Added opt-in option for promotional emails

server/accounts/index.js

@@ -2,10 +2,16 @@ const express = require('express');
 const router = express.Router();
 
 //basic account management
+router.get('/', require('./query'));
+router.patch('/', require('./update'));
+
+//signup -> login -> logout
 router.post('/signup', require('./signup'));
 router.get('/validation', require('./validation'));
 router.post('/login', require('./login'));
 router.post('/logout', require('./logout'));
-router.post('/deletion', require('./deletion'));
+
+//account deletion
+router.delete('/deletion', require('./deletion'));
 
 module.exports = router;

server/accounts/login.js

@@ -37,7 +37,7 @@ const route = async (req, res) => {
 	}
 
 	//save the session and cookie data
-	req.session.account = account;
+	req.session.account = JSON.parse(JSON.stringify(account.dataValues));
 	res.cookie('loggedin', process.env.WEB_ADDRESS);
 
 	if (account.privilege == 'administrator') {

server/accounts/query.js

@@ -0,0 +1,21 @@
+const { accounts } = require('../database/models');
+
+const route = async (req, res) => {
+	if (!req.session.account || !req.session.account.id) {
+		res.status(401).send('Unknown account');
+	}
+
+	//update the reference
+	req.session.account = (await accounts.findOne({
+		where: {
+			id: req.session.account.id
+		}
+	})).dataValues;
+
+	//respond with the private-facing data
+	res.status(200).json({
+		contact: req.session.account.contact
+	});
+};
+
+module.exports = route;

server/accounts/signup.js

@@ -101,6 +101,7 @@ const registerPendingSignup = async (fields, hash, token) => {
 		email: fields.email,
 		username: fields.username,
 		hash: hash,
+		contact: fields.contact,
 		token: token
 	});
 
@@ -109,7 +110,12 @@ const registerPendingSignup = async (fields, hash, token) => {
 
 const sendValidationEmail = async (email, username, token) => {
 	const addr = `${process.env.WEB_PROTOCOL}://${process.env.WEB_ADDRESS}/api/accounts/validation?username=${username}&token=${token}`;
-	const msg = `Hello! Please visit the following address to validate your account: ${addr}`;
+	const msg = `Hello ${username}!
+
+Please visit the following link to validate your account: ${addr}
+
+You can contact us directly at our physical mailing address here: ${process.env.MAIL_PHYSICAL}
+`;
 
 	let transporter, info;
 
@@ -143,7 +149,7 @@ const sendValidationEmail = async (email, username, token) => {
 	}
 
 	if (info.accepted[0] != email) {
-		return 'validation email failed';
+		return 'validation email failed to send';
 	}
 
 	return null;

server/accounts/update.js

@@ -0,0 +1,28 @@
+const { accounts } = require('../database/models');
+
+const route = async (req, res) => {
+	if (!req.session.account.id) {
+		return res.status(500).send('missing account data');
+	}
+
+	//update the account
+	await accounts.update({
+		contact: req.fields.contact
+	}, {
+		where: {
+			id: req.session.account.id
+		}
+	});
+
+	//update the reference
+	req.session.account = (await accounts.findOne({
+		where: {
+			id: req.session.account.id
+		}
+	})).dataValues;
+
+	//respond with an OK
+	res.status(200).send('Information updated');
+};
+
+module.exports = route;

server/accounts/validation.js

@@ -29,7 +29,8 @@ const route = async (req, res) => {
 	accounts.create({
 		email: info.email,
 		username: info.username,
-		hash: info.hash
+		hash: info.hash,
+		contact: info.contact
 	});
 
 	//finally