[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { logger } from '../../helpers/logger'
import { isSignupAllowed } from '../../helpers/utils'
import { CONSTRAINTS_FIELDS } from '../../initializers'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'
import Multer = require('multer')

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersUpdateMyAvatarValidator = [
  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
    'This file is not supported. Please, make sure it is of the following type : '
    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
  ),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdateMyAvatarValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    const imageFile = req.files['avatarfile'][0] as Express.Multer.File
    if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
      res.status(400)
        .send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
        .end()
      return
    }

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator,
  usersUpdateMyAvatarValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Commit	Line	Data
69818c93	1	import * as express from 'express'
a2431b7d C	2	import 'express-validator'
a2431b7d C	3	import { body, param } from 'express-validator/check'
3fd3ab2d	4	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
b60e5f38	5	import {
47564bbe	6	isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
3fd3ab2d C	7	isUserVideoQuotaValid
3fd3ab2d C	8	} from '../../helpers/custom-validators/users'
47564bbe	9	import { isVideoExist } from '../../helpers/custom-validators/videos'
da854ddd C	10	import { logger } from '../../helpers/logger'
da854ddd C	11	import { isSignupAllowed } from '../../helpers/utils'
c5911fd3	12	import { CONSTRAINTS_FIELDS } from '../../initializers'
3fd3ab2d	13	import { UserModel } from '../../models/account/user'
a2431b7d	14	import { areValidationErrors } from './utils'
01de67b9	15	import Multer = require('multer')
9bd26629	16
b60e5f38	17	const usersAddValidator = [
563d032e	18	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	19	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	20	body('email').isEmail().withMessage('Should have a valid email'),
	21	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	22	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	23
a2431b7d	24	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	25	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	26
a2431b7d C	27	if (areValidationErrors(req, res)) return
	28	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	29
	30	return next()
b60e5f38 C	31	}
b60e5f38 C	32	]
6fcd19ba	33
b60e5f38 C	34	const usersRegisterValidator = [
	35	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	36	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	37	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	38
a2431b7d	39	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	40	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	41
a2431b7d C	42	if (areValidationErrors(req, res)) return
	43	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	44
	45	return next()
b60e5f38 C	46	}
b60e5f38 C	47	]
9bd26629	48
b60e5f38 C	49	const usersRemoveValidator = [
b60e5f38 C	50	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	51
a2431b7d	52	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	53	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	54
a2431b7d C	55	if (areValidationErrors(req, res)) return
	56	if (!await checkUserIdExist(req.params.id, res)) return
	57
	58	const user = res.locals.user
	59	if (user.username === 'root') {
	60	return res.status(400)
	61	.send({ error: 'Cannot remove the root user' })
	62	.end()
	63	}
	64
	65	return next()
b60e5f38 C	66	}
b60e5f38 C	67	]
8094a898	68
b60e5f38 C	69	const usersUpdateValidator = [
	70	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	71	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	72	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	73	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	74
a2431b7d	75	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	76	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	77
a2431b7d C	78	if (areValidationErrors(req, res)) return
	79	if (!await checkUserIdExist(req.params.id, res)) return
	80
	81	return next()
b60e5f38 C	82	}
b60e5f38 C	83	]
9bd26629	84
b60e5f38 C	85	const usersUpdateMeValidator = [
	86	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	87	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	88	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
7efe153b	89	body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
9bd26629	90
b60e5f38 C	91	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	92	// TODO: Add old password verification
	93	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	94
a2431b7d C	95	if (areValidationErrors(req, res)) return
	96
	97	return next()
b60e5f38 C	98	}
b60e5f38 C	99	]
8094a898	100
c5911fd3 C	101	const usersUpdateMyAvatarValidator = [
	102	body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
	103	'This file is not supported. Please, make sure it is of the following type : '
01de67b9	104	+ CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
c5911fd3 C	105	),
	106
	107	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	108	logger.debug('Checking usersUpdateMyAvatarValidator parameters', { parameters: req.body })
	109
	110	if (areValidationErrors(req, res)) return
	111
01de67b9 C	112	const imageFile = req.files['avatarfile'][0] as Express.Multer.File
	113	if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
	114	res.status(400)
	115	.send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
	116	.end()
	117	return
	118	}
	119
c5911fd3 C	120	return next()
	121	}
	122	]
	123
b60e5f38 C	124	const usersGetValidator = [
b60e5f38 C	125	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	126
a2431b7d C	127	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	128	logger.debug('Checking usersGet parameters', { parameters: req.body })
	129
	130	if (areValidationErrors(req, res)) return
	131	if (!await checkUserIdExist(req.params.id, res)) return
	132
	133	return next()
b60e5f38 C	134	}
b60e5f38 C	135	]
d38b8281	136
b60e5f38	137	const usersVideoRatingValidator = [
72c7248b	138	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	139
a2431b7d	140	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	141	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	142
a2431b7d C	143	if (areValidationErrors(req, res)) return
	144	if (!await isVideoExist(req.params.videoId, res)) return
	145
	146	return next()
b60e5f38 C	147	}
	148	]
	149
	150	const ensureUserRegistrationAllowed = [
a2431b7d C	151	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	152	const allowed = await isSignupAllowed()
	153	if (allowed === false) {
	154	return res.status(403)
	155	.send({ error: 'User registration is not enabled or user limit is reached.' })
	156	.end()
	157	}
	158
	159	return next()
b60e5f38 C	160	}
b60e5f38 C	161	]
291e8d3e	162
9bd26629 C	163	// ---------------------------------------------------------------------------
9bd26629 C	164
65fcc311 C	165	export {
65fcc311 C	166	usersAddValidator,
77a5501f	167	usersRegisterValidator,
65fcc311 C	168	usersRemoveValidator,
65fcc311 C	169	usersUpdateValidator,
8094a898	170	usersUpdateMeValidator,
291e8d3e	171	usersVideoRatingValidator,
8094a898	172	ensureUserRegistrationAllowed,
c5911fd3 C	173	usersGetValidator,
c5911fd3 C	174	usersUpdateMyAvatarValidator
8094a898 C	175	}
	176
	177	// ---------------------------------------------------------------------------
	178
a2431b7d	179	async function checkUserIdExist (id: number, res: express.Response) {
3fd3ab2d	180	const user = await UserModel.loadById(id)
a2431b7d C	181
	182	if (!user) {
	183	res.status(404)
	184	.send({ error: 'User not found' })
	185	.end()
	186
	187	return false
	188	}
	189
	190	res.locals.user = user
	191	return true
65fcc311	192	}
77a5501f	193
a2431b7d	194	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
3fd3ab2d	195	const user = await UserModel.loadByUsernameOrEmail(username, email)
a2431b7d C	196
	197	if (user) {
	198	res.status(409)
	199	.send({ error: 'User with this username of email already exists.' })
	200	.end()
	201	return false
	202	}
	203
	204	return true
77a5501f	205	}