[github/Chocobozzz/PeerTube.git] / server / controllers / api / users.ts

import * as express from 'express'
import 'multer'
import * as RateLimit from 'express-rate-limit'
import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
import { logger } from '../../helpers/logger'
import { getFormattedObjects } from '../../helpers/utils'
import { CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
import { sendUpdateActor } from '../../lib/activitypub/send'
import { Emailer } from '../../lib/emailer'
import { Redis } from '../../lib/redis'
import { createUserAccountAndChannel } from '../../lib/user'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  ensureUserRegistrationAllowed,
  ensureUserRegistrationAllowedForIP,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  token,
  usersAddValidator,
  usersGetValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersSortValidator,
  usersUpdateMeValidator,
  usersUpdateValidator,
  usersVideoRatingValidator
} from '../../middlewares'
import { usersAskResetPasswordValidator, usersResetPasswordValidator, videosSortValidator } from '../../middlewares/validators'
import { AccountVideoRateModel } from '../../models/account/account-video-rate'
import { UserModel } from '../../models/account/user'
import { OAuthTokenModel } from '../../models/oauth/oauth-token'
import { VideoModel } from '../../models/video/video'
import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
import { createReqFiles } from '../../helpers/express-utils'
import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
import { updateAvatarValidator } from '../../middlewares/validators/avatar'
import { updateActorAvatarFile } from '../../lib/avatar'
import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'

const auditLogger = auditLoggerFactory('users')

const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
const loginRateLimiter = new RateLimit({
  windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
  max: RATES_LIMIT.LOGIN.MAX,
  delayMs: 0
})

const usersRouter = express.Router()

usersRouter.get('/me',
  authenticate,
  asyncMiddleware(getUserInformation)
)

usersRouter.get('/me/video-quota-used',
  authenticate,
  asyncMiddleware(getUserVideoQuotaUsed)
)

usersRouter.get('/me/videos',
  authenticate,
  paginationValidator,
  videosSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(getUserVideos)
)

usersRouter.get('/me/videos/:videoId/rating',
  authenticate,
  asyncMiddleware(usersVideoRatingValidator),
  asyncMiddleware(getUserVideoRating)
)

usersRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  paginationValidator,
  usersSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listUsers)
)

usersRouter.get('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersGetValidator),
  getUser
)

usersRouter.post('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersAddValidator),
  asyncRetryTransactionMiddleware(createUser)
)

usersRouter.post('/register',
  asyncMiddleware(ensureUserRegistrationAllowed),
  ensureUserRegistrationAllowedForIP,
  asyncMiddleware(usersRegisterValidator),
  asyncRetryTransactionMiddleware(registerUser)
)

usersRouter.put('/me',
  authenticate,
  usersUpdateMeValidator,
  asyncMiddleware(updateMe)
)

usersRouter.post('/me/avatar/pick',
  authenticate,
  reqAvatarFile,
  updateAvatarValidator,
  asyncMiddleware(updateMyAvatar)
)

usersRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersUpdateValidator),
  asyncMiddleware(updateUser)
)

usersRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersRemoveValidator),
  asyncMiddleware(removeUser)
)

usersRouter.post('/ask-reset-password',
  asyncMiddleware(usersAskResetPasswordValidator),
  asyncMiddleware(askResetUserPassword)
)

usersRouter.post('/:id/reset-password',
  asyncMiddleware(usersResetPasswordValidator),
  asyncMiddleware(resetUserPassword)
)

usersRouter.post('/token',
  loginRateLimiter,
  token,
  success
)
// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route

// ---------------------------------------------------------------------------

export {
  usersRouter
}

// ---------------------------------------------------------------------------

async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.oauth.token.User as UserModel
  const resultList = await VideoModel.listUserVideosForApi(
    user.Account.id,
    req.query.start as number,
    req.query.count as number,
    req.query.sort as VideoSortField,
    false // Display my NSFW videos
  )

  const additionalAttributes = {
    waitTranscoding: true,
    state: true,
    scheduledUpdate: true
  }
  return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes }))
}

async function createUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body
  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: body.role,
    videoQuota: body.videoQuota
  })

  const { user, account } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account created.', body.username)

  return res.json({
    user: {
      id: user.id,
      account: {
        id: account.id,
        uuid: account.Actor.uuid
      }
    }
  }).end()
}

async function registerUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body

