[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as Bluebird from 'bluebird'
import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { omit } from 'lodash'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isUserAutoPlayVideoValid, isUserBlockedReasonValid,
  isUserDescriptionValid,
  isUserDisplayNameValid,
  isUserNSFWPolicyValid,
  isUserPasswordValid,
  isUserRoleValid,
  isUserUsernameValid,
  isUserVideoQuotaValid,
  isUserVideoQuotaDailyValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { logger } from '../../helpers/logger'
import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup'
import { Redis } from '../../lib/redis'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'
import { ActorModel } from '../../models/activitypub/actor'
import { comparePassword } from '../../helpers/peertube-crypto'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersBlockingValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersBlocking parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot block the root user' })
                .end()
    }

    return next()
  }
]

const deleteMeValidator = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user: UserModel = res.locals.oauth.token.User
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'You cannot delete your root account.' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
      return res.status(400)
        .send({ error: 'Cannot change root role.' })
        .end()
    }

    return next()
  }
]

const usersUpdateMeValidator = [
  body('displayName').optional().custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
  body('description').optional().custom(isUserDescriptionValid).withMessage('Should have a valid description'),
  body('currentPassword').optional().custom(isUserPasswordValid).withMessage('Should have a valid current password'),
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('nsfwPolicy').optional().custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })

    if (req.body.password) {
      if (!req.body.currentPassword) {
        return res.status(400)
                  .send({ error: 'currentPassword parameter is missing.' })
                  .end()
      }

      const user: UserModel = res.locals.oauth.token.User

      if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
        return res.status(401)
                  .send({ error: 'currentPassword is invalid.' })
                  .end()
      }
    }

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res, 'id')) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

const ensureUserRegistrationAllowedForIP = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = isSignupAllowedForCurrentIP(req.ip)

    if (allowed === false) {
      return res.status(403)
                .send({ error: 'You are not on a network authorized for registration.' })
                .end()
    }

    return next()
  }
]

const usersAskResetPasswordValidator = [
  body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    const exists = await checkUserEmailExist(req.body.email, res, false)
    if (!exists) {
      logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
      // Do not leak our emails
      return res.status(204).end()
    }

    return next()
  }
]

const usersResetPasswordValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersResetPassword parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user as UserModel
    const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)

    if (redisVerificationString !== req.body.verificationString) {
      return res
        .status(403)
        .send({ error: 'Invalid verification string.' })
        .end()
    }

    return next()
  }
]

const usersAskSendVerifyEmailValidator = [
  body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    const exists = await checkUserEmailExist(req.body.email, res, false)
    if (!exists) {
      logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
      // Do not leak our emails
      return res.status(204).end()
    }

    return next()
  }
]

const usersVerifyEmailValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user as UserModel
    const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)

    if (redisVerificationString !== req.body.verificationString) {
      return res
        .status(403)
        .send({ error: 'Invalid verification string.' })
        .end()
    }

    return next()
  }
]

const userAutocompleteValidator = [
  param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  deleteMeValidator,
  usersRegisterValidator,
  usersBlockingValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  ensureUserRegistrationAllowedForIP,
  usersGetValidator,
  usersAskResetPasswordValidator,
  usersResetPasswordValidator,
  usersAskSendVerifyEmailValidator,
  usersVerifyEmailValidator,
  userAutocompleteValidator
}

// ---------------------------------------------------------------------------

function checkUserIdExist (id: number, res: express.Response) {
  return checkUserExist(() => UserModel.loadById(id), res)
}

function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
  return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username or email already exists.' })
              .end()
    return false
  }

  const actor = await ActorModel.loadLocalByName(username)
  if (actor) {
    res.status(409)
       .send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' })
       .end()
    return false
  }

  return true
}

async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
  const user = await finder()

  if (!user) {
    if (abortResponse === true) {
      res.status(404)
        .send({ error: 'User not found' })
        .end()
    }

    return false
  }

  res.locals.user = user

  return true
}
Commit	Line	Data
ecb4e35f	1	import * as Bluebird from 'bluebird'
69818c93	2	import * as express from 'express'
a2431b7d C	3	import 'express-validator'
a2431b7d C	4	import { body, param } from 'express-validator/check'
ecb4e35f	5	import { omit } from 'lodash'
3fd3ab2d	6	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
b60e5f38	7	import {
eacb25c4	8	isUserAutoPlayVideoValid, isUserBlockedReasonValid,
4bbfc6c6 C	9	isUserDescriptionValid,
4bbfc6c6 C	10	isUserDisplayNameValid,
0883b324	11	isUserNSFWPolicyValid,
ecb4e35f C	12	isUserPasswordValid,
	13	isUserRoleValid,
	14	isUserUsernameValid,
bee0abff FA	15	isUserVideoQuotaValid,
bee0abff FA	16	isUserVideoQuotaDailyValid
3fd3ab2d	17	} from '../../helpers/custom-validators/users'
47564bbe	18	import { isVideoExist } from '../../helpers/custom-validators/videos'
da854ddd	19	import { logger } from '../../helpers/logger'
06215f15	20	import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup'
ecb4e35f	21	import { Redis } from '../../lib/redis'
3fd3ab2d	22	import { UserModel } from '../../models/account/user'
a2431b7d	23	import { areValidationErrors } from './utils'
2ef6a063	24	import { ActorModel } from '../../models/activitypub/actor'
a890d1e0	25	import { comparePassword } from '../../helpers/peertube-crypto'
9bd26629	26
b60e5f38	27	const usersAddValidator = [
563d032e	28	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	29	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	30	body('email').isEmail().withMessage('Should have a valid email'),
	31	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
bee0abff	32	body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
954605a8	33	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	34
a2431b7d	35	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
ce97fe36	36	logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })
9bd26629	37
a2431b7d C	38	if (areValidationErrors(req, res)) return
	39	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	40
	41	return next()
b60e5f38 C	42	}
b60e5f38 C	43	]
6fcd19ba	44
b60e5f38 C	45	const usersRegisterValidator = [
	46	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	47	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	48	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	49
a2431b7d	50	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
ce97fe36	51	logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
77a5501f	52
a2431b7d C	53	if (areValidationErrors(req, res)) return
	54	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	55
	56	return next()
b60e5f38 C	57	}
b60e5f38 C	58	]
9bd26629	59
b60e5f38 C	60	const usersRemoveValidator = [
b60e5f38 C	61	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	62
a2431b7d	63	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	64	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	65
a2431b7d C	66	if (areValidationErrors(req, res)) return
	67	if (!await checkUserIdExist(req.params.id, res)) return
	68
	69	const user = res.locals.user
	70	if (user.username === 'root') {
	71	return res.status(400)
	72	.send({ error: 'Cannot remove the root user' })
	73	.end()
	74	}
	75
	76	return next()
b60e5f38 C	77	}
b60e5f38 C	78	]
8094a898	79
e6921918 C	80	const usersBlockingValidator = [
e6921918 C	81	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
eacb25c4	82	body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),
e6921918 C	83
e6921918 C	84	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
eacb25c4	85	logger.debug('Checking usersBlocking parameters', { parameters: req.params })
e6921918 C	86
	87	if (areValidationErrors(req, res)) return
	88	if (!await checkUserIdExist(req.params.id, res)) return
	89
	90	const user = res.locals.user
	91	if (user.username === 'root') {
	92	return res.status(400)
	93	.send({ error: 'Cannot block the root user' })
	94	.end()
	95	}
	96
	97	return next()
	98	}
	99	]
	100
92b9d60c C	101	const deleteMeValidator = [
	102	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	103	const user: UserModel = res.locals.oauth.token.User
	104	if (user.username === 'root') {
	105	return res.status(400)
	106	.send({ error: 'You cannot delete your root account.' })
	107	.end()
	108	}
	109
	110	return next()
	111	}
	112	]
	113
b60e5f38 C	114	const usersUpdateValidator = [
	115	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	116	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	117	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
