user.jsroutes/ | |
|---|---|
var bcrypt = require('bcrypt')
, _ = require('underscore')
, validator = require("../lib/requestValidator")
, sqlHelper = require("../lib/sqlHelper");
exports.login = {
validator:validator.makeValidator({
canOnly:['email','password']
}),
route:function (req, res) {
clientPool.acquire(function(err,mysql) {
if(err){
console.log("can't get mysql con",err);
res.send(500);
return false;
}
mysql.query("SELECT * FROM `user` WHERE `email` = ? LIMIT 1 ;",[req.body.email],function(err,users) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
return false;
}
if(!_.isEmpty(users)) {
bcrypt.compare(req.body.password,users[0].password,function(err, result) {
if(result) {
req.session.userID = users[0].userID;
req.session.numResponses = users[0].numResponses;
req.session.numNeeded = users[0].numNeeded;
res.redirect("/user/me");
mysql.query("UPDATE LOW_PRIORITY `user` SET `dtLastLoggedIn` = CURRENT_TIMESTAMP, `numLogins` = `numLogins` + 1 WHERE `userID` = ?",[users[0].userID],function(err) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
return false;
}
clientPool.releaseConnection(mysql);
})
} else {
clientPool.releaseConnection(mysql);
res.send(401,{status:'failed'});
}
});
} else {
res.send(401,{status:'failed'});
}
});
});
}
};
exports.logout = function (req, res) {
delete req.session.userID;
res.redirect('/index.html');
};
exports.create = {
validate:validator.makeValidator({
canOnly:["password","name","pronoun","email","points","div","age","subFree"],
types:{
points:"int",
div:"int",
subFree:"int"
}
}),
route:function(req,res) {
var parts = req.body.email.split("@");
if(isNaN(parts[0].slice(-2)) && parts[1] !== "hampshire.edu"){
res.send(400,{status:"failed",message:"Users must have a valid student email address"});
return false;
}
bcrypt.genSalt(10, function(err, salt) {
if(err) {
console.log("Error generating salt",err);
res.send(500);
return false;
}
bcrypt.hash(req.body.password,salt,function(err,hash) {
if(err) {
console.log("Error hashing password",err);
res.send(500);
return false;
}
clientPool.acquire(function(err,mysql) {
if(err){
console.log("can't get mysql con",err);
clientPool.releaseConnection(mysql);
res.send(500);
return false;
}
mysql.query(
"INSERT INTO `modfinder`.`user` (`name`, `pronoun`, `email`, `points`, `div`, `age`, `subFree`, `numNeeded`, `password`, `bio`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, 'No bio yet...');",
[req.body.name, req.body.pronoun, req.body.email, req.body.points, req.body.div, req.body.age, req.body.subFree, 3, hash],
function(err,result) {
if(err) {
console.log("error inserting into mysql",err);
res.send(500);
clientPool.releaseConnection(mysql);
return false;
}
req.session.userID = result.insertId;
req.session.numResponses = 0;
req.session.numNeeded = 3;
clientPool.releaseConnection(mysql);
res.redirect("/user/me");
}
);
});
});
});
}
};
exports.edit = function(req,res) {
clientPool.acquire(function(err,mysql) {
if(err){
console.log("can't get mysql con",err);
res.send(500);
return false;
}
mysql.query("SELECT * FROM `user` WHERE `userID` = ?;",[req.session.userID],function(err,user) {
if(err){
console.log("can't get user from database");
res.send(500);
clientPool.releaseConnection(mysql);
return false;
}
user = user[0];
clientPool.releaseConnection(mysql);
res.render("userEdit",{
user:_.omit(user,"password")
});
});
});
};
exports.update = function(req,res) {
clientPool.acquire(function(err,mysql) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
return false;
}
var params = _.omit(req.body,"userID","password","dtCreated","dtLastLoggedIn","numResponses","numAsked","numLogins","pic","numNeeded");
sqlHelper.update(mysql,"user",params,{userID:req.session.userID},{},function(err,result) {
if(err){
console.log(err);
clientPool.releaseConnection(mysql);
return false;
}
clientPool.releaseConnection(mysql);
res.redirect("/user/me");
});
});
}
exports.uploadPic = function(req,res) {
res.set("Content-Type","text/json");
if(_.has(req.body,"pic")) {
clientPool.acquire(function(err,mysql) {
mysql.query("UPDATE `user` SET `pic` = ? WHERE `userID` = ?",[req.body.pic,req.session.userID],function(err,result) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
res.send(500);
return false;
}
clientPool.releaseConnection(mysql);
res.send({status:"success"});
});
});
} else {
res.send(400);
}
};
exports.search = function(req,res) {
if(req.route.params.query) {
clientPool.acquire(function(err,mysql) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
return false;
}
req.route.params.query = req.route.params.query.toLowerCase();
var escapedQuery = mysql.escape("%" + req.route.params.query + "%");
mysql.query("SELECT `name`,`userID` FROM `user` WHERE LOWER(`name`) LIKE " + escapedQuery + " LIMIT 11 ;",function(err,result) {
if(err) {
clientPool.releaseConnection(mysql);
console.log(err);
res.send(500);
return false;
}
clientPool.releaseConnection(mysql);
res.set("Content-Type","text/json");
res.send(result);
})
});
} else {
res.send(400);
}
}
exports.view = function(req,res) {
if(req.route.params.userID === "me")
req.route.params.userID = req.session.userID;
if(!isNaN(parseInt(req.route.params.userID))) {
clientPool.acquire(function(err,mysql) {
if(err){
console.log("can't get mysql con",err);
clientPool.releaseConnection(mysql);
res.send(500);
return false;
}
mysql.query(
"SELECT `user`.*, `favorite`.`fUserID`, `favorite`.`favoriteID` FROM `user` LEFT JOIN `favorite` \
ON `user`.`userID` = `favorite`.`fUserID` \
AND `favorite`.`userID` = ? \
WHERE `user`.`userID` = ?;",
[req.session.userID,req.route.params.userID],function(err,user) {
if(err){
console.log("can't get user from database");
res.send(500);
clientPool.releaseConnection(mysql);
return false;
}
if(user.length > 0) {
user = user[0];
mysql.query("SELECT * FROM `question` WHERE `userID` = ? LIMIT ?;",[user.userID,user.numAsked],function(err,questions){
if(err){
console.log(err);
res.send(500);
clientPool.releaseConnection(mysql);
return false;
}
mysql.query(
"SELECT * FROM `question`,`answer`,`questionResponse` \
WHERE `questionResponse`.`userID` = ? \
AND `questionResponse`.`questionID` = `question`.`questionID` \
AND `answer`.`questionID` = `question`.`questionID`\
AND `answer`.`answerID` = `questionResponse`.`answerID` \
LIMIT ?;",
[user.userID,user.numResponses],
function(err,responses){
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
res.send(500);
return false;
}
clientPool.releaseConnection(mysql);
res.render("profile",{
_:_,
req:req,
status:"success",
user:_.omit(user,"password"),
questions:questions,
responses:responses
});
}
);
});
} else {
res.send(404);
}
});
});
} else {
res.send(404);
}
};
exports.index = function(req,res) {
clientPool.acquire(function(err,mysql) {
mysql.query("SELECT * FROM `user` ORDER BY `pic` DESC ;",function(err,users) {
if(err) {
console.log(err);
clientPool.releaseConnection(mysql);
res.send(500);
return false;
}
res.render("browse",{users:users});
clientPool.releaseConnection(mysql);
});
});
};
|