archive-gh-me/nodeclub
1
0
Fork 0
mirror of https://github.com/cnodejs/nodeclub.git synced 2025-12-08 19:55:55 +00:00
Code Issues Projects Releases Wiki Activity
nodeclub/controllers/sign.js
dead-horse 611e73e97c 修改密码找回文案
2012-03-13 17:40:23 +08:00

343 lines
10 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

var models = require('../models'),
User = models.User;
var check = require('validator').check,
sanitize = require('validator').sanitize;
var crypto = require('crypto');
var config = require('../config').config;
var message_ctrl = require('./message');
var mail_ctrl = require('./mail');
//sign up
exports.signup = function(req,res,next){
var method = req.method.toLowerCase();
if(method == 'get'){
res.render('sign/signup');
return;
}
if(method == 'post'){
var name = sanitize(req.body.name).trim();
name = sanitize(name).xss();
var loginname = name.toLowerCase();
var pass = sanitize(req.body.pass).trim();
pass = sanitize(pass).xss();
var email = sanitize(req.body.email).trim();
email = email.toLowerCase();
email = sanitize(email).xss();
var re_pass = sanitize(req.body.re_pass).trim();
re_pass = sanitize(re_pass).xss();
if(name == '' || pass =='' || re_pass == '' || email ==''){
res.render('sign/signup', {error:'信息不完整。',name:name,email:email});
return;
}
if(name.length < 5){
res.render('sign/signup', {error:'用户名至少需要5个字符。',name:name,email:email});
return;
}
try{
check(name, '用户名只能使用0-9a-zA-Z。').isAlphanumeric();
}catch(e){
res.render('sign/signup', {error:e.message,name:name,email:email});
return;
}
if(pass != re_pass){
res.render('sign/signup', {error:'两次密码输入不一致。',name:name,email:email});
return;
}
try{
check(email, '不正确的电子邮箱。').isEmail();
}catch(e){
res.render('sign/signup', {error:e.message,name:name,email:email});
return;
}
User.find({'$or':[{'loginname':loginname},{'email':email}]},function(err,users){
if(err) return next(err);
if(users.length > 0){
res.render('sign/signup', {error:'用户名或邮箱已被使用。',name:name,email:email});
return;
}
// md5 the pass
pass = md5(pass);
// create gavatar
var avatar_url = 'http://www.gravatar.com/avatar/' + md5(email) + '?size=48';
var user = new User();
user.name = name;
user.loginname = loginname;
user.pass = pass;
user.email = email;
user.avatar = avatar_url;
user.active = false;
user.save(function(err){
if(err) return next(err);
mail_ctrl.send_active_mail(email,md5(email+config.session_secret),name,email,function(err,success){
if(success){
res.render('sign/signup', {success:'欢迎加入 ' + config.name + '!我们已给您的注册邮箱发送了一封邮件,请点击里面的链接来激活您的帐号。'});
return;
}
});
});
});
}
};
/**
* Show user login page.
*
* @param {HttpRequest} req
* @param {HttpResponse} res
*/
exports.showLogin = function(req, res) {
req.session._loginReferer = req.headers.referer;
res.render('sign/signin');
};
/**
* define some page when login just jump to the home page
* @type {Array}
*/
var notJump = [
'/active_account', //active page
'/reset_pass' //reset password page, avoid to reset twice
];
/**
* Handle user login.
*
* @param {HttpRequest} req
* @param {HttpResponse} res
* @param {Function} next
*/
exports.login = function(req, res, next) {
var loginname = sanitize(req.body.name).trim().toLowerCase();
var pass = sanitize(req.body.pass).trim();
if (!loginname || !pass) {
return res.render('sign/signin', { error: '信息不完整。' });
}
User.findOne({ 'loginname': loginname }, function(err, user) {
if (err) return next(err);
if (!user) {
return res.render('sign/signin', { error:'这个用户不存在。' });
}
pass = md5(pass);
if (pass !== user.pass) {
return res.render('sign/signin', { error:'密码错误。' });
}
if (!user.active) {
res.render('sign/signin', { error:'此帐号还没有被激活。' });
return;
}
// store session cookie
gen_session(user, res);
//check at some page just jump to home page
var refer = req.session._loginReferer || 'home';
for (var i=0, len=notJump.length; i!=len; ++i) {
if (refer.indexOf(notJump[i]) >= 0) {
refer = 'home';
break;
}
}
res.redirect(refer);
});
};
// sign out
exports.signout = function(req, res, next) {
req.session.destroy();
res.clearCookie(config.auth_cookie_name, { path: '/' });
res.redirect(req.headers.referer || 'home');
};
exports.active_account = function(req,res,next) {
var key = req.query.key;
var name = req.query.name;
var email = req.query.email;
User.findOne({name:name},function(err,user){
if(!user || md5(email+config.session_secret) != key){
res.render('notify/notify',{error: '信息有误,帐号无法被激活。'});
return;
}
if(user.active){
res.render('notify/notify',{error: '帐号已经是激活状态。'});
return;
}
user.active = true;
user.save(function(err){
