[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import { body, param } from 'express-validator/check'
import 'express-validator'
import * as express from 'express'
import * as Promise from 'bluebird'
import * as validator from 'validator'

import { database as db } from '../../initializers/database'
import { checkErrors } from './utils'
import {
  isSignupAllowed,
  logger,
  isUserUsernameValid,
  isUserPasswordValid,
  isUserVideoQuotaValid,
  isUserDisplayNSFWValid,
  isIdOrUUIDValid
} from '../../helpers'
import { UserInstance, VideoInstance } from '../../models'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    checkErrors(req, res, () => {
      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
    })
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    checkErrors(req, res, () => {
      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
    })
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    checkErrors(req, res, () => {
      checkUserExists(req.params.id, res, (err, user) => {
        if (err) {
          logger.error('Error in usersRemoveValidator.', err)
          return res.sendStatus(500)
        }

        if (user.username === 'root') {
          return res.status(400)
                    .send({ error: 'Cannot remove the root user' })
                    .end()
        }

        return next()
      })
    })
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    checkErrors(req, res, () => {
      checkUserExists(req.params.id, res, next)
    })
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    checkErrors(req, res, next)
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    checkErrors(req, res, () => {
      checkUserExists(req.params.id, res, next)
    })
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    checkErrors(req, res, () => {
      let videoPromise: Promise<VideoInstance>

      if (validator.isUUID(req.params.videoId)) {
        videoPromise = db.Video.loadByUUID(req.params.videoId)
      } else {
        videoPromise = db.Video.load(req.params.videoId)
      }

      videoPromise
        .then(video => {
          if (!video) {
            return res.status(404)
                      .json({ error: 'Video not found' })
                      .end()
          }

          return next()
        })
        .catch(err => {
          logger.error('Error in user request validator.', err)
          return res.sendStatus(500)
        })
    })
  }
]

const ensureUserRegistrationAllowed = [
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    isSignupAllowed().then(allowed => {
      if (allowed === false) {
        return res.status(403)
                  .send({ error: 'User registration is not enabled or user limit is reached.' })
                  .end()
      }

      return next()
    })
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator
}

// ---------------------------------------------------------------------------

function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
  db.User.loadById(id)
    .then(user => {
      if (!user) {
        return res.status(404)
                  .send({ error: 'User not found' })
                  .end()
      }

      res.locals.user = user
      return callback(null, user)
    })
    .catch(err => {
      logger.error('Error in user request validator.', err)
      return res.sendStatus(500)
    })
}

function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
  db.User.loadByUsernameOrEmail(username, email)
      .then(user => {
        if (user) {
          return res.status(409)
                    .send({ error: 'User already exists.' })
                    .end()
        }