  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: UserRole.USER,
    videoQuota: CONFIG.USER.VIDEO_QUOTA
  })

  const { user } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account registered.', body.username)

  return res.type('json').status(204).end()
}

async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)

  return res.json(user.toFormattedJSON())
}

async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
  const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)

  const data: UserVideoQuota = {
    videoQuotaUsed
  }
  return res.json(data)
}

function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  return res.json((res.locals.user as UserModel).toFormattedJSON())
}

async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
  const videoId = +req.params.videoId
  const accountId = +res.locals.oauth.token.User.Account.id

  const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
  const rating = ratingObj ? ratingObj.type : 'none'

  const json: FormattedUserVideoRate = {
    videoId,
    rating
  }
  res.json(json)
}

async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = await UserModel.loadById(req.params.id)

  await user.destroy()

  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))

  return res.sendStatus(204)
}

async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdateMe = req.body

  const user: UserModel = res.locals.oauth.token.user
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())

  if (body.password !== undefined) user.password = body.password
  if (body.email !== undefined) user.email = body.email
  if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
  if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo

  await sequelizeTypescript.transaction(async t => {
    await user.save({ transaction: t })

    if (body.displayName !== undefined) user.Account.name = body.displayName
    if (body.description !== undefined) user.Account.description = body.description
    await user.Account.save({ transaction: t })

    await sendUpdateActor(user.Account, t)

    auditLogger.update(
      res.locals.oauth.token.User.Account.Actor.getIdentifier(),
      new UserAuditView(user.toFormattedJSON()),
      oldUserAuditView
    )
  })

  return res.sendStatus(204)
}

async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
  const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
  const user: UserModel = res.locals.oauth.token.user
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
  const account = user.Account

  const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )

  return res
    .json({
      avatar: avatar.toFormattedJSON()
    })
    .end()
}

async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdate = req.body
  const userToUpdate = res.locals.user as UserModel
  const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
  const roleChanged = body.role !== undefined && body.role !== userToUpdate.role

  if (body.email !== undefined) userToUpdate.email = body.email
  if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
  if (body.role !== undefined) userToUpdate.role = body.role

  const user = await userToUpdate.save()

  // Destroy user token to refresh rights
  if (roleChanged) {
    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
  }

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )

  // Don't need to send this update to followers, these attributes are not propagated

  return res.sendStatus(204)
}

async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel

  const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
  const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
  await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)

  return res.status(204).end()
}

async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel
  user.password = req.body.password

  await user.save()

