[github/Chocobozzz/PeerTube.git] / server / controllers / api / users.ts

import * as express from 'express'
import 'multer'
import { extname, join } from 'path'
import * as uuidv4 from 'uuid/v4'
import * as RateLimit from 'express-rate-limit'
import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
import { retryTransactionWrapper } from '../../helpers/database-utils'
import { processImage } from '../../helpers/image-utils'
import { logger } from '../../helpers/logger'
import { getFormattedObjects } from '../../helpers/utils'
import { AVATARS_SIZE, CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
import { updateActorAvatarInstance } from '../../lib/activitypub'
import { sendUpdateActor } from '../../lib/activitypub/send'
import { Emailer } from '../../lib/emailer'
import { Redis } from '../../lib/redis'
import { createUserAccountAndChannel } from '../../lib/user'
import {
  asyncMiddleware,
  authenticate,
  ensureUserHasRight,
  ensureUserRegistrationAllowed,
  ensureUserRegistrationAllowedForIP,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  token,
  usersAddValidator,
  usersGetValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersSortValidator,
  usersUpdateMeValidator,
  usersUpdateValidator,
  usersVideoRatingValidator
} from '../../middlewares'
import {
  usersAskResetPasswordValidator,
  usersResetPasswordValidator,
  usersUpdateMyAvatarValidator,
  videosSortValidator
} from '../../middlewares/validators'
import { AccountVideoRateModel } from '../../models/account/account-video-rate'
import { UserModel } from '../../models/account/user'
import { OAuthTokenModel } from '../../models/oauth/oauth-token'
import { VideoModel } from '../../models/video/video'
import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
import { createReqFiles } from '../../helpers/express-utils'
import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'

const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
const loginRateLimiter = new RateLimit({
  windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
  max: RATES_LIMIT.LOGIