[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isSignupAllowed, logger } from '../../helpers'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isUserDisplayNSFWValid,
  isUserAutoPlayVideoValid,
  isUserPasswordValid,
  isUserRoleValid,
  isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Commit	Line	Data
69818c93	1	import * as express from 'express'
a2431b7d C	2	import 'express-validator'
a2431b7d C	3	import { body, param } from 'express-validator/check'
3fd3ab2d C	4	import { isSignupAllowed, logger } from '../../helpers'
3fd3ab2d C	5	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
b60e5f38	6	import {
a2431b7d	7	isUserDisplayNSFWValid,
7efe153b	8	isUserAutoPlayVideoValid,
b60e5f38	9	isUserPasswordValid,
a2431b7d C	10	isUserRoleValid,
a2431b7d C	11	isUserUsernameValid,
3fd3ab2d C	12	isUserVideoQuotaValid
3fd3ab2d C	13	} from '../../helpers/custom-validators/users'
a2431b7d	14	import { isVideoExist } from '../../helpers/custom-validators/videos'
3fd3ab2d	15	import { UserModel } from '../../models/account/user'
a2431b7d	16	import { areValidationErrors } from './utils'
9bd26629	17
b60e5f38	18	const usersAddValidator = [
563d032e	19	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	20	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	21	body('email').isEmail().withMessage('Should have a valid email'),
	22	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	23	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	24
a2431b7d	25	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	26	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	27
a2431b7d C	28	if (areValidationErrors(req, res)) return
	29	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	30
	31	return next()
b60e5f38 C	32	}
b60e5f38 C	33	]
6fcd19ba	34
b60e5f38 C	35	const usersRegisterValidator = [
	36	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	37	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	38	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	39
a2431b7d	40	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	41	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	42
a2431b7d C	43	if (areValidationErrors(req, res)) return
	44	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	45
	46	return next()
b60e5f38 C	47	}
b60e5f38 C	48	]
9bd26629	49
b60e5f38 C	50	const usersRemoveValidator = [
b60e5f38 C	51	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	52
a2431b7d	53	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	54	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	55
a2431b7d C	56	if (areValidationErrors(req, res)) return
	57	if (!await checkUserIdExist(req.params.id, res)) return
	58
	59	const user = res.locals.user
	60	if (user.username === 'root') {
	61	return res.status(400)
	62	.send({ error: 'Cannot remove the root user' })
	63	.end()
	64	}
	65
	66	return next()
b60e5f38 C	67	}
b60e5f38 C	68	]
8094a898	69
b60e5f38 C	70	const usersUpdateValidator = [
	71	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	72	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	73	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	74	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	75
a2431b7d	76	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	77	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	78
a2431b7d C	79	if (areValidationErrors(req, res)) return
	80	if (!await checkUserIdExist(req.params.id, res)) return
	81
	82	return next()
b60e5f38 C	83	}
b60e5f38 C	84	]
9bd26629	85
b60e5f38 C	86	const usersUpdateMeValidator = [
	87	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	88	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	89	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
7efe153b	90	body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
9bd26629	91
b60e5f38 C	92	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	93	// TODO: Add old password verification
	94	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	95
a2431b7d C	96	if (areValidationErrors(req, res)) return
	97
	98	return next()
b60e5f38 C	99	}
b60e5f38 C	100	]
8094a898	101
b60e5f38 C	102	const usersGetValidator = [
b60e5f38 C	103	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	104
a2431b7d C	105	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	106	logger.debug('Checking usersGet parameters', { parameters: req.body })
	107
	108	if (areValidationErrors(req, res)) return
	109	if (!await checkUserIdExist(req.params.id, res)) return
	110
	111	return next()
b60e5f38 C	112	}
b60e5f38 C	113	]
d38b8281	114
b60e5f38	115	const usersVideoRatingValidator = [
72c7248b	116	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	117
a2431b7d	118	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	119	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	120
a2431b7d C	121	if (areValidationErrors(req, res)) return
	122	if (!await isVideoExist(req.params.videoId, res)) return
	123
	124	return next()
b60e5f38 C	125	}
	126	]
	127
	128	const ensureUserRegistrationAllowed = [
a2431b7d C	129	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	130	const allowed = await isSignupAllowed()
	131	if (allowed === false) {
	132	return res.status(403)
	133	.send({ error: 'User registration is not enabled or user limit is reached.' })
	134	.end()
	135	}
	136
	137	return next()
b60e5f38 C	138	}
b60e5f38 C	139	]
291e8d3e	140
9bd26629 C	141	// ---------------------------------------------------------------------------
9bd26629 C	142
65fcc311 C	143	export {
65fcc311 C	144	usersAddValidator,
77a5501f	145	usersRegisterValidator,
65fcc311 C	146	usersRemoveValidator,
65fcc311 C	147	usersUpdateValidator,
8094a898	148	usersUpdateMeValidator,
291e8d3e	149	usersVideoRatingValidator,
8094a898 C	150	ensureUserRegistrationAllowed,
	151	usersGetValidator
	152	}
	153
	154	// ---------------------------------------------------------------------------
	155
a2431b7d	156	async function checkUserIdExist (id: number, res: express.Response) {
3fd3ab2d	157	const user = await UserModel.loadById(id)
a2431b7d C	158
	159	if (!user) {
	160	res.status(404)
	161	.send({ error: 'User not found' })
	162	.end()
	163
	164	return false
	165	}
	166
	167	res.locals.user = user
	168	return true
65fcc311	169	}
77a5501f	170
a2431b7d	171	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
3fd3ab2d	172	const user = await UserModel.loadByUsernameOrEmail(username, email)
a2431b7d C	173
	174	if (user) {
	175	res.status(409)
	176	.send({ error: 'User with this username of email already exists.' })
	177	.end()
	178	return false
	179	}
	180
	181	return true
77a5501f	182	}