server/models/user.js

  1. const _ = require('lodash');
  2. const bcrypt = require('bcryptjs');
  4. const Abstract = require('./abstract');
  5. const config = require('../../config');
  6. const db = require('../db');
  7. const jwt = require('../utils/jwt');
  9. const proto = Abstract.prototype;
  11. /**
  12.  * A user of the BioPocket platform.
  13.  *
  14.  * ## Database columns
  15.  *
  16.  * * **id** (`bigint`) - Internal ID (used for joins).
  17.  * * **api_id** (`uuid`) - External ID (used in the API).
  18.  * * **email** (`string`) - E-mail address.
  19.  * * **password_hash** (`string`) - Bcrypt hash of the user's password.
  20.  * * **active** (`boolean`) - Indicates whether the user can use the platform or has been deactivated by an administrator.
  21.  * * **roles** (`string[]`) - Roles of the user (used for authorization).
  22.  * * **created_at** (`datetime`) - Time at which the user was created.
  23.  * * **updated_at** (`datetime`) - Time at which the user was last modified (equal to the creation date if never modified).
  24.  *
  25.  * ## Virtual properties
  26.  *
  27.  * * **password** (`string`) - Setting this property generates a new bcrypt hash and updates the `password_hash` column.
  28.  *
  29.  * @class
  30.  * @extends Abstract
  31.  * @see http://bookshelfjs.org
  32.  */
  33. const User = Abstract.extend({
  34.   tableName: 'users',
  36.   timestamps: true,
  38.   virtuals: _.merge({
  39.     password: {
  40.       get: function() {
  41.         return this._password;
  42.       },
  44.       set: function(password) {
  45.         this._password = password;
  47.         if (_.isString(password) && password.length) {
  48.           const salt = bcrypt.genSaltSync(config.bcryptCost);
  49.           this.set('password_hash', bcrypt.hashSync(password, salt));
  50.         } else {
  51.           this.unset('password_hash');
  52.         }
  53.       }
  54.     }
  55.   }, proto.virtuals),
  57.   /**
  58.    * Returns a JWT that can be used to authenticate as this user.
  59.    *
  60.    * @instance
  61.    * @memberof User
  62.    * @param {object} properties - JWT properties, passed to `generateToken` in the `utils/jwt` module.
  63.    * @returns {string} A JWT.
  64.    */
  65.   generateJwt: function(properties) {
  66.     return jwt.generateToken(_.extend({
  67.       sub: this.get('api_id')
  68.     }, properties));
  69.   },
  71.   /**
  72.    * Indicates whether this user has the specified password or not.
  73.    *
  74.    * **WARNING:** this method is slow and blocking, as it computes a bcrypt
  75.    * hash synchronously.  Do not overuse it.
  76.    *
  77.    * @instance
  78.    * @memberof User
  79.    * @param {string} password - The password to check.
  80.    * @returns {boolean} True if the user's password is the same as the specified one.
  81.    */
  82.   hasPassword: function(password) {
  83.     return !!password && bcrypt.compareSync(password, this.get('password_hash'));
  84.   },
  86.   /**
  87.    * Indicates whether this user has the specified role.
  88.    *
  89.    * **WARNING:** this methods always returns true if the user has the role,
  90.    * even if the user is inactive. It is not sufficient to determine whether
  91.    * the user is currently authorized to perform the role.
  92.    *
  93.    * @instance
  94.    * @memberof User
  95.    * @param {string} role - The role to check.
  96.    * @returns {boolean} True if the specified role is among the user's assigned roles.
  97.    */
  98.   hasRole: function(role) {
  99.     return _.includes(this.get('roles'), role);
  100.   },
  102.   /**
  103.    * Indicates whether this user is active. Users may be deactivated by administrators.
  104.    *
  105.    * @instance
  106.    * @memberof User
  107.    * @returns {boolean} True if this user is active.
  108.    */
  109.   isActive: function() {
  110.     return !!this.get('active');
  111.   }
  112. });
  114. module.exports = db.bookshelf.model('User', User);