[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { logger } from '../../helpers/logger'
import { isSignupAllowed } from '../../helpers/utils'
import { CONSTRAINTS_FIELDS } from '../../initializers'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersUpdateMyAvatarValidator = [
  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
    'This file is not supported. Please, make sure it is of the following type : '
    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
  ),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })

    if (areValidationErrors(req, res)) return

    const imageFile = req.files['avatarfile'][0] as Express.Multer.File
    if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
      res.status(400)
        .send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
        .end()
      return
    }

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator,
  usersUpdateMyAvatarValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Commit	Line	Data
69818c93	1	import * as express from 'express'
a2431b7d C	2	import 'express-validator'
a2431b7d C	3	import { body, param } from 'express-validator/check'
3fd3ab2d	4	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
b60e5f38	5	import {
47564bbe	6	isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
3fd3ab2d C	7	isUserVideoQuotaValid
3fd3ab2d C	8	} from '../../helpers/custom-validators/users'
47564bbe	9	import { isVideoExist } from '../../helpers/custom-validators/videos'
da854ddd C	10	import { logger } from '../../helpers/logger'
da854ddd C	11	import { isSignupAllowed } from '../../helpers/utils'
c5911fd3	12	import { CONSTRAINTS_FIELDS } from '../../initializers'
3fd3ab2d	13	import { UserModel } from '../../models/account/user'
a2431b7d	14	import { areValidationErrors } from './utils'
9bd26629	15
b60e5f38	16	const usersAddValidator = [
563d032e	17	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
b60e5f38 C	18	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	19	body('email').isEmail().withMessage('Should have a valid email'),
	20	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	21	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
9bd26629	22
a2431b7d	23	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	24	logger.debug('Checking usersAdd parameters', { parameters: req.body })
9bd26629	25
a2431b7d C	26	if (areValidationErrors(req, res)) return
	27	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	28
	29	return next()
b60e5f38 C	30	}
b60e5f38 C	31	]
6fcd19ba	32
b60e5f38 C	33	const usersRegisterValidator = [
	34	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
	35	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
	36	body('email').isEmail().withMessage('Should have a valid email'),
77a5501f	37
a2431b7d	38	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	39	logger.debug('Checking usersRegister parameters', { parameters: req.body })
77a5501f	40
a2431b7d C	41	if (areValidationErrors(req, res)) return
	42	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
	43
	44	return next()
b60e5f38 C	45	}
b60e5f38 C	46	]
9bd26629	47
b60e5f38 C	48	const usersRemoveValidator = [
b60e5f38 C	49	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
9bd26629	50
a2431b7d	51	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	52	logger.debug('Checking usersRemove parameters', { parameters: req.params })
9bd26629	53
a2431b7d C	54	if (areValidationErrors(req, res)) return
	55	if (!await checkUserIdExist(req.params.id, res)) return
	56
	57	const user = res.locals.user
	58	if (user.username === 'root') {
	59	return res.status(400)
	60	.send({ error: 'Cannot remove the root user' })
	61	.end()
	62	}
	63
	64	return next()
b60e5f38 C	65	}
b60e5f38 C	66	]
8094a898	67
b60e5f38 C	68	const usersUpdateValidator = [
	69	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
	70	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	71	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
954605a8	72	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
8094a898	73
a2431b7d	74	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	75	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
9bd26629	76
a2431b7d C	77	if (areValidationErrors(req, res)) return
	78	if (!await checkUserIdExist(req.params.id, res)) return
	79
	80	return next()
b60e5f38 C	81	}
b60e5f38 C	82	]
9bd26629	83
b60e5f38 C	84	const usersUpdateMeValidator = [
	85	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
	86	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
	87	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
7efe153b	88	body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
9bd26629	89
b60e5f38 C	90	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	91	// TODO: Add old password verification
	92	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
8094a898	93
a2431b7d C	94	if (areValidationErrors(req, res)) return
	95
	96	return next()
b60e5f38 C	97	}
b60e5f38 C	98	]
8094a898	99
c5911fd3 C	100	const usersUpdateMyAvatarValidator = [
	101	body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
	102	'This file is not supported. Please, make sure it is of the following type : '
01de67b9	103	+ CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
c5911fd3 C	104	),
	105
	106	(req: express.Request, res: express.Response, next: express.NextFunction) => {
e8e12200	107	logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })
c5911fd3 C	108
	109	if (areValidationErrors(req, res)) return
	110
01de67b9 C	111	const imageFile = req.files['avatarfile'][0] as Express.Multer.File
	112	if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
	113	res.status(400)
	114	.send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
	115	.end()
	116	return
	117	}
	118
c5911fd3 C	119	return next()
	120	}
	121	]
	122
b60e5f38 C	123	const usersGetValidator = [
b60e5f38 C	124	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
d38b8281	125
a2431b7d C	126	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	127	logger.debug('Checking usersGet parameters', { parameters: req.body })
	128
	129	if (areValidationErrors(req, res)) return
	130	if (!await checkUserIdExist(req.params.id, res)) return
	131
	132	return next()
b60e5f38 C	133	}
b60e5f38 C	134	]
d38b8281	135
b60e5f38	136	const usersVideoRatingValidator = [
72c7248b	137	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
0a6658fd	138
a2431b7d	139	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b60e5f38	140	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
0a6658fd	141
a2431b7d C	142	if (areValidationErrors(req, res)) return
	143	if (!await isVideoExist(req.params.videoId, res)) return
	144
	145	return next()
b60e5f38 C	146	}
	147	]
	148
	149	const ensureUserRegistrationAllowed = [
a2431b7d C	150	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	151	const allowed = await isSignupAllowed()
	152	if (allowed === false) {
	153	return res.status(403)
	154	.send({ error: 'User registration is not enabled or user limit is reached.' })
	155	.end()
	156	}
	157
	158	return next()
b60e5f38 C	159	}
b60e5f38 C	160	]
291e8d3e	161
9bd26629 C	162	// ---------------------------------------------------------------------------
9bd26629 C	163
65fcc311 C	164	export {
65fcc311 C	165	usersAddValidator,
77a5501f	166	usersRegisterValidator,
65fcc311 C	167	usersRemoveValidator,
65fcc311 C	168	usersUpdateValidator,
8094a898	169	usersUpdateMeValidator,
291e8d3e	170	usersVideoRatingValidator,
8094a898	171	ensureUserRegistrationAllowed,
c5911fd3 C	172	usersGetValidator,
c5911fd3 C	173	usersUpdateMyAvatarValidator
8094a898 C	174	}
	175
	176	// ---------------------------------------------------------------------------
	177
a2431b7d	178	async function checkUserIdExist (id: number, res: express.Response) {
3fd3ab2d	179	const user = await UserModel.loadById(id)
a2431b7d C	180
	181	if (!user) {
	182	res.status(404)
	183	.send({ error: 'User not found' })
	184	.end()
	185
	186	return false
	187	}
	188
	189	res.locals.user = user
	190	return true
65fcc311	191	}
77a5501f	192
a2431b7d	193	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
3fd3ab2d	194	const user = await UserModel.loadByUsernameOrEmail(username, email)
a2431b7d C	195
	196	if (user) {
	197	res.status(409)
	198	.send({ error: 'User with this username of email already exists.' })
	199	.end()
	200	return false
	201	}
	202
	203	return true
77a5501f	204	}