redirect("/profile")
})
-app.get("/change-password", must_be_logged_in, function (req, res) {
+app.get("/account/change-password", must_be_logged_in, function (req, res) {
res.render("change_password.pug", { user: req.user })
})
-app.post("/change-password", must_be_logged_in, function (req, res) {
+app.post("/account/change-password", must_be_logged_in, function (req, res) {
let oldpass = req.body.password
let newpass = req.body.newpass
// Get full user record including password and salt
@@ -720,7 +708,7 @@ function may_delete_account(user_id) {
return true
}
-app.get("/delete-account", must_be_logged_in, function (req, res) {
+app.get("/account/delete", must_be_logged_in, function (req, res) {
if (!may_delete_account(req.user.user_id))
return res.status(401).send("You may not delete your account while you have unfinished games.")
res.render("delete_account.pug", { user: req.user })
@@ -730,7 +718,7 @@ const SQL_SELECT_GAME_ROLE_FOR_DELETED_USER = SQL(`
select game_id, role from players where user_id = ? and game_id in (select game_id from games where status <= 1)
`)
-app.post("/delete-account", must_be_logged_in, function (req, res) {
+app.post("/account/delete", must_be_logged_in, function (req, res) {
if (!may_delete_account(req.user.user_id))
res.status(401).send("You may not delete your account while you have unfinished games.")
@@ -765,27 +753,27 @@ app.get("/admin/unban-user/:who", must_be_administrator, function (req, res) {
* USER PROFILE
*/
-app.get("/subscribe", must_be_logged_in, function (req, res) {
+app.get("/account/mail/subscribe", must_be_logged_in, function (req, res) {
SQL_UPDATE_USER_NOTIFY.run(1, req.user.user_id)
res.redirect("/profile")
})
-app.get("/unsubscribe", must_be_logged_in, function (req, res) {
+app.get("/account/mail/unsubscribe", must_be_logged_in, function (req, res) {
SQL_UPDATE_USER_NOTIFY.run(0, req.user.user_id)
res.redirect("/profile")
})
-app.get("/webhook", must_be_logged_in, function (req, res) {
+app.get("/account/webhook", must_be_logged_in, function (req, res) {
let webhook = SQL_SELECT_WEBHOOK.get(req.user.user_id)
res.render("webhook.pug", { user: req.user, webhook: webhook })
})
-app.post("/api/webhook/delete", must_be_logged_in, function (req, res) {
+app.post("/account/webhook/delete", must_be_logged_in, function (req, res) {
SQL_DELETE_WEBHOOK.run(req.user.user_id)
res.redirect("/webhook")
})
-app.post("/api/webhook/update", must_be_logged_in, function (req, res) {
+app.post("/account/webhook/update", must_be_logged_in, function (req, res) {
let url = req.body.url
let prefix = req.body.prefix
let format = req.body.format
@@ -797,11 +785,11 @@ app.post("/api/webhook/update", must_be_logged_in, function (req, res) {
res.send("Testing Webhook. Please wait...")
})
-app.get("/change-name", must_be_logged_in, function (req, res) {
+app.get("/account/change-name", must_be_logged_in, function (req, res) {
res.render("change_name.pug", { user: req.user })
})
-app.post("/change-name", must_be_logged_in, function (req, res) {
+app.post("/account/change-name", must_be_logged_in, function (req, res) {
let newname = clean_user_name(req.body.newname)
if (!is_valid_user_name(newname))
return res.render("change_name.pug", { user: req.user, flash: "Invalid user name!" })
@@ -811,11 +799,11 @@ app.post("/change-name", must_be_logged_in, function (req, res) {
return res.redirect("/profile")
})
-app.get("/change-mail", must_be_logged_in, function (req, res) {
+app.get("/account/change-mail", must_be_logged_in, function (req, res) {
res.render("change_mail.pug", { user: req.user })
})
-app.post("/change-mail", must_be_logged_in, function (req, res) {
+app.post("/account/change-mail", must_be_logged_in, function (req, res) {
let newmail = req.body.newmail
if (!is_valid_email(newmail) || is_forbidden_mail(newmail))
return res.render("change_mail.pug", { user: req.user, flash: "Invalid mail address!" })
@@ -826,12 +814,12 @@ app.post("/change-mail", must_be_logged_in, function (req, res) {
return res.redirect("/profile")
})
-app.get("/change-about", must_be_logged_in, function (req, res) {
+app.get("/account/change-about", must_be_logged_in, function (req, res) {
let about = SQL_SELECT_USER_ABOUT.get(req.user.user_id)
res.render("change_about.pug", { user: req.user, about: about || "" })
})
-app.post("/change-about", must_be_logged_in, function (req, res) {
+app.post("/account/change-about", must_be_logged_in, function (req, res) {
SQL_UPDATE_USER_ABOUT.run(req.user.user_id, req.body.about)
return res.redirect("/profile")
})
@@ -1688,10 +1676,12 @@ function annotate_games(list, user_id, unread, unseen) {
}
app.get("/profile", must_be_logged_in, function (req, res) {
- req.user.notify = SQL_SELECT_USER_NOTIFY.get(req.user.user_id)
- req.user.is_verified = SQL_SELECT_USER_VERIFIED.get(req.user.user_id)
- req.user.webhook = SQL_SELECT_WEBHOOK.get(req.user.user_id)
- res.render("profile.pug", { user: req.user })
+ var mail = {
+ notify: SQL_SELECT_USER_NOTIFY.get(req.user.user_id),
+ is_verified: SQL_SELECT_USER_VERIFIED.get(req.user.user_id)
+ }
+ var webhook = SQL_SELECT_WEBHOOK.get(req.user.user_id)
+ res.render("profile.pug", { mail, webhook })
})
app.get("/games", function (_req, res) {
@@ -2473,7 +2463,7 @@ function mail_password_reset_token(user, token) {
let subject = "Password reset request"
let body =
"Your password reset token is: " + token + "\n\n" +
- SITE_URL + "/reset-password/" + user.mail + "/" + token + "\n"
+ SITE_URL + "/account/reset-password?mail=" + user.mail + "&token=" + token + "\n"
console.log("SENT MAIL:", mail_addr(user), subject)
mailer.sendMail({ from: MAIL_FROM, to: mail_addr(user), subject: subject, text: body }, mail_callback)
}
@@ -2484,7 +2474,7 @@ function mail_verification_token(user, token) {
let subject = "Verify mail address"
let body =
"Your mail verification token is: " + token + "\n\n" +
- SITE_URL + "/verify-mail/" + token + "\n"
+ SITE_URL + "/account/mail/verify?token=" + token + "\n"
console.log("SENT MAIL:", mail_addr(user), subject)
mailer.sendMail({ from: MAIL_FROM, to: mail_addr(user), subject: subject, text: body }, mail_callback)
}