        return callback()
      })
      .catch(err => {
        logger.error('Error in usersAdd request validator.', err)
        return res.sendStatus(500)
      })
}
Commit	Line	Data
b60e5f38	1	import { body, param } from 'express-validator/check'
69818c93 C	2	import 'express-validator'
69818c93 C	3	import * as express from 'express'
0a6658fd C	4	import * as Promise from 'bluebird'
0a6658fd C	5	import * as validator from 'validator'
69818c93	6
e02643f3	7	import { database as db } from '../../initializers/database'
65fcc311	8	import { checkErrors } from './utils'
b60e5f38 C	9	import {
	10	isSignupAllowed,
	11	logger,
	12	isUserUsernameValid,
	13	isUserPasswordValid,
	14	isUserVideoQuotaValid,
	15	isUserDisplayNSFWValid,
72c7248b	16	isIdOrUUIDValid
b60e5f38	17	} from '../../helpers'
77a5501f	18	import { UserInstance, VideoInstance } from '../../models'
9bd26629	19
b60e5f38 C	20	const usersAddValidator = [
	21	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	22	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	23	body('email').isEmail().withMessage('Should have a valid email'),
	24	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
9bd26629	25
b60e5f38 C	26	(req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38 C	27	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	28
b60e5f38 C	29	checkErrors(req, res, () => {
	30	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
	31	})
	32	}
	33	]
6fcd19ba	34
b60e5f38 C	35	const usersRegisterValidator = [
	36	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	37	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	38	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	39
b60e5f38 C	40	(req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38 C	41	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	42
b60e5f38 C	43	checkErrors(req, res, () => {
	44	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
	45	})
	46	}
	47	]
9bd26629	48
b60e5f38 C	49	const usersRemoveValidator = [
b60e5f38 C	50	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	51
b60e5f38 C	52	(req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38 C	53	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	54
b60e5f38 C	55	checkErrors(req, res, () => {
	56	checkUserExists(req.params.id, res, (err, user) => {
	57	if (err) {
	58	logger.error('Error in usersRemoveValidator.', err)
	59	return res.sendStatus(500)
	60	}
9bd26629	61
b60e5f38 C	62	if (user.username === 'root') {
	63	return res.status(400)
	64	.send({ error: 'Cannot remove the root user' })
	65	.end()
	66	}
af1068ce	67
b60e5f38 C	68	return next()
b60e5f38 C	69	})
77a5501f	70	})
b60e5f38 C	71	}
b60e5f38 C	72	]
8094a898	73
b60e5f38 C	74	const usersUpdateValidator = [
	75	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	76	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	77	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
8094a898	78
b60e5f38 C	79	(req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38 C	80	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	81
b60e5f38 C	82	checkErrors(req, res, () => {
	83	checkUserExists(req.params.id, res, next)
	84	})
	85	}
	86	]
9bd26629	87
b60e5f38 C	88	const usersUpdateMeValidator = [
	89	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	90	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	91	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
9bd26629	92
b60e5f38 C	93	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	94	// TODO: Add old password verification
	95	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	96
b60e5f38 C	97	checkErrors(req, res, next)
	98	}
	99	]
8094a898	100
b60e5f38 C	101	const usersGetValidator = [
b60e5f38 C	102	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	103
b60e5f38 C	104	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	105	checkErrors(req, res, () => {
	106	checkUserExists(req.params.id, res, next)
	107	})
	108	}
	109	]
d38b8281	110
b60e5f38	111	const usersVideoRatingValidator = [
72c7248b	112	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	113
b60e5f38 C	114	(req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38 C	115	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	116
b60e5f38 C	117	checkErrors(req, res, () => {
b60e5f38 C	118	let videoPromise: Promise<VideoInstance>
6fcd19ba	119
b60e5f38 C	120	if (validator.isUUID(req.params.videoId)) {
	121	videoPromise = db.Video.loadByUUID(req.params.videoId)
	122	} else {
	123	videoPromise = db.Video.load(req.params.videoId)
	124	}
d38b8281	125
b60e5f38 C	126	videoPromise
	127	.then(video => {
	128	if (!video) {
	129	return res.status(404)
	130	.json({ error: 'Video not found' })
	131	.end()
	132	}
	133
	134	return next()
	135	})
	136	.catch(err => {
	137	logger.error('Error in user request validator.', err)
	138	return res.sendStatus(500)
	139	})
	140	})
	141	}
	142	]
	143
	144	const ensureUserRegistrationAllowed = [
	145	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	146	isSignupAllowed().then(allowed => {
	147	if (allowed === false) {
	148	return res.status(403)
	149	.send({ error: 'User registration is not enabled or user limit is reached.' })
	150	.end()
	151	}
291e8d3e	152
b60e5f38 C	153	return next()
	154	})
	155	}
	156	]
291e8d3e	157
9bd26629 C	158	// ---------------------------------------------------------------------------
9bd26629 C	159
65fcc311 C	160	export {
65fcc311 C	161	usersAddValidator,
77a5501f	162	usersRegisterValidator,
65fcc311 C	163	usersRemoveValidator,
65fcc311 C	164	usersUpdateValidator,
8094a898	165	usersUpdateMeValidator,
291e8d3e	166	usersVideoRatingValidator,
8094a898 C	167	ensureUserRegistrationAllowed,
	168	usersGetValidator
	169	}
	170
	171	// ---------------------------------------------------------------------------
	172
77a5501f	173	function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
8094a898 C	174	db.User.loadById(id)
8094a898 C	175	.then(user => {
bfb3a98f C	176	if (!user) {
	177	return res.status(404)
	178	.send({ error: 'User not found' })
	179	.end()
	180	}
8094a898 C	181
8094a898 C	182	res.locals.user = user
bfb3a98f	183	return callback(null, user)
8094a898 C	184	})
	185	.catch(err => {
	186	logger.error('Error in user request validator.', err)
	187	return res.sendStatus(500)
	188	})
65fcc311	189	}
77a5501f C	190
	191	function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
	192	db.User.loadByUsernameOrEmail(username, email)
	193	.then(user => {
bfb3a98f C	194	if (user) {
	195	return res.status(409)
	196	.send({ error: 'User already exists.' })
	197	.end()
	198	}
77a5501f	199
bfb3a98f	200	return callback()
77a5501f C	201	})
	202	.catch(err => {
	203	logger.error('Error in usersAdd request validator.', err)
	204	return res.sendStatus(500)
	205	})
	206	}