res.render('notify/notify',{success: '帐号已被激活,请登录'});
});
});
}
exports.search_pass = function(req,res,next){
var method = req.method.toLowerCase();
if(method == 'get'){
res.render('sign/search_pass');
}
if(method == 'post'){
var email = req.body.email;
email = email.toLowerCase();
try{
check(email, '不正确的电子邮箱。').isEmail();
}catch(e){
res.render('sign/search_pass', {error:e.message,email:email});
return;
}
// User.findOne({email:email},function(err,user){
//动态生成retrive_key和timestamp到users collection,之后重置密码进行验证
var retrieveKey = randomString(15);
var retrieveTime = new Date().getTime();
User.findOne({email : email}, function(err, user) {
if(!user) {
res.render('sign/search_pass', {error:'没有这个电子邮箱。',email:email});
return;
}
user.retrieve_key = retrieveKey;
user.retrieve_time = retrieveTime;
user.save(function(err) {
if(err) {
return next(err);
}
mail_ctrl.send_reset_pass_mail(email, retrieveKey, user.name, function(err,success) {
res.render('notify/notify',{success: '我们已给您填写的电子邮箱发送了一封邮件请在24小时内点击里面的链接来重置密码。'});
});
});
});
}
}
/**
* reset password
* 'get' to show the page, 'post' to reset password
* after reset password, retrieve_key&time will be destroy
* @param {http.req} req
* @param {http.res} res
* @param {Function} next
*/
exports.reset_pass = function(req,res,next) {
var method = req.method.toLowerCase();
if(method === 'get') {
var key = req.query.key;
var name = req.query.name;
User.findOne({name:name, retrieve_key:key},function(err,user) {
if(!user) {
return res.render('notify/notify',{error: '信息有误,密码无法重置。'});
}
var now = new Date().getTime();
var oneDay = 1000 * 60 * 60 * 24;
if(!user.retrieve_time || now - user.retrieve_time > oneDay) {
return res.render('notify/notify', {error : '该链接已过期,请重新申请。'});
}
return res.render('sign/reset', {name : name, key : key});
user.save(function(err) {
res.render('notify/notify',{success: '你的密码已被重置为:' + new_pass + ',请立即用此密码登录后在设置页面更改密码。'});
});
});
} else {
var psw = req.body.psw || '';
var repsw = req.body.repsw || '';
var key = req.body.key || '';
var name = req.body.name || '';
if(psw !== repsw) {
return res.render('sign/reset', {name : name, key : key, error : '两次密码输入不一致。'});
}
User.findOne({name:name, retrieve_key: key}, function(err, user) {
if(!user) {
return res.render('notify/notify', {error : '错误的激活链接'});
}
user.pass = md5(psw);
user.retrieve_key = null;
user.retrieve_time = null;
user.save(function(err) {
if(err) {
return next(err);
}
return res.render('notify/notify', {success: '你的密码已重置。'});
})
})
}
}
// auth_user middleware
exports.auth_user = function(req,res,next){
if(req.session.user){
if(config.admins[req.session.user.name]){
req.session.user.is_admin = true;
}
message_ctrl.get_messages_count(req.session.user._id,function(err,count){
if(err) return next(err);
req.session.user.messages_count = count;
res.local('current_user',req.session.user);
return next();
});
}else{
var cookie = req.cookies[config.auth_cookie_name];
if(!cookie) return next();
var auth_token = decrypt(cookie, config.session_secret);
var auth = auth_token.split('\t');
var user_id = auth[0];
User.findOne({_id:user_id},function(err,user){
if(err) return next(err);
if(user){
if(config.admins[user.name]){
user.is_admin = true;
}
message_ctrl.get_messages_count(user._id,function(err,count){
if(err) return next(err);
user.messages_count = count;
req.session.user = user;
res.local('current_user',req.session.user);
return next();
});
}else{
return next();
}
});
}
};
// private
function gen_session(user,res) {
var auth_token = encrypt(user._id + '\t'+user.name + '\t' + user.pass +'\t' + user.email, config.session_secret);
res.cookie(config.auth_cookie_name, auth_token, {path: '/',maxAge: 1000*60*60*24*7}); //cookie 有效期1周
}
function encrypt(str,secret) {
var cipher = crypto.createCipher('aes192', secret);
var enc = cipher.update(str,'utf8','hex');
enc += cipher.final('hex');
return enc;
}
function decrypt(str,secret) {
var decipher = crypto.createDecipher('aes192', secret);
var dec = decipher.update(str,'hex','utf8');
dec += decipher.final('utf8');
return dec;
}
function md5(str) {
var md5sum = crypto.createHash('md5');
md5sum.update(str);
str = md5sum.digest('hex');
return str;
}
function randomString(size) {
size = size || 6;
var code_string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var max_num = code_string.length + 1;
var new_pass = '';
while(size>0){
new_pass += code_string.charAt(Math.floor(Math.random()* max_num));
size--;
}
return new_pass;
}
Reference in New Issue View Git Blame Copy Permalink