UIAngular/Server/src/database/tokens.js

var connection = require("./connection");
var crypto = require("crypto");
var async = require("async");
var dbTokens = this;


exports.createToken = function(userId, topCallback){
    async.waterfall([
        function(callback){
            //Delete existing tokens for user
            connection.query("DELETE FROM Tokens WHERE UserId = ?;",[userId],function(error,result){
                if (error){
                    error.step = "deleting";
                    callback(error);
                    return;
                }
                callback(null,result);
            });
        },
        function(deleteResult, callback){
            //Create the token
            crypto.randomBytes(128, function(error, result){
                if (error){
                    error.step = "crypto-random";
                    callback(error);
                    return;
                }
                callback(null, result);
            });
        },
        function(tokenBytes, callback){
            //Insert Token into Database
            var now = new Date();
            var then = new Date()
            //then.setDate(now.getDate() + 1); //Expires date is 1 day
            then.setTime(then.getTime() + (1*60*60*1000)); //Expires in 1 hour
            console.log("UserID: " + userId  + "; Now: " + now + "; Then: " + then);
            connection.query("INSERT INTO Tokens (CreatedDate,Id,UserId,Expires,Token) VALUES(NULL,NULL,?,?,?)",[userId,then,tokenBytes],function(error,result){
                if (error){
                    error.step = "inserting";
                    callback(error);
                    return;
                }
                callback(null,result, tokenBytes);
            });
        },
        function(insertResult, tokenBytes, callback){
            var token = {
                "id": insertResult.insertId,
                "value": new Buffer(tokenBytes).toString("hex"),
                "userId": userId
            };
            callback(null, token);
        }
    ],function(error,result){
        if (error){
            topCallback(error);
            return;
        }
        topCallback(null,result);
    });
};

exports.verifyToken = function(userId, tokenId, token, topCallback){
    
    getTokenFromDB(tokenId,userId,function(error,tokenObj){
        if (error){
            error.step = "getting from db";
            topCallback(error);
            return;
        }
        if (!tokenObj){
            console.log("No Token with TokenId: " + tokenId  + " and UserID: " + userId);
            topCallback(null,false);
            return;
        }
        var dbToken = new Buffer(tokenObj.value).toString("hex");
        console.log(dbToken);
        console.log(token);
        if (dbToken == token){
            topCallback(null,true);
        } else {
            topCallback(null,false);
        }
    });    
};

function getTokenFromDB(tokenId,userId,callback){
    var now = new Date();
    var then = new Date();
    then.setTime(then.getTime() + (1*60*60*1000)); //Expires in 1 hour
    connection.query("UPDATE Tokens SET Expires = ? WHERE Id = ? AND UserId = ? AND Expires > ?; SELECT * FROM Tokens WHERE Id = ? AND UserId = ? AND Expires > ?",
                     [then,tokenId,userId,now,tokenId,userId,now],function(error,rows){
        if (error){
            console.log(error);
            callback(error);
            return;
        }
        var token = null;
        rows = rows[1]; //First object is information on the update - we only want the rows for the update statement
        if (rows && rows.length > 0){
            token = {};
            token.id = tokenId;
            token.userId = userId;
            token.value = rows[0].Token;
        }
        callback(null,token);
    });
}