[github/Chocobozzz/PeerTube.git] / server / controllers / api / users.ts

import * as express from 'express'
import 'multer'
import * as RateLimit from 'express-rate-limit'
import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
import { logger } from '../../helpers/logger'
import { getFormattedObjects } from '../../helpers/utils'
import { CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
import { sendUpdateActor } from '../../lib/activitypub/send'
import { Emailer } from '../../lib/emailer'
import { Redis } from '../../lib/redis'
import { createUserAccountAndChannel } from '../../lib/user'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  ensureUserRegistrationAllowed,
  ensureUserRegistrationAllowedForIP,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  token,
  usersAddValidator,
  usersGetValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersSortValidator,
  usersUpdateMeValidator,
  usersUpdateValidator,
  usersVideoRatingValidator
} from '../../middlewares'
import {
  usersAskResetPasswordValidator,
  usersResetPasswordValidator,
  videoImportsSortValidator,
  videosSortValidator
} from '../../middlewares/validators'
import { AccountVideoRateModel } from '../../models/account/account-video-rate'
import { UserModel } from '../../models/account/user'
import { OAuthTokenModel } from '../../models/oauth/oauth-token'
import { VideoModel } from '../../models/video/video'
import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
import { createReqFiles } from '../../helpers/express-utils'
import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
import { updateAvatarValidator } from '../../middlewares/validators/avatar'
import { updateActorAvatarFile } from '../../lib/avatar'
import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
import { VideoImportModel } from '../../models/video/video-import'

const auditLogger = auditLoggerFactory('users')

const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
const loginRateLimiter = new RateLimit({
  windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
  max: RATES_LIMIT.LOGIN.MAX,
  delayMs: 0
})

const usersRouter = express.Router()

usersRouter.get('/me',
  authenticate,
  asyncMiddleware(getUserInformation)
)

usersRouter.get('/me/video-quota-used',
  authenticate,
  asyncMiddleware(getUserVideoQuotaUsed)
)

usersRouter.get('/me/videos/imports',
  authenticate,
  paginationValidator,
  videoImportsSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(getUserVideoImports)
)

usersRouter.get('/me/videos',
  authenticate,
  paginationValidator,
  videosSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(getUserVideos)
)

usersRouter.get('/me/videos/:videoId/rating',
  authenticate,
  asyncMiddleware(usersVideoRatingValidator),
  asyncMiddleware(getUserVideoRating)
)

usersRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  paginationValidator,
  usersSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listUsers)
)

usersRouter.get('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersGetValidator),
  getUser
)

usersRouter.post('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersAddValidator),
  asyncRetryTransactionMiddleware(createUser)
)

usersRouter.post('/register',
  asyncMiddleware(ensureUserRegistrationAllowed),
  ensureUserRegistrationAllowedForIP,
  asyncMiddleware(usersRegisterValidator),
  asyncRetryTransactionMiddleware(registerUser)
)

usersRouter.put('/me',
  authenticate,
  usersUpdateMeValidator,
  asyncMiddleware(updateMe)
)

usersRouter.post('/me/avatar/pick',
  authenticate,
  reqAvatarFile,
  updateAvatarValidator,
  asyncMiddleware(updateMyAvatar)
)

usersRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersUpdateValidator),
  asyncMiddleware(updateUser)
)

usersRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersRemoveValidator),
  asyncMiddleware(removeUser)
)

usersRouter.post('/ask-reset-password',
  asyncMiddleware(usersAskResetPasswordValidator),
  asyncMiddleware(askResetUserPassword)
)

usersRouter.post('/:id/reset-password',
  asyncMiddleware(usersResetPasswordValidator),
  asyncMiddleware(resetUserPassword)
)

usersRouter.post('/token',
  loginRateLimiter,
  token,
  success
)
// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route

