@itrocks/forgot-password/cjs/forgot.js

Forgot password management for @itrocks/user, including form, token generation, email sending, and secure reset

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Forgot = void 0;
const action_1 = require("@itrocks/action");
const config_1 = require("@itrocks/config");
const data_to_object_1 = require("@itrocks/data-to-object");
const sql_functions_1 = require("@itrocks/sql-functions");
const storage_1 = require("@itrocks/storage");
const translate_1 = require("@itrocks/translate");
const html_to_text_1 = require("html-to-text");
const promises_1 = require("node:fs/promises");
const nodemailer_1 = require("nodemailer");
const token_1 = require("./token");
class Forgot extends action_1.Action {
    async html(request) {
        const userType = request.type;
        const dao = (0, storage_1.dataSource)();
        let templateName = 'forgot';
        if (request.request.data.token) {
            const momentAgo = new Date();
            momentAgo.setHours(momentAgo.getHours() - 1);
            for (const oldToken of await dao.search(token_1.Token, { date: (0, sql_functions_1.lessOrEqual)(momentAgo) })) {
                await dao.delete(oldToken, 'token');
            }
            const token = await dao.searchOne(token_1.Token, { token: request.request.data.token });
            if (token) {
                const tokenUser = await token.user;
                if (tokenUser) {
                    if (request.request.data.password) {
                        await (0, data_to_object_1.dataToObject)(tokenUser, { password: request.request.data.password });
                        await dao.save(tokenUser);
                        await dao.delete(token, 'token');
                        return this.htmlTemplateResponse(tokenUser, request, __dirname + '/forgot-done.html');
                    }
                    tokenUser.password = '';
                    return this.htmlTemplateResponse(token, request, __dirname + '/forgot-reset.html');
                }
            }
        }
        const email = request.request.data.email;
        let user;
        if (email && (typeof email === 'string')) {
            user = await dao.searchOne(userType, { email });
            if (user) {
                const smtp = config_1.config.smtp;
                const token = await dao.save(new token_1.Token(user));
                const transporter = (0, nodemailer_1.createTransport)({
                    auth: { pass: smtp.pass, user: smtp.user },
                    host: smtp.host,
                    port: smtp.port,
                    secure: smtp.secure,
                });
                const content = (await (0, promises_1.readFile)(__dirname + '/forgot-email-' + (0, translate_1.lang)() + '.html')) + '';
                const link = request.request.url + '?token=' + token.token;
                const from = (smtp.from.name ? ('"' + smtp.from.name + '" ') : '') + '<' + smtp.from.email + '>';
                const html = content.replaceAll('app://(resetLink)', link);
                try {
                    await transporter.sendMail({
                        from,
                        html,
                        subject: (0, translate_1.tr)('Password reset request'),
                        text: (0, html_to_text_1.htmlToText)(html, { wordwrap: 130 }),
                        to: '"' + user.login + '" <' + user.email + '>'
                    });
                    templateName = 'forgot-sent';
                }
                catch (exception) {
                    templateName = 'forgot-error';
                }
            }
            else {
                user = Object.assign(new userType, { email });
                templateName = 'forgot-error';
            }
        }
        else {
            user = new userType;
        }
        return this.htmlTemplateResponse(user, request, __dirname + '/' + templateName + '.html');
    }
}
exports.Forgot = Forgot;
//# sourceMappingURL=forgot.js.map