bee0abff	118	body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
954605a8	119	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	120
a2431b7d	121	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	122	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	123
a2431b7d C	124	if (areValidationErrors(req, res)) return
	125	if (!await checkUserIdExist(req.params.id, res)) return
	126
f8b8c36b C	127	const user = res.locals.user
	128	if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
	129	return res.status(400)
	130	.send({ error: 'Cannot change root role.' })
	131	.end()
	132	}
	133
a2431b7d	134	return next()
b60e5f38 C	135	}
b60e5f38 C	136	]
9bd26629	137
b60e5f38	138	const usersUpdateMeValidator = [
ed56ad11	139	body('displayName').optional().custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
2422c46b	140	body('description').optional().custom(isUserDescriptionValid).withMessage('Should have a valid description'),
a890d1e0	141	body('currentPassword').optional().custom(isUserPasswordValid).withMessage('Should have a valid current password'),
b60e5f38 C	142	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
b60e5f38 C	143	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
0883b324	144	body('nsfwPolicy').optional().custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
7efe153b	145	body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
9bd26629	146
a890d1e0	147	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
ce97fe36	148	logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
8094a898	149
a890d1e0 C	150	if (req.body.password) {
	151	if (!req.body.currentPassword) {
	152	return res.status(400)
	153	.send({ error: 'currentPassword parameter is missing.' })
	154	.end()
	155	}
	156
	157	const user: UserModel = res.locals.oauth.token.User
	158
	159	if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
	160	return res.status(401)
	161	.send({ error: 'currentPassword is invalid.' })
	162	.end()
	163	}
	164	}
	165
a2431b7d C	166	if (areValidationErrors(req, res)) return
	167
	168	return next()
b60e5f38 C	169	}
b60e5f38 C	170	]
8094a898	171
b60e5f38 C	172	const usersGetValidator = [
b60e5f38 C	173	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	174
a2431b7d	175	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
ce97fe36	176	logger.debug('Checking usersGet parameters', { parameters: req.params })
a2431b7d C	177
	178	if (areValidationErrors(req, res)) return
	179	if (!await checkUserIdExist(req.params.id, res)) return
	180
	181	return next()
b60e5f38 C	182	}
b60e5f38 C	183	]
d38b8281	184
b60e5f38	185	const usersVideoRatingValidator = [
72c7248b	186	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	187
a2431b7d	188	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	189	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	190
a2431b7d	191	if (areValidationErrors(req, res)) return
627621c1	192	if (!await isVideoExist(req.params.videoId, res, 'id')) return
a2431b7d C	193
a2431b7d C	194	return next()
b60e5f38 C	195	}
	196	]
	197
	198	const ensureUserRegistrationAllowed = [
a2431b7d C	199	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	200	const allowed = await isSignupAllowed()
	201	if (allowed === false) {
	202	return res.status(403)
	203	.send({ error: 'User registration is not enabled or user limit is reached.' })
	204	.end()
	205	}
	206
	207	return next()
b60e5f38 C	208	}
b60e5f38 C	209	]
291e8d3e	210
ff2c1fe8 RK	211	const ensureUserRegistrationAllowedForIP = [
	212	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	213	const allowed = isSignupAllowedForCurrentIP(req.ip)
	214
	215	if (allowed === false) {
	216	return res.status(403)
	217	.send({ error: 'You are not on a network authorized for registration.' })
	218	.end()
	219	}
	220
	221	return next()
	222	}
	223	]
	224
ecb4e35f C	225	const usersAskResetPasswordValidator = [
	226	body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
	227
	228	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	229	logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })
	230
	231	if (areValidationErrors(req, res)) return
	232	const exists = await checkUserEmailExist(req.body.email, res, false)
	233	if (!exists) {
	234	logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
	235	// Do not leak our emails
	236	return res.status(204).end()
	237	}
	238
	239	return next()
	240	}
	241	]
	242
	243	const usersResetPasswordValidator = [