  return res.status(204).end()
}

function success (req: express.Request, res: express.Response, next: express.NextFunction) {
  res.end()
}
Commit	Line	Data
4d4e5cd4	1	import * as express from 'express'
ac81d1a0	2	import 'multer'
490b595a	3	import * as RateLimit from 'express-rate-limit'
571389d4	4	import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
da854ddd	5	import { logger } from '../../helpers/logger'
0626e7af	6	import { getFormattedObjects } from '../../helpers/utils'
4bbfc6c6	7	import { CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
2422c46b	8	import { sendUpdateActor } from '../../lib/activitypub/send'
ecb4e35f	9	import { Emailer } from '../../lib/emailer'
ecb4e35f	10	import { Redis } from '../../lib/redis'
50d6de9c	11	import { createUserAccountAndChannel } from '../../lib/user'
65fcc311	12	import {
f076daa7	13	asyncMiddleware,
90d4bb81	14	asyncRetryTransactionMiddleware,
f076daa7 C	15	authenticate,
	16	ensureUserHasRight,
	17	ensureUserRegistrationAllowed,
ff2c1fe8	18	ensureUserRegistrationAllowedForIP,
f076daa7 C	19	paginationValidator,
	20	setDefaultPagination,
	21	setDefaultSort,
	22	token,
	23	usersAddValidator,
	24	usersGetValidator,
	25	usersRegisterValidator,
	26	usersRemoveValidator,
	27	usersSortValidator,
	28	usersUpdateMeValidator,
	29	usersUpdateValidator,
	30	usersVideoRatingValidator
65fcc311	31	} from '../../middlewares'
4bbfc6c6	32	import { usersAskResetPasswordValidator, usersResetPasswordValidator, videosSortValidator } from '../../middlewares/validators'
3fd3ab2d C	33	import { AccountVideoRateModel } from '../../models/account/account-video-rate'
3fd3ab2d C	34	import { UserModel } from '../../models/account/user'
f8b8c36b	35	import { OAuthTokenModel } from '../../models/oauth/oauth-token'
3fd3ab2d	36	import { VideoModel } from '../../models/video/video'
0883b324	37	import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
0626e7af	38	import { createReqFiles } from '../../helpers/express-utils'
5fcbd898	39	import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
4bbfc6c6 C	40	import { updateAvatarValidator } from '../../middlewares/validators/avatar'
4bbfc6c6 C	41	import { updateActorAvatarFile } from '../../lib/avatar'
80e36cd9 AB	42	import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
	43
	44	const auditLogger = auditLoggerFactory('users')
65fcc311	45
ac81d1a0	46	const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
490b595a C	47	const loginRateLimiter = new RateLimit({
	48	windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
	49	max: RATES_LIMIT.LOGIN.MAX,
	50	delayMs: 0
	51	})
c5911fd3	52
65fcc311 C	53	const usersRouter = express.Router()
	54
	55	usersRouter.get('/me',
	56	authenticate,
eb080476	57	asyncMiddleware(getUserInformation)
d38b8281 C	58	)
d38b8281 C	59
ce5496d6 C	60	usersRouter.get('/me/video-quota-used',
	61	authenticate,
	62	asyncMiddleware(getUserVideoQuotaUsed)
	63	)
	64
fd45e8f4 C	65	usersRouter.get('/me/videos',
	66	authenticate,
	67	paginationValidator,
	68	videosSortValidator,
1174a847	69	setDefaultSort,
f05a1c30	70	setDefaultPagination,
fd45e8f4 C	71	asyncMiddleware(getUserVideos)
	72	)
	73
65fcc311 C	74	usersRouter.get('/me/videos/:videoId/rating',
65fcc311 C	75	authenticate,
a2431b7d	76	asyncMiddleware(usersVideoRatingValidator),
eb080476	77	asyncMiddleware(getUserVideoRating)
d38b8281	78	)
9bd26629	79
65fcc311	80	usersRouter.get('/',
86d13ec2 C	81	authenticate,
86d13ec2 C	82	ensureUserHasRight(UserRight.MANAGE_USERS),
65fcc311 C	83	paginationValidator,
65fcc311 C	84	usersSortValidator,
1174a847	85	setDefaultSort,
f05a1c30	86	setDefaultPagination,
eb080476	87	asyncMiddleware(listUsers)
5c39adb7 C	88	)
5c39adb7 C	89
8094a898	90	usersRouter.get('/:id',
94ff4c23 C	91	authenticate,
94ff4c23 C	92	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	93	asyncMiddleware(usersGetValidator),
8094a898 C	94	getUser
	95	)
	96
65fcc311 C	97	usersRouter.post('/',
65fcc311 C	98	authenticate,
954605a8	99	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	100	asyncMiddleware(usersAddValidator),
90d4bb81	101	asyncRetryTransactionMiddleware(createUser)
9bd26629 C	102	)
9bd26629 C	103
65fcc311	104	usersRouter.post('/register',
a2431b7d	105	asyncMiddleware(ensureUserRegistrationAllowed),
ff2c1fe8	106	ensureUserRegistrationAllowedForIP,
a2431b7d	107	asyncMiddleware(usersRegisterValidator),
90d4bb81	108	asyncRetryTransactionMiddleware(registerUser)
2c2e9092 C	109	)
2c2e9092 C	110
8094a898 C	111	usersRouter.put('/me',
	112	authenticate,
	113	usersUpdateMeValidator,
eb080476	114	asyncMiddleware(updateMe)
8094a898 C	115	)
8094a898 C	116
c5911fd3 C	117	usersRouter.post('/me/avatar/pick',
	118	authenticate,
	119	reqAvatarFile,
4bbfc6c6	120	updateAvatarValidator,
c5911fd3 C	121	asyncMiddleware(updateMyAvatar)
	122	)
	123
65fcc311 C	124	usersRouter.put('/:id',
65fcc311 C	125	authenticate,
954605a8	126	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	127	asyncMiddleware(usersUpdateValidator),
eb080476	128	asyncMiddleware(updateUser)
9bd26629 C	129	)
9bd26629 C	130
65fcc311 C	131	usersRouter.delete('/:id',
65fcc311 C	132	authenticate,
954605a8	133	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	134	asyncMiddleware(usersRemoveValidator),
eb080476	135	asyncMiddleware(removeUser)
9bd26629	136	)
6606150c	137
ecb4e35f C	138	usersRouter.post('/ask-reset-password',
	139	asyncMiddleware(usersAskResetPasswordValidator),
	140	asyncMiddleware(askResetUserPassword)
	141	)
	142
	143	usersRouter.post('/:id/reset-password',
	144	asyncMiddleware(usersResetPasswordValidator),
	145	asyncMiddleware(resetUserPassword)
	146	)
	147
490b595a C	148	usersRouter.post('/token',
	149	loginRateLimiter,
	150	token,
	151	success
	152	)
9bd26629	153	// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
9457bf88 C	154
	155	// ---------------------------------------------------------------------------
	156
65fcc311 C	157	export {
	158	usersRouter
	159	}
9457bf88 C	160
	161	// ---------------------------------------------------------------------------
	162
fd45e8f4	163	async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	164	const user = res.locals.oauth.token.User as UserModel
2186386c	165	const resultList = await VideoModel.listUserVideosForApi(
0883b324 C	166	user.Account.id,
	167	req.query.start as number,
	168	req.query.count as number,
	169	req.query.sort as VideoSortField,
	170	false // Display my NSFW videos
	171	)
fd45e8f4	172
2baea0c7 C	173	const additionalAttributes = {
	174	waitTranscoding: true,
	175	state: true,
	176	scheduledUpdate: true
	177	}
2186386c	178	return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes }))
fd45e8f4 C	179	}
fd45e8f4 C	180
90d4bb81	181	async function createUser (req: express.Request, res: express.Response) {
4771e000	182	const body: UserCreate = req.body
f05a1c30	183	const userToCreate = new UserModel({
4771e000 C	184	username: body.username,
	185	password: body.password,
	186	email: body.email,
0883b324	187	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
7efe153b	188	autoPlayVideo: true,
954605a8	189	role: body.role,
b0f9f39e	190	videoQuota: body.videoQuota
9bd26629 C	191	})
9bd26629 C	192
f05a1c30	193	const { user, account } = await createUserAccountAndChannel(userToCreate)
eb080476	194
80e36cd9	195	auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
38fa2065	196	logger.info('User %s with its channel and account created.', body.username)
f05a1c30	197
90d4bb81 C	198	return res.json({
	199	user: {
	200	id: user.id,
	201	account: {
	202	id: account.id,
	203	uuid: account.Actor.uuid
	204	}
	205	}
	206	}).end()
47e0652b C	207	}
47e0652b C	208
90d4bb81	209	async function registerUser (req: express.Request, res: express.Response) {
77a5501f C	210	const body: UserCreate = req.body
77a5501f C	211
80e36cd9	212	const userToCreate = new UserModel({
77a5501f C	213	username: body.username,
	214	password: body.password,
	215	email: body.email,
0883b324	216	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
7efe153b	217	autoPlayVideo: true,
954605a8	218	role: UserRole.USER,
77a5501f C	219	videoQuota: CONFIG.USER.VIDEO_QUOTA
	220	})
	221
80e36cd9	222	const { user } = await createUserAccountAndChannel(userToCreate)
47e0652b	223
80e36cd9	224	auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
47e0652b	225	logger.info('User %s with its channel and account registered.', body.username)
90d4bb81 C	226
90d4bb81 C	227	return res.type('json').status(204).end()
77a5501f C	228	}
77a5501f C	229
eb080476	230	async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
fd45e8f4	231	// We did not load channels in res.locals.user
3fd3ab2d	232	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
eb080476 C	233
eb080476 C	234	return res.json(user.toFormattedJSON())
99a64bfe C	235	}
99a64bfe C	236
ce5496d6 C	237	async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
	238	// We did not load channels in res.locals.user
	239	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
	240	const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)
	241
5fcbd898	242	const data: UserVideoQuota = {
ce5496d6	243	videoQuotaUsed
5fcbd898 C	244	}
5fcbd898 C	245	return res.json(data)
ce5496d6 C	246	}
ce5496d6 C	247
8094a898	248	function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
ce5496d6	249	return res.json((res.locals.user as UserModel).toFormattedJSON())
8094a898 C	250	}
8094a898 C	251
eb080476	252	async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
0a6658fd	253	const videoId = +req.params.videoId
571389d4	254	const accountId = +res.locals.oauth.token.User.Account.id
