[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / two-factor.ts

import express from 'express'
import { body, param } from 'express-validator'
import { HttpStatusCode, UserRight } from '@shared/models'
import { exists, isIdValid } from '../../helpers/custom-validators/misc'
import { areValidationErrors, checkUserIdExist } from './shared'

const requestOrConfirmTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already enabled.`
      })
    }

    return next()
  }
]

const confirmTwoFactorValidator = [
  body('requestToken').custom(exists),
  body('otpToken').custom(exists),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

const disableTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (!res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already disabled.`
      })
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  requestOrConfirmTwoFactorValidator,
  confirmTwoFactorValidator,
  disableTwoFactorValidator
}

// ---------------------------------------------------------------------------

async function checkCanEnableOrDisableTwoFactor (userId: number | string, res: express.Response) {
  const authUser = res.locals.oauth.token.user

  if (!await checkUserIdExist(userId, res)) return

  if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {
    res.fail({
      status: HttpStatusCode.FORBIDDEN_403,
      message: `User ${authUser.username} does not have right to change two factor setting of this user.`
    })

    return false
  }

  return true
}
Commit	Line	Data
56f47830 C	1	import express from 'express'
	2	import { body, param } from 'express-validator'
	3	import { HttpStatusCode, UserRight } from '@shared/models'
	4	import { exists, isIdValid } from '../../helpers/custom-validators/misc'
	5	import { areValidationErrors, checkUserIdExist } from './shared'
	6
	7	const requestOrConfirmTwoFactorValidator = [
	8	param('id').custom(isIdValid),
	9
	10	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	11	if (areValidationErrors(req, res)) return
	12
	13	if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return
	14
	15	if (res.locals.user.otpSecret) {
	16	return res.fail({
	17	status: HttpStatusCode.BAD_REQUEST_400,
	18	message: `Two factor is already enabled.`
	19	})
	20	}
	21
	22	return next()
	23	}
	24	]
	25
	26	const confirmTwoFactorValidator = [
	27	body('requestToken').custom(exists),
	28	body('otpToken').custom(exists),
	29
	30	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	31	if (areValidationErrors(req, res)) return
	32
	33	return next()
	34	}
	35	]
	36
	37	const disableTwoFactorValidator = [
	38	param('id').custom(isIdValid),
	39
	40	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	41	if (areValidationErrors(req, res)) return
	42
	43	if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return
	44
	45	if (!res.locals.user.otpSecret) {
	46	return res.fail({
	47	status: HttpStatusCode.BAD_REQUEST_400,
	48	message: `Two factor is already disabled.`
	49	})
	50	}
	51
	52	return next()
	53	}
	54	]
	55
	56	// ---------------------------------------------------------------------------
	57
	58	export {
	59	requestOrConfirmTwoFactorValidator,
	60	confirmTwoFactorValidator,
	61	disableTwoFactorValidator
	62	}
	63
	64	// ---------------------------------------------------------------------------
65
66	async function checkCanEnableOrDisableTwoFactor (userId: number \| string, res: express.Response) {
67	const authUser = res.locals.oauth.token.user
68
69	if (!await checkUserIdExist(userId, res)) return
70
71	if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {
72	res.fail({
73	status: HttpStatusCode.FORBIDDEN_403,
74	message: `User ${authUser.username} does not have right to change two factor setting of this user.`
75	})
76
77	return false
78	}
79
80	return true
81	}