diff --git a/server.js b/server.js index 9de12a9..0336b1e 100644 --- a/server.js +++ b/server.js @@ -6,6 +6,7 @@ var nodemailer = require('nodemailer') , fs = require('fs') , re = new RegExp('\.js$', 'i') , port = process.env.PORT || /*80*/ 8000 + , rn = require('./src/rng') function handler(req, res) { @@ -14,17 +15,31 @@ function handler(req, res) { else if (re.test(req.url)) res.setHeader('Content-Type', 'application/javascript') + if (/^\/confirm\?/.test(req.url)) { + + // @TODO + // compare submitted token with the token stored in our database. + + res.statusCode = 302 + res.setHeader('Location', '/') + return res.end() + } + if (/^\/email\?/.test(req.url)) { var params = require('url').parse(req.url, true) if (params && params.query.email) { /* + var to_addr = params.query.email // @NOTE: + // Q: do we trust the user input ? + // A: FUCK NO !! + var opts = { from: 'news-mailer@squatconf.eu', - to: params.query.email, + to: to_addr, subject: "Hello, everyone is welcome at SquatConf..", text: 'Please verify that you wish to signup by following this link\n' - + '[##> link here <##]\n\n' + + 'http://squatconf.eu/confirm?email='+ to_addr +'&token='+ rn() '\n\n' + 'You can ignore this message if you DID NOT request to signup at our website\n' + 'http://squatconf.eu\n\n' + 'next event is in Paris, we hope to see you there !!\n' @@ -36,7 +51,7 @@ function handler(req, res) { }) */ - console.log('got email:', params.query) + console.log(' got email:', params.query) } res.statusCode = 302 res.setHeader('Location', '/') diff --git a/src/rng.js b/src/rng.js new file mode 100644 index 0000000..d3e8684 --- /dev/null +++ b/src/rng.js @@ -0,0 +1,20 @@ +module.exports = function() { + var crypto = require('crypto') + + function rng_Base64(len) { + return crypto.randomBytes(Math.ceil(len * 3 / 4)) + .toString('base64') + .slice(0, len) + .replace(/\+/g, '0') + .replace(/\//g, '0') + } + + return [ rng_Base64(8) + , rng_Base64(4) + , rng_Base64(4) + , rng_Base64(4) + , rng_Base64(12) + ] + .join('-') +} +