// ---------------------------------------------------------------------------

export {
  usersRouter
}

// ---------------------------------------------------------------------------

async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.oauth.token.User as UserModel
  const resultList = await VideoModel.listUserVideosForApi(
    user.Account.id,
    req.query.start as number,
    req.query.count as number,
    req.query.sort as VideoSortField,
    false // Display my NSFW videos
  )

  const additionalAttributes = {
    waitTranscoding: true,
    state: true,
    scheduledUpdate: true
  }
  return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes }))
}

async function getUserVideoImports (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.oauth.token.User as UserModel
  const resultList = await VideoImportModel.listUserVideoImportsForApi(
    user.Account.id,
    req.query.start as number,
    req.query.count as number,
    req.query.sort
  )

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function createUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body
  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: body.role,
    videoQuota: body.videoQuota
  })

  const { user, account } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account created.', body.username)

  return res.json({
    user: {
      id: user.id,
      account: {
        id: account.id,
        uuid: account.Actor.uuid
      }
    }
  }).end()
}

async function registerUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body

  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: UserRole.USER,
    videoQuota: CONFIG.USER.VIDEO_QUOTA
  })

  const { user } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account registered.', body.username)

  return res.type('json').status(204).end()
}

async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)

  return res.json(user.toFormattedJSON())
}

async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
  const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)

  const data: UserVideoQuota = {
    videoQuotaUsed
  }
  return res.json(data)
}

function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  return res.json((res.locals.user as UserModel).toFormattedJSON())
}

async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
  const videoId = +req.params.videoId
  const accountId = +res.locals.oauth.token.User.Account.id

  const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
  const rating = ratingObj ? ratingObj.type : 'none'

  const json: FormattedUserVideoRate = {
    videoId,
    rating
  }
  res.json(json)
}

async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = await UserModel.loadById(req.params.id)

  await user.destroy()

  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))

  return res.sendStatus(204)
}

async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdateMe = req.body

  const user: UserModel = res.locals.oauth.token.user
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())

  if (body.password !== undefined) user.password = body.password
  if (body.email !== undefined) user.email = body.email
  if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
  if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo

  await sequelizeTypescript.transaction(async t => {
    await user.save({ transaction: t })

    if (body.displayName !== undefined) user.Account.name = body.displayName
    if (body.description !== undefined) user.Account.description = body.description
    await user.Account.save({ transaction: t })

    await sendUpdateActor(user.Account, t)

    auditLogger.update(
      res.locals.oauth.token.User.Account.Actor.getIdentifier(),
      new UserAuditView(user.toFormattedJSON()),
      oldUserAuditView
    )
  })

  return res.sendStatus(204)
}

async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
  const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
  const user: UserModel = res.locals.oauth.token.user
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
  const account = user.Account

  const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )

  return res
    .json({
      avatar: avatar.toFormattedJSON()
    })
    .end()
}

async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdate = req.body
  const userToUpdate = res.locals.user as UserModel
  const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
  const roleChanged = body.role !== undefined && body.role !== userToUpdate.role

  if (body.email !== undefined) userToUpdate.email = body.email
  if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
  if (body.role !== undefined) userToUpdate.role = body.role

  const user = await userToUpdate.save()

  // Destroy user token to refresh rights
  if (roleChanged) {
    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
  }

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )

  // Don't need to send this update to followers, these attributes are not propagated

  return res.sendStatus(204)
}

async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel

  const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
  const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
  await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)

  return res.status(204).end()
}

async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel
  user.password = req.body.password

  await user.save()

