]>
Commit | Line | Data |
---|---|---|
b60e5f38 | 1 | import { body, param } from 'express-validator/check' |
69818c93 C |
2 | import 'express-validator' |
3 | import * as express from 'express' | |
0a6658fd C |
4 | import * as Promise from 'bluebird' |
5 | import * as validator from 'validator' | |
69818c93 | 6 | |
e02643f3 | 7 | import { database as db } from '../../initializers/database' |
65fcc311 | 8 | import { checkErrors } from './utils' |
b60e5f38 C |
9 | import { |
10 | isSignupAllowed, | |
11 | logger, | |
12 | isUserUsernameValid, | |
13 | isUserPasswordValid, | |
14 | isUserVideoQuotaValid, | |
15 | isUserDisplayNSFWValid, | |
72c7248b | 16 | isIdOrUUIDValid |
b60e5f38 | 17 | } from '../../helpers' |
77a5501f | 18 | import { UserInstance, VideoInstance } from '../../models' |
9bd26629 | 19 | |
b60e5f38 C |
20 | const usersAddValidator = [ |
21 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'), | |
22 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | |
23 | body('email').isEmail().withMessage('Should have a valid email'), | |
24 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | |
9bd26629 | 25 | |
b60e5f38 C |
26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
27 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | |
9bd26629 | 28 | |
b60e5f38 C |
29 | checkErrors(req, res, () => { |
30 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | |
31 | }) | |
32 | } | |
33 | ] | |
6fcd19ba | 34 | |
b60e5f38 C |
35 | const usersRegisterValidator = [ |
36 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'), | |
37 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | |
38 | body('email').isEmail().withMessage('Should have a valid email'), | |
77a5501f | 39 | |
b60e5f38 C |
40 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
41 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) | |
77a5501f | 42 | |
b60e5f38 C |
43 | checkErrors(req, res, () => { |
44 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | |
45 | }) | |
46 | } | |
47 | ] | |
9bd26629 | 48 | |
b60e5f38 C |
49 | const usersRemoveValidator = [ |
50 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | |
9bd26629 | 51 | |
b60e5f38 C |
52 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
53 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | |
9bd26629 | 54 | |
b60e5f38 C |
55 | checkErrors(req, res, () => { |
56 | checkUserExists(req.params.id, res, (err, user) => { | |
57 | if (err) { | |
58 | logger.error('Error in usersRemoveValidator.', err) | |
59 | return res.sendStatus(500) | |
60 | } | |
9bd26629 | 61 | |
b60e5f38 C |
62 | if (user.username === 'root') { |
63 | return res.status(400) | |
64 | .send({ error: 'Cannot remove the root user' }) | |
65 | .end() | |
66 | } | |
af1068ce | 67 | |
b60e5f38 C |
68 | return next() |
69 | }) | |
77a5501f | 70 | }) |
b60e5f38 C |
71 | } |
72 | ] | |
8094a898 | 73 | |
b60e5f38 C |
74 | const usersUpdateValidator = [ |
75 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | |
76 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | |
77 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | |
8094a898 | 78 | |
b60e5f38 C |
79 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
80 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | |
9bd26629 | 81 | |
b60e5f38 C |
82 | checkErrors(req, res, () => { |
83 | checkUserExists(req.params.id, res, next) | |
84 | }) | |
85 | } | |
86 | ] | |
9bd26629 | 87 | |
b60e5f38 C |
88 | const usersUpdateMeValidator = [ |
89 | body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'), | |
90 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | |
91 | body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'), | |
9bd26629 | 92 | |
b60e5f38 C |
93 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
94 | // TODO: Add old password verification | |
95 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) | |
8094a898 | 96 | |
b60e5f38 C |
97 | checkErrors(req, res, next) |
98 | } | |
99 | ] | |
8094a898 | 100 | |
b60e5f38 C |
101 | const usersGetValidator = [ |
102 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | |
d38b8281 | 103 | |
b60e5f38 C |
104 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
105 | checkErrors(req, res, () => { | |
106 | checkUserExists(req.params.id, res, next) | |
107 | }) | |
108 | } | |
109 | ] | |
d38b8281 | 110 | |
b60e5f38 | 111 | const usersVideoRatingValidator = [ |
72c7248b | 112 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), |
0a6658fd | 113 | |
b60e5f38 C |
114 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
115 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) | |
0a6658fd | 116 | |
b60e5f38 C |
117 | checkErrors(req, res, () => { |
118 | let videoPromise: Promise<VideoInstance> | |
6fcd19ba | 119 | |
b60e5f38 C |
120 | if (validator.isUUID(req.params.videoId)) { |
121 | videoPromise = db.Video.loadByUUID(req.params.videoId) | |
122 | } else { | |
123 | videoPromise = db.Video.load(req.params.videoId) | |
124 | } | |
d38b8281 | 125 | |
b60e5f38 C |
126 | videoPromise |
127 | .then(video => { | |
128 | if (!video) { | |
129 | return res.status(404) | |
130 | .json({ error: 'Video not found' }) | |
131 | .end() | |
132 | } | |
133 | ||
134 | return next() | |
135 | }) | |
136 | .catch(err => { | |
137 | logger.error('Error in user request validator.', err) | |
138 | return res.sendStatus(500) | |
139 | }) | |
140 | }) | |
141 | } | |
142 | ] | |
143 | ||
144 | const ensureUserRegistrationAllowed = [ | |
145 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
146 | isSignupAllowed().then(allowed => { | |
147 | if (allowed === false) { | |
148 | return res.status(403) | |
149 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | |
150 | .end() | |
151 | } | |
291e8d3e | 152 | |
b60e5f38 C |
153 | return next() |
154 | }) | |
155 | } | |
156 | ] | |
291e8d3e | 157 | |
9bd26629 C |
158 | // --------------------------------------------------------------------------- |
159 | ||
65fcc311 C |
160 | export { |
161 | usersAddValidator, | |
77a5501f | 162 | usersRegisterValidator, |
65fcc311 C |
163 | usersRemoveValidator, |
164 | usersUpdateValidator, | |
8094a898 | 165 | usersUpdateMeValidator, |
291e8d3e | 166 | usersVideoRatingValidator, |
8094a898 C |
167 | ensureUserRegistrationAllowed, |
168 | usersGetValidator | |
169 | } | |
170 | ||
171 | // --------------------------------------------------------------------------- | |
172 | ||
77a5501f | 173 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { |
8094a898 C |
174 | db.User.loadById(id) |
175 | .then(user => { | |
bfb3a98f C |
176 | if (!user) { |
177 | return res.status(404) | |
178 | .send({ error: 'User not found' }) | |
179 | .end() | |
180 | } | |
8094a898 C |
181 | |
182 | res.locals.user = user | |
bfb3a98f | 183 | return callback(null, user) |
8094a898 C |
184 | }) |
185 | .catch(err => { | |
186 | logger.error('Error in user request validator.', err) | |
187 | return res.sendStatus(500) | |
188 | }) | |
65fcc311 | 189 | } |
77a5501f C |
190 | |
191 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { | |
192 | db.User.loadByUsernameOrEmail(username, email) | |
193 | .then(user => { | |
bfb3a98f C |
194 | if (user) { |
195 | return res.status(409) | |
196 | .send({ error: 'User already exists.' }) | |
197 | .end() | |
198 | } | |
77a5501f | 199 | |
bfb3a98f | 200 | return callback() |
77a5501f C |
201 | }) |
202 | .catch(err => { | |
203 | logger.error('Error in usersAdd request validator.', err) | |
204 | return res.sendStatus(500) | |
205 | }) | |
206 | } |