d38b8281	255
3fd3ab2d	256	const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
faab3a84 C	257	const rating = ratingObj ? ratingObj.type : 'none'
	258
	259	const json: FormattedUserVideoRate = {
	260	videoId,
	261	rating
	262	}
	263	res.json(json)
d38b8281 C	264	}
d38b8281 C	265
eb080476	266	async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	267	const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
eb080476 C	268
eb080476 C	269	return res.json(getFormattedObjects(resultList.data, resultList.total))
9bd26629 C	270	}
9bd26629 C	271
eb080476	272	async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	273	const user = await UserModel.loadById(req.params.id)
eb080476 C	274
	275	await user.destroy()
	276
80e36cd9 AB	277	auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
80e36cd9 AB	278
eb080476	279	return res.sendStatus(204)
9bd26629 C	280	}
9bd26629 C	281
eb080476	282	async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
8094a898	283	const body: UserUpdateMe = req.body
4771e000	284
2422c46b	285	const user: UserModel = res.locals.oauth.token.user
80e36cd9	286	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
1d49e1e2	287
eb080476 C	288	if (body.password !== undefined) user.password = body.password
eb080476 C	289	if (body.email !== undefined) user.email = body.email
0883b324	290	if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
7efe153b	291	if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
eb080476	292
2422c46b C	293	await sequelizeTypescript.transaction(async t => {
	294	await user.save({ transaction: t })
	295
ed56ad11	296	if (body.displayName !== undefined) user.Account.name = body.displayName
2422c46b C	297	if (body.description !== undefined) user.Account.description = body.description
	298	await user.Account.save({ transaction: t })
	299
	300	await sendUpdateActor(user.Account, t)
80e36cd9 AB	301
	302	auditLogger.update(
	303	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	304	new UserAuditView(user.toFormattedJSON()),
	305	oldUserAuditView
	306	)
2422c46b	307	})
eb080476	308
d412e80e	309	return res.sendStatus(204)
9bd26629 C	310	}
9bd26629 C	311
c5911fd3	312	async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
2186386c	313	const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
80e36cd9 AB	314	const user: UserModel = res.locals.oauth.token.user
	315	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
	316	const account = user.Account
c5911fd3	317
4bbfc6c6	318	const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
c5911fd3	319
80e36cd9 AB	320	auditLogger.update(
	321	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	322	new UserAuditView(user.toFormattedJSON()),
	323	oldUserAuditView
	324	)
	325
c5911fd3 C	326	return res
	327	.json({
	328	avatar: avatar.toFormattedJSON()
	329	})
	330	.end()
	331	}
	332
eb080476	333	async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
8094a898	334	const body: UserUpdate = req.body
80e36cd9 AB	335	const userToUpdate = res.locals.user as UserModel
	336	const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
	337	const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
8094a898	338
80e36cd9 AB	339	if (body.email !== undefined) userToUpdate.email = body.email
	340	if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
	341	if (body.role !== undefined) userToUpdate.role = body.role
8094a898	342
80e36cd9	343	const user = await userToUpdate.save()
eb080476	344
f8b8c36b C	345	// Destroy user token to refresh rights
f8b8c36b C	346	if (roleChanged) {
80e36cd9	347	await OAuthTokenModel.deleteUserToken(userToUpdate.id)
f8b8c36b C	348	}
f8b8c36b C	349
80e36cd9 AB	350	auditLogger.update(
	351	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	352	new UserAuditView(user.toFormattedJSON()),
	353	oldUserAuditView
	354	)
	355
265ba139 C	356	// Don't need to send this update to followers, these attributes are not propagated
265ba139 C	357
eb080476	358	return res.sendStatus(204)
8094a898 C	359	}
8094a898 C	360
ecb4e35f C	361	async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	362	const user = res.locals.user as UserModel
	363
	364	const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
	365	const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
	366	await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)
	367
	368	return res.status(204).end()
	369	}
	370
	371	async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	372	const user = res.locals.user as UserModel
	373	user.password = req.body.password
	374
	375	await user.save()
	376
	377	return res.status(204).end()
	378	}
	379
69818c93	380	function success (req: express.Request, res: express.Response, next: express.NextFunction) {
9457bf88 C	381	res.end()
9457bf88 C	382	}