  return res.status(204).end()
}

function success (req: express.Request, res: express.Response, next: express.NextFunction) {
  res.end()
}
Commit	Line	Data
4d4e5cd4	1	import * as express from 'express'
ac81d1a0	2	import 'multer'
490b595a	3	import * as RateLimit from 'express-rate-limit'
571389d4	4	import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
da854ddd	5	import { logger } from '../../helpers/logger'
0626e7af	6	import { getFormattedObjects } from '../../helpers/utils'
4bbfc6c6	7	import { CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
2422c46b	8	import { sendUpdateActor } from '../../lib/activitypub/send'
ecb4e35f	9	import { Emailer } from '../../lib/emailer'
ecb4e35f	10	import { Redis } from '../../lib/redis'
50d6de9c	11	import { createUserAccountAndChannel } from '../../lib/user'
65fcc311	12	import {
f076daa7	13	asyncMiddleware,
90d4bb81	14	asyncRetryTransactionMiddleware,
f076daa7 C	15	authenticate,
	16	ensureUserHasRight,
	17	ensureUserRegistrationAllowed,
ff2c1fe8	18	ensureUserRegistrationAllowedForIP,
f076daa7 C	19	paginationValidator,
	20	setDefaultPagination,
	21	setDefaultSort,
	22	token,
	23	usersAddValidator,
	24	usersGetValidator,
	25	usersRegisterValidator,
	26	usersRemoveValidator,
	27	usersSortValidator,
	28	usersUpdateMeValidator,
	29	usersUpdateValidator,
	30	usersVideoRatingValidator
65fcc311	31	} from '../../middlewares'
ed31c059 C	32	import {
	33	usersAskResetPasswordValidator,
	34	usersResetPasswordValidator,
	35	videoImportsSortValidator,
	36	videosSortValidator
	37	} from '../../middlewares/validators'
3fd3ab2d C	38	import { AccountVideoRateModel } from '../../models/account/account-video-rate'
3fd3ab2d C	39	import { UserModel } from '../../models/account/user'
f8b8c36b	40	import { OAuthTokenModel } from '../../models/oauth/oauth-token'
3fd3ab2d	41	import { VideoModel } from '../../models/video/video'
0883b324	42	import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
0626e7af	43	import { createReqFiles } from '../../helpers/express-utils'
5fcbd898	44	import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
4bbfc6c6 C	45	import { updateAvatarValidator } from '../../middlewares/validators/avatar'
4bbfc6c6 C	46	import { updateActorAvatarFile } from '../../lib/avatar'
80e36cd9	47	import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
ed31c059	48	import { VideoImportModel } from '../../models/video/video-import'
80e36cd9 AB	49
80e36cd9 AB	50	const auditLogger = auditLoggerFactory('users')
65fcc311	51
ac81d1a0	52	const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
490b595a C	53	const loginRateLimiter = new RateLimit({
	54	windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
	55	max: RATES_LIMIT.LOGIN.MAX,
	56	delayMs: 0
	57	})
c5911fd3	58
65fcc311 C	59	const usersRouter = express.Router()
	60
	61	usersRouter.get('/me',
	62	authenticate,
eb080476	63	asyncMiddleware(getUserInformation)
d38b8281 C	64	)
d38b8281 C	65
ce5496d6 C	66	usersRouter.get('/me/video-quota-used',
	67	authenticate,
	68	asyncMiddleware(getUserVideoQuotaUsed)
	69	)
	70
ed31c059 C	71	usersRouter.get('/me/videos/imports',
	72	authenticate,
	73	paginationValidator,
	74	videoImportsSortValidator,
	75	setDefaultSort,
	76	setDefaultPagination,
	77	asyncMiddleware(getUserVideoImports)
	78	)
	79
fd45e8f4 C	80	usersRouter.get('/me/videos',
	81	authenticate,
	82	paginationValidator,
	83	videosSortValidator,
1174a847	84	setDefaultSort,
f05a1c30	85	setDefaultPagination,
fd45e8f4 C	86	asyncMiddleware(getUserVideos)
	87	)
	88
65fcc311 C	89	usersRouter.get('/me/videos/:videoId/rating',
65fcc311 C	90	authenticate,
a2431b7d	91	asyncMiddleware(usersVideoRatingValidator),
eb080476	92	asyncMiddleware(getUserVideoRating)
d38b8281	93	)
9bd26629	94
65fcc311	95	usersRouter.get('/',
86d13ec2 C	96	authenticate,
