[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { logger } from '../../helpers/logger'
import { isSignupAllowed } from '../../helpers/utils'
import { CONSTRAINTS_FIELDS } from '../../initializers'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
      return res.status(400)
        .send({ error: 'Cannot change root role.' })
        .end()
    }

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersUpdateMyAvatarValidator = [
  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
    'This file is not supported. Please, make sure it is of the following type : '
    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
  ),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })

    if (areValidationErrors(req, res)) return

    const imageFile = req.files['avatarfile'][0] as Express.Multer.File
    if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
      res.status(400)
        .send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
        .end()
      return
    }

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator,
  usersUpdateMyAvatarValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Commit	Line	Data
69818c93	1	import * as express from 'express'
a2431b7d C	2	import 'express-validator'
a2431b7d C	3	import { body, param } from 'express-validator/check'
3fd3ab2d	4	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
b60e5f38	5	import {
47564bbe	6	isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
3fd3ab2d C	7	isUserVideoQuotaValid
3fd3ab2d C	8	} from '../../helpers/custom-validators/users'
47564bbe	9	import { isVideoExist } from '../../helpers/custom-validators/videos'
da854ddd C	10	import { logger } from '../../helpers/logger'
da854ddd C	11	import { isSignupAllowed } from '../../helpers/utils'
c5911fd3	12	import { CONSTRAINTS_FIELDS } from '../../initializers'
3fd3ab2d	13	import { UserModel } from '../../models/account/user'
a2431b7d	14	import { areValidationErrors } from './utils'
9bd26629	15
b60e5f38	16	const usersAddValidator = [
563d032e	17	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	18	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	19	body('email').isEmail().withMessage('Should have a valid email'),
	20	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	21	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	22
a2431b7d	23	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	24	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	25
a2431b7d C	26	if (areValidationErrors(req, res)) return
	27	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	28
	29	return next()
b60e5f38 C	30	}
b60e5f38 C	31	]
6fcd19ba	32
b60e5f38 C	33	const usersRegisterValidator = [
	34	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	35	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	36	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	37
a2431b7d	38	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	39	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	40
a2431b7d C	41	if (areValidationErrors(req, res)) return
	42	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	43
	44	return next()
b60e5f38 C	45	}
b60e5f38 C	46	]
9bd26629	47
b60e5f38 C	48	const usersRemoveValidator = [
b60e5f38 C	49	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	50
a2431b7d	51	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	52	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	53
a2431b7d C	54	if (areValidationErrors(req, res)) return
	55	if (!await checkUserIdExist(req.params.id, res)) return
	56
	57	const user = res.locals.user
	58	if (user.username === 'root') {
	59	return res.status(400)
	60	.send({ error: 'Cannot remove the root user' })
	61	.end()
	62	}
	63
	64	return next()
b60e5f38 C	65	}
b60e5f38 C	66	]
8094a898	67
b60e5f38 C	68	const usersUpdateValidator = [
	69	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	70	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	71	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	72	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	73
a2431b7d	74	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	75	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	76
a2431b7d C	77	if (areValidationErrors(req, res)) return
	78	if (!await checkUserIdExist(req.params.id, res)) return
	79
f8b8c36b C	80	const user = res.locals.user
	81	if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
	82	return res.status(400)
	83	.send({ error: 'Cannot change root role.' })
	84	.end()
	85	}
	86
a2431b7d	87	return next()
b60e5f38 C	88	}
b60e5f38 C	89	]
9bd26629	90
b60e5f38 C	91	const usersUpdateMeValidator = [
	92	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	93	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	94	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
7efe153b	95	body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
9bd26629	96
b60e5f38 C	97	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	98	// TODO: Add old password verification
	99	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	100
a2431b7d C	101	if (areValidationErrors(req, res)) return
	102
	103	return next()
b60e5f38 C	104	}
b60e5f38 C	105	]
8094a898	106
c5911fd3 C	107	const usersUpdateMyAvatarValidator = [
	108	body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
	109	'This file is not supported. Please, make sure it is of the following type : '
01de67b9	110	+ CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
c5911fd3 C	111	),
	112
	113	(req: express.Request, res: express.Response, next: express.NextFunction) => {
e8e12200	114	logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })
c5911fd3 C	115
	116	if (areValidationErrors(req, res)) return
	117
01de67b9 C	118	const imageFile = req.files['avatarfile'][0] as Express.Multer.File
	119	if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
	120	res.status(400)
	121	.send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
	122	.end()
	123	return
	124	}
	125
c5911fd3 C	126	return next()
	127	}
	128	]
	129
b60e5f38 C	130	const usersGetValidator = [
b60e5f38 C	131	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	132
a2431b7d C	133	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	134	logger.debug('Checking usersGet parameters', { parameters: req.body })
	135
	136	if (areValidationErrors(req, res)) return
	137	if (!await checkUserIdExist(req.params.id, res)) return
	138
	139	return next()
b60e5f38 C	140	}
b60e5f38 C	141	]
d38b8281	142
b60e5f38	143	const usersVideoRatingValidator = [
72c7248b	144	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	145
a2431b7d	146	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	147	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	148
a2431b7d C	149	if (areValidationErrors(req, res)) return
	150	if (!await isVideoExist(req.params.videoId, res)) return
	151
	152	return next()
b60e5f38 C	153	}
	154	]
	155
	156	const ensureUserRegistrationAllowed = [
a2431b7d C	157	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	158	const allowed = await isSignupAllowed()
	159	if (allowed === false) {
	160	return res.status(403)
	161	.send({ error: 'User registration is not enabled or user limit is reached.' })
	162	.end()
	163	}
	164
	165	return next()
b60e5f38 C	166	}
b60e5f38 C	167	]
291e8d3e	168
9bd26629 C	169	// ---------------------------------------------------------------------------
9bd26629 C	170
65fcc311 C	171	export {
65fcc311 C	172	usersAddValidator,
77a5501f	173	usersRegisterValidator,
65fcc311 C	174	usersRemoveValidator,
65fcc311 C	175	usersUpdateValidator,
8094a898	176	usersUpdateMeValidator,
291e8d3e	177	usersVideoRatingValidator,
8094a898	178	ensureUserRegistrationAllowed,
c5911fd3 C	179	usersGetValidator,
c5911fd3 C	180	usersUpdateMyAvatarValidator
8094a898 C	181	}
	182
	183	// ---------------------------------------------------------------------------
	184
a2431b7d	185	async function checkUserIdExist (id: number, res: express.Response) {
3fd3ab2d	186	const user = await UserModel.loadById(id)
a2431b7d C	187
	188	if (!user) {
	189	res.status(404)
	190	.send({ error: 'User not found' })
	191	.end()
	192
	193	return false
	194	}
	195
	196	res.locals.user = user
	197	return true
65fcc311	198	}
77a5501f	199
a2431b7d	200	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
3fd3ab2d	201	const user = await UserModel.loadByUsernameOrEmail(username, email)
a2431b7d C	202
	203	if (user) {
	204	res.status(409)
	205	.send({ error: 'User with this username of email already exists.' })
	206	.end()
	207	return false
	208	}
	209
	210	return true
77a5501f	211	}