[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import {
  isIdOrUUIDValid,
  isSignupAllowed,
  isUserDisplayNSFWValid,
  isUserPasswordValid,
  isUserRoleValid,
  isUserUsernameValid,
  isUserVideoQuotaValid,
  logger
} from '../../helpers'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { database as db } from '../../initializers/database'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await db.User.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await db.User.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Commit	Line	Data
69818c93	1	import * as express from 'express'
a2431b7d C	2	import 'express-validator'
a2431b7d C	3	import { body, param } from 'express-validator/check'
b60e5f38	4	import {
a2431b7d	5	isIdOrUUIDValid,
b60e5f38	6	isSignupAllowed,
a2431b7d	7	isUserDisplayNSFWValid,
b60e5f38	8	isUserPasswordValid,
a2431b7d C	9	isUserRoleValid,
a2431b7d C	10	isUserUsernameValid,
b60e5f38	11	isUserVideoQuotaValid,
a2431b7d	12	logger
b60e5f38	13	} from '../../helpers'
a2431b7d C	14	import { isVideoExist } from '../../helpers/custom-validators/videos'
	15	import { database as db } from '../../initializers/database'
	16	import { areValidationErrors } from './utils'
9bd26629	17
b60e5f38	18	const usersAddValidator = [
563d032e	19	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	20	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	21	body('email').isEmail().withMessage('Should have a valid email'),
	22	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	23	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	24
a2431b7d	25	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	26	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	27
a2431b7d C	28	if (areValidationErrors(req, res)) return
	29	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	30
	31	return next()
b60e5f38 C	32	}
b60e5f38 C	33	]
6fcd19ba	34
b60e5f38 C	35	const usersRegisterValidator = [
	36	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	37	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	38	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	39
a2431b7d	40	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	41	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	42
a2431b7d C	43	if (areValidationErrors(req, res)) return
	44	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	45
	46	return next()
b60e5f38 C	47	}
b60e5f38 C	48	]
9bd26629	49
b60e5f38 C	50	const usersRemoveValidator = [
b60e5f38 C	51	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	52
a2431b7d	53	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	54	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	55
a2431b7d C	56	if (areValidationErrors(req, res)) return
	57	if (!await checkUserIdExist(req.params.id, res)) return
	58
	59	const user = res.locals.user
	60	if (user.username === 'root') {
	61	return res.status(400)
	62	.send({ error: 'Cannot remove the root user' })
	63	.end()
	64	}
	65
	66	return next()
b60e5f38 C	67	}
b60e5f38 C	68	]
8094a898	69
b60e5f38 C	70	const usersUpdateValidator = [
	71	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	72	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	73	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	74	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	75
a2431b7d	76	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	77	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	78
a2431b7d C	79	if (areValidationErrors(req, res)) return
	80	if (!await checkUserIdExist(req.params.id, res)) return
	81
	82	return next()
b60e5f38 C	83	}
b60e5f38 C	84	]
9bd26629	85
b60e5f38 C	86	const usersUpdateMeValidator = [
	87	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	88	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	89	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
9bd26629	90
b60e5f38 C	91	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	92	// TODO: Add old password verification
	93	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	94
a2431b7d C	95	if (areValidationErrors(req, res)) return
	96
	97	return next()
b60e5f38 C	98	}
b60e5f38 C	99	]
8094a898	100
b60e5f38 C	101	const usersGetValidator = [
b60e5f38 C	102	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	103
a2431b7d C	104	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	105	logger.debug('Checking usersGet parameters', { parameters: req.body })
	106
	107	if (areValidationErrors(req, res)) return
	108	if (!await checkUserIdExist(req.params.id, res)) return
	109
	110	return next()
b60e5f38 C	111	}
b60e5f38 C	112	]
d38b8281	113
b60e5f38	114	const usersVideoRatingValidator = [
72c7248b	115	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	116
a2431b7d	117	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	118	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	119
a2431b7d C	120	if (areValidationErrors(req, res)) return
	121	if (!await isVideoExist(req.params.videoId, res)) return
	122
	123	return next()
b60e5f38 C	124	}
	125	]
	126
	127	const ensureUserRegistrationAllowed = [
a2431b7d C	128	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	129	const allowed = await isSignupAllowed()
	130	if (allowed === false) {
	131	return res.status(403)
	132	.send({ error: 'User registration is not enabled or user limit is reached.' })
	133	.end()
	134	}
	135
	136	return next()
b60e5f38 C	137	}
b60e5f38 C	138	]
291e8d3e	139
9bd26629 C	140	// ---------------------------------------------------------------------------
9bd26629 C	141
65fcc311 C	142	export {
65fcc311 C	143	usersAddValidator,
77a5501f	144	usersRegisterValidator,
65fcc311 C	145	usersRemoveValidator,
65fcc311 C	146	usersUpdateValidator,
8094a898	147	usersUpdateMeValidator,
291e8d3e	148	usersVideoRatingValidator,
8094a898 C	149	ensureUserRegistrationAllowed,
	150	usersGetValidator
	151	}
	152
	153	// ---------------------------------------------------------------------------
	154
a2431b7d C	155	async function checkUserIdExist (id: number, res: express.Response) {
	156	const user = await db.User.loadById(id)
	157
	158	if (!user) {
	159	res.status(404)
	160	.send({ error: 'User not found' })
	161	.end()
	162
	163	return false
	164	}
	165
	166	res.locals.user = user
	167	return true
65fcc311	168	}
77a5501f	169
a2431b7d C	170	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
	171	const user = await db.User.loadByUsernameOrEmail(username, email)
	172
	173	if (user) {
	174	res.status(409)
	175	.send({ error: 'User with this username of email already exists.' })
	176	.end()
	177	return false
	178	}
	179
	180	return true
77a5501f	181	}