86d13ec2 C	97	ensureUserHasRight(UserRight.MANAGE_USERS),
65fcc311 C	98	paginationValidator,
65fcc311 C	99	usersSortValidator,
1174a847	100	setDefaultSort,
f05a1c30	101	setDefaultPagination,
eb080476	102	asyncMiddleware(listUsers)
5c39adb7 C	103	)
5c39adb7 C	104
8094a898	105	usersRouter.get('/:id',
94ff4c23 C	106	authenticate,
94ff4c23 C	107	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	108	asyncMiddleware(usersGetValidator),
8094a898 C	109	getUser
	110	)
	111
65fcc311 C	112	usersRouter.post('/',
65fcc311 C	113	authenticate,
954605a8	114	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	115	asyncMiddleware(usersAddValidator),
90d4bb81	116	asyncRetryTransactionMiddleware(createUser)
9bd26629 C	117	)
9bd26629 C	118
65fcc311	119	usersRouter.post('/register',
a2431b7d	120	asyncMiddleware(ensureUserRegistrationAllowed),
ff2c1fe8	121	ensureUserRegistrationAllowedForIP,
a2431b7d	122	asyncMiddleware(usersRegisterValidator),
90d4bb81	123	asyncRetryTransactionMiddleware(registerUser)
2c2e9092 C	124	)
2c2e9092 C	125
8094a898 C	126	usersRouter.put('/me',
	127	authenticate,
	128	usersUpdateMeValidator,
eb080476	129	asyncMiddleware(updateMe)
8094a898 C	130	)
8094a898 C	131
c5911fd3 C	132	usersRouter.post('/me/avatar/pick',
	133	authenticate,
	134	reqAvatarFile,
4bbfc6c6	135	updateAvatarValidator,
c5911fd3 C	136	asyncMiddleware(updateMyAvatar)
	137	)
	138
65fcc311 C	139	usersRouter.put('/:id',
65fcc311 C	140	authenticate,
954605a8	141	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	142	asyncMiddleware(usersUpdateValidator),
eb080476	143	asyncMiddleware(updateUser)
9bd26629 C	144	)
9bd26629 C	145
65fcc311 C	146	usersRouter.delete('/:id',
65fcc311 C	147	authenticate,
954605a8	148	ensureUserHasRight(UserRight.MANAGE_USERS),
a2431b7d	149	asyncMiddleware(usersRemoveValidator),
eb080476	150	asyncMiddleware(removeUser)
9bd26629	151	)
6606150c	152
ecb4e35f C	153	usersRouter.post('/ask-reset-password',
	154	asyncMiddleware(usersAskResetPasswordValidator),
	155	asyncMiddleware(askResetUserPassword)
	156	)
	157
	158	usersRouter.post('/:id/reset-password',
	159	asyncMiddleware(usersResetPasswordValidator),
	160	asyncMiddleware(resetUserPassword)
	161	)
	162
490b595a C	163	usersRouter.post('/token',
	164	loginRateLimiter,
	165	token,
	166	success
	167	)
9bd26629	168	// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
9457bf88 C	169
	170	// ---------------------------------------------------------------------------
	171
65fcc311 C	172	export {
	173	usersRouter
	174	}
9457bf88 C	175
	176	// ---------------------------------------------------------------------------
	177
fd45e8f4	178	async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	179	const user = res.locals.oauth.token.User as UserModel
2186386c	180	const resultList = await VideoModel.listUserVideosForApi(
0883b324 C	181	user.Account.id,
	182	req.query.start as number,
	183	req.query.count as number,
	184	req.query.sort as VideoSortField,
	185	false // Display my NSFW videos
	186	)
fd45e8f4	187
2baea0c7 C	188	const additionalAttributes = {
	189	waitTranscoding: true,
	190	state: true,
	191	scheduledUpdate: true
	192	}
2186386c	193	return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes }))
fd45e8f4 C	194	}
fd45e8f4 C	195
ed31c059 C	196	async function getUserVideoImports (req: express.Request, res: express.Response, next: express.NextFunction) {
	197	const user = res.locals.oauth.token.User as UserModel
	198	const resultList = await VideoImportModel.listUserVideoImportsForApi(
	199	user.Account.id,
	200	req.query.start as number,
	201	req.query.count as number,
	202	req.query.sort
	203	)
	204
	205	return res.json(getFormattedObjects(resultList.data, resultList.total))
	206	}
	207
90d4bb81	208	async function createUser (req: express.Request, res: express.Response) {
4771e000	209	const body: UserCreate = req.body
f05a1c30	210	const userToCreate = new UserModel({
4771e000 C	211	username: body.username,
	212	password: body.password,
	213	email: body.email,
0883b324	214	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
7efe153b	215	autoPlayVideo: true,
954605a8	216	role: body.role,
b0f9f39e	217	videoQuota: body.videoQuota
9bd26629 C	218	})
9bd26629 C	219
f05a1c30	220	const { user, account } = await createUserAccountAndChannel(userToCreate)
eb080476	221
80e36cd9	222	auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
38fa2065	223	logger.info('User %s with its channel and account created.', body.username)
f05a1c30	224
90d4bb81 C	225	return res.json({
	226	user: {
	227	id: user.id,
	228	account: {
	229	id: account.id,
	230	uuid: account.Actor.uuid
	231	}
	232	}
	233	}).end()
47e0652b C	234	}
47e0652b C	235
90d4bb81	236	async function registerUser (req: express.Request, res: express.Response) {
77a5501f C	237	const body: UserCreate = req.body
77a5501f C	238
80e36cd9	239	const userToCreate = new UserModel({
77a5501f C	240	username: body.username,
	241	password: body.password,
	242	email: body.email,
0883b324	243	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
7efe153b	244	autoPlayVideo: true,
954605a8	245	role: UserRole.USER,
77a5501f C	246	videoQuota: CONFIG.USER.VIDEO_QUOTA
	247	})
	248
80e36cd9	249	const { user } = await createUserAccountAndChannel(userToCreate)
47e0652b	250
80e36cd9	251	auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
47e0652b	252	logger.info('User %s with its channel and account registered.', body.username)
90d4bb81 C	253
90d4bb81 C	254	return res.type('json').status(204).end()
77a5501f C	255	}
77a5501f C	256
eb080476	257	async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
fd45e8f4	258	// We did not load channels in res.locals.user
3fd3ab2d	259	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
eb080476 C	260
eb080476 C	261	return res.json(user.toFormattedJSON())
99a64bfe C	262	}
99a64bfe C	263
ce5496d6 C	264	async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
	265	// We did not load channels in res.locals.user
	266	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
	267	const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)
	268
5fcbd898	269	const data: UserVideoQuota = {
ce5496d6	270	videoQuotaUsed
5fcbd898 C	271	}
5fcbd898 C	272	return res.json(data)
ce5496d6 C	273	}
ce5496d6 C	274
8094a898	275	function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
ce5496d6	276	return res.json((res.locals.user as UserModel).toFormattedJSON())
8094a898 C	277	}
8094a898 C	278
eb080476	279	async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
0a6658fd	280	const videoId = +req.params.videoId
571389d4	281	const accountId = +res.locals.oauth.token.User.Account.id
d38b8281	282
3fd3ab2d	283	const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
faab3a84 C	284	const rating = ratingObj ? ratingObj.type : 'none'
	285
	286	const json: FormattedUserVideoRate = {
	287	videoId,
	288	rating
	289	}
	290	res.json(json)
d38b8281 C	291	}
d38b8281 C	292
eb080476	293	async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	294	const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
eb080476 C	295
eb080476 C	296	return res.json(getFormattedObjects(resultList.data, resultList.total))
9bd26629 C	297	}
9bd26629 C	298
eb080476	299	async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
3fd3ab2d	300	const user = await UserModel.loadById(req.params.id)
eb080476 C	301
	302	await user.destroy()
	303
80e36cd9 AB	304	auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
80e36cd9 AB	305
eb080476	306	return res.sendStatus(204)
9bd26629 C	307	}
9bd26629 C	308
eb080476	309	async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
8094a898	310	const body: UserUpdateMe = req.body
4771e000	311
2422c46b	312	const user: UserModel = res.locals.oauth.token.user
80e36cd9	313	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
1d49e1e2	314
eb080476 C	315	if (body.password !== undefined) user.password = body.password
eb080476 C	316	if (body.email !== undefined) user.email = body.email
0883b324	317	if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
7efe153b	318	if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
eb080476	319
2422c46b C	320	await sequelizeTypescript.transaction(async t => {
	321	await user.save({ transaction: t })
	322
ed56ad11	323	if (body.displayName !== undefined) user.Account.name = body.displayName
2422c46b C	324	if (body.description !== undefined) user.Account.description = body.description
	325	await user.Account.save({ transaction: t })
	326
	327	await sendUpdateActor(user.Account, t)
80e36cd9 AB	328
	329	auditLogger.update(
	330	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	331	new UserAuditView(user.toFormattedJSON()),
	332	oldUserAuditView
	333	)
2422c46b	334	})
eb080476	335
d412e80e	336	return res.sendStatus(204)
9bd26629 C	337	}
9bd26629 C	338
c5911fd3	339	async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
2186386c	340	const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
80e36cd9 AB	341	const user: UserModel = res.locals.oauth.token.user
	342	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
	343	const account = user.Account
c5911fd3	344
4bbfc6c6	345	const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
c5911fd3	346
80e36cd9 AB	347	auditLogger.update(
	348	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	349	new UserAuditView(user.toFormattedJSON()),
	350	oldUserAuditView
	351	)
	352
c5911fd3 C	353	return res
	354	.json({
	355	avatar: avatar.toFormattedJSON()
	356	})
	357	.end()
	358	}
	359
eb080476	360	async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
8094a898	361	const body: UserUpdate = req.body
80e36cd9 AB	362	const userToUpdate = res.locals.user as UserModel
	363	const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
	364	const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
8094a898	365
80e36cd9 AB	366	if (body.email !== undefined) userToUpdate.email = body.email
	367	if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
	368	if (body.role !== undefined) userToUpdate.role = body.role
8094a898	369
80e36cd9	370	const user = await userToUpdate.save()
eb080476	371
f8b8c36b C	372	// Destroy user token to refresh rights
f8b8c36b C	373	if (roleChanged) {
80e36cd9	374	await OAuthTokenModel.deleteUserToken(userToUpdate.id)
f8b8c36b C	375	}
f8b8c36b C	376
80e36cd9 AB	377	auditLogger.update(
	378	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
	379	new UserAuditView(user.toFormattedJSON()),
	380	oldUserAuditView
	381	)
	382
265ba139 C	383	// Don't need to send this update to followers, these attributes are not propagated
265ba139 C	384
eb080476	385	return res.sendStatus(204)
8094a898 C	386	}
8094a898 C	387
ecb4e35f C	388	async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	389	const user = res.locals.user as UserModel
	390
	391	const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
	392	const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
	393	await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)
	394
	395	return res.status(204).end()
	396	}
	397
	398	async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	399	const user = res.locals.user as UserModel
	400	user.password = req.body.password
	401
	402	await user.save()
	403
	404	return res.status(204).end()
	405	}
	406
69818c93	407	function success (req: express.Request, res: express.Response, next: express.NextFunction) {
9457bf88 C	408	res.end()
9457bf88 C	409	}