static cleanString(string) { if (this.isString(string)) { return StringValidator.escape(string.trim()); } return false; }
server.get('/cadastro/:id', function (req, res) { var id = validator.trim(validator.escape(req.body._id)); cadastroController.get(id, function(err, resp) { if(err) res.send(err); res.json(resp); }); });
/** * Find record by id * @param {number} id Record ID * @param {Function} cb Async return * @return {undefined} [description] */ find(id, cb) { id = v.escape(id === undefined ? '' : ''+id) this.db.query('SELECT * FROM todos WHERE id = $1', [id], (err, res) => { if (err || res.rows.length) return cb({}) cb(res.rows[0]) }); }
/** * Set auth token * @param {object} user Record as object * @param {String} token The password to be stored * @param {Function} cb Async return * @return {[type]} [description] */ storeToken(user, auth_token, ip, cb) { user.id = parseInt(user.id, 10) auth_token = v.escape(auth_token === undefined ? '' : auth_token) ip = v.escape(ip === undefined ? '' : ip) var sql= 'UPDATE users SET auth_token = $1, auth_ip = $2 WHERE id = $3', values = [auth_token, ip, user.id] this.db.query(sql, values, (err, res) => { if (err) return cb({}) cb(user) }) }
server.post('/cadastro/', function (req, res) { var mainFormParameters = { dn_crianca: validator.trim(validator.escape(req.body.dn_crianca)), nome_responsavel: validator.trim(validator.escape(req.body.nome_responsavel)), nome_crianca: validator.trim(validator.escape(req.body.nome_crianca)), email: validator.trim(validator.escape(req.body.email)), telefone: validator.trim(validator.escape(req.body.telefone)), tel_operadora: validator.trim(validator.escape(req.body.tel_operadora)), observacoes: validator.trim(validator.escape(req.body.observacoes)), brincando: req.body.brincando, standing_by : req.body.standing_by, historico: req.body.historico }; cadastroController.saveCadastro(mainFormParameters, function(err, resp) { if(err) res.send(err); res.json(resp);} ); });
/** * Register new user * @param {object} user Record as object * @param {Function} cb Async return * @return {[type]} [description] */ register(user, cb) { user.username = v.escape(user.username === undefined ? '' : user.username) user.password = v.escape(user.password === undefined ? '' : user.password) this.users.find(user.username, (result) => { if (result.id) return cb({}) this.users.store(user, (newUser) => { this.changePassword(newUser, user.password, () => { delete user.password cb(user) }) }) }) }
/** * Delete record * @param {number} id Record ID * @param {Function} cb Async return * @return {undefined} [description] */ remove(id, cb) { id = v.escape(id === undefined ? '' : ''+id) this.db.query('DELETE FROM todos WHERE id = $1', [id], (err, res) => { if (err) return cb(false) cb(true) }); }
/** * Store record: insert or update * @param {object} todo Record as object * @param {Function} cb Async return * @return {[type]} [description] */ store(todo, cb) { var sql, values todo.text = v.escape(todo.text === undefined ? '' : todo.text) todo.status = v.escape(todo.status === undefined ? '' : todo.status) if (todo.id) { todo.id = v.escape(todo.id === undefined ? '' : ''+(todo.id)) sql = 'UPDATE todos SET text = $1, status = $2 WHERE id = $3'; values = [todo.text, todo.status, todo.id] } else { sql = 'INSERT INTO todos (text, status) VALUES ($1, $2) RETURNING id'; values = [todo.text, todo.status] } this.db.query(sql, values, (err, res) => { if (err) return cb({}) todo['id'] = !todo.id ? res.rows[0].id : todo['id'] cb(todo) }); }
server.delete('/cadastro/:id', function (req, res) { var id = validator.trim(validator.escape(req.params.id)); cadastroController.deleteCadastro(id, function(err, resp) { if(err) res.send(err); res.json(resp); }); });
/** * Check auth token for validity * @param {String} auth_token The auth token * @param {Function} cb Async return * @return {undefined} [description] */ isTokenValid(auth_token, ip, cb) { auth_token = v.escape(auth_token === undefined ? '' : auth_token) ip = v.escape(ip) var sql = 'SELECT * FROM users WHERE auth_token = $1 AND auth_ip = $2', values = [auth_token, ip] this.db.query(sql, values, (err, res) => { !err && res.rows.length ? cb(res.rows[0]) : cb({}) }) }
/** * Login user * @param {String} username Record ID * @param {Function} cb Async return * @return {undefined} [description] */ login(user, ip, cb) { user.username = v.escape(user.username === undefined ? '' : user.username) user.password = v.escape(user.password === undefined ? '' : user.password) ip = v.escape(ip) var sql = 'SELECT id, username FROM users WHERE username = $1 AND password = $2', values = [user.username] this.encrypt(user.password, false, (err, hash) => { values.push(hash) this.db.query(sql, values, (err, res) => { if (err || !res.rows.length) return cb({}) user = res.rows[0] user['auth_token'] = this.generateAuthToken() this.storeToken(user, user.auth_token, ip, () => { cb({auth_token: user.auth_token}) }) }) }) }
server.put('/cadastro/', function(req, res) { var mainFormParameters = { id : validator.trim(validator.escape(req.body._id)), nome_crianca: validator.trim(validator.escape(req.body.nome_crianca)), dn_crianca: validator.trim(validator.escape(req.body.dn_crianca)), nome_responsavel: validator.trim(validator.escape(req.body.nome_responsavel)), email: validator.trim(validator.escape(req.body.email)), telefone: validator.trim(validator.escape(req.body.telefone)), tel_operadora: validator.trim(validator.escape(req.body.tel_operadora)), observacoes: validator.trim(validator.escape(req.body.observacoes)), brincando: req.body.brincando, standing_by : req.body.standing_by, historico: req.body.historico }; cadastroController.updateCadastro(mainFormParameters, function(resp) { res.json(resp); }); });
/** * Store record: insert or update * @param {object} user Record as object * @param {Function} cb Async return * @return {[type]} [description] */ store(user, cb) { var sql, values user.username = v.escape(user.username === undefined ? '' : user.username) user.id = v.escape(user.id === undefined ? '' : ''+(user.id)) if (user.id) { sql = 'UPDATE users SET username = $1 WHERE id = $2' values = [user.username, user.id] } else { sql = 'INSERT INTO users (username) VALUES ($1) RETURNING id' values = [user.username] } this.db.query(sql, values, (err, res) => { if (err) return cb({}) user['id'] = !user.id ? res.rows[0].id : user['id'] cb(user) }) }
/** * Change password * @param {object} user Record as object * @param {String} password The password to be stored * @param {Function} cb Async return * @return {[type]} [description] */ changePassword(user, password, cb) { user.username = v.escape(user.username === undefined ? '' : user.username) password = v.escape(password === undefined ? '' : password) this.encrypt(password, false, (err, hash) => { if (err) return cb({}) var sql, values sql = 'UPDATE users SET password = $1 WHERE id = $2' values = [hash, user.id] this.db.query(sql, values, (err, res) => { if (err) return cb({}) cb(user) }) }) }
/** * Find record by username * @param {String} username Record ID * @param {Function} cb Async return * @return {undefined} [description] */ find(username, cb) { username = v.escape(username === undefined ? '' : username) this.db.query('SELECT * FROM users WHERE username = $1', [username], (err, res) => { if (err || !res.rows.length) return cb({}) cb(res.rows[0]) }); }