	244	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	245	body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
	246	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	247
	248	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	249	logger.debug('Checking usersResetPassword parameters', { parameters: req.params })
	250
	251	if (areValidationErrors(req, res)) return
	252	if (!await checkUserIdExist(req.params.id, res)) return
	253
	254	const user = res.locals.user as UserModel
	255	const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)
	256
	257	if (redisVerificationString !== req.body.verificationString) {
	258	return res
	259	.status(403)
	260	.send({ error: 'Invalid verification string.' })
f076daa7	261	.end()
ecb4e35f C	262	}
	263
	264	return next()
	265	}
	266	]
	267
d9eaee39 JM	268	const usersAskSendVerifyEmailValidator = [
	269	body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
	270
	271	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	272	logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body })
	273
	274	if (areValidationErrors(req, res)) return
	275	const exists = await checkUserEmailExist(req.body.email, res, false)
	276	if (!exists) {
	277	logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
	278	// Do not leak our emails
	279	return res.status(204).end()
	280	}
	281
	282	return next()
	283	}
	284	]
	285
	286	const usersVerifyEmailValidator = [
	287	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	288	body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
	289
	290	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	291	logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })
	292
	293	if (areValidationErrors(req, res)) return
	294	if (!await checkUserIdExist(req.params.id, res)) return
	295
	296	const user = res.locals.user as UserModel
	297	const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)
	298
	299	if (redisVerificationString !== req.body.verificationString) {
	300	return res
	301	.status(403)
	302	.send({ error: 'Invalid verification string.' })
	303	.end()
	304	}
	305
	306	return next()
	307	}
	308	]
	309
74d63469 GR	310	const userAutocompleteValidator = [
	311	param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
	312	]
	313
9bd26629 C	314	// ---------------------------------------------------------------------------
9bd26629 C	315
65fcc311 C	316	export {
65fcc311 C	317	usersAddValidator,
92b9d60c	318	deleteMeValidator,
77a5501f	319	usersRegisterValidator,
e6921918	320	usersBlockingValidator,
65fcc311 C	321	usersRemoveValidator,
65fcc311 C	322	usersUpdateValidator,
8094a898	323	usersUpdateMeValidator,
291e8d3e	324	usersVideoRatingValidator,
8094a898	325	ensureUserRegistrationAllowed,
ff2c1fe8	326	ensureUserRegistrationAllowedForIP,
c5911fd3	327	usersGetValidator,
ecb4e35f	328	usersAskResetPasswordValidator,
d9eaee39 JM	329	usersResetPasswordValidator,
d9eaee39 JM	330	usersAskSendVerifyEmailValidator,
74d63469 GR	331	usersVerifyEmailValidator,
74d63469 GR	332	userAutocompleteValidator
8094a898 C	333	}
	334
	335	// ---------------------------------------------------------------------------
	336
ecb4e35f C	337	function checkUserIdExist (id: number, res: express.Response) {
	338	return checkUserExist(() => UserModel.loadById(id), res)
	339	}
a2431b7d	340
ecb4e35f C	341	function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
ecb4e35f C	342	return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
65fcc311	343	}
77a5501f	344
a2431b7d	345	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
3fd3ab2d	346	const user = await UserModel.loadByUsernameOrEmail(username, email)
a2431b7d C	347
	348	if (user) {
	349	res.status(409)
edf7f40a	350	.send({ error: 'User with this username or email already exists.' })
a2431b7d C	351	.end()
	352	return false
	353	}
	354
2ef6a063 C	355	const actor = await ActorModel.loadLocalByName(username)
	356	if (actor) {
	357	res.status(409)
c907c2fa	358	.send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' })
2ef6a063 C	359	.end()
	360	return false
	361	}
	362
a2431b7d	363	return true
77a5501f	364	}
ecb4e35f C	365
	366	async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
	367	const user = await finder()
	368
	369	if (!user) {
	370	if (abortResponse === true) {
	371	res.status(404)
	372	.send({ error: 'User not found' })
	373	.end()
	374	}
	375
	376	return false
	377	}
	378
	379	res.locals.user = user
	380
	381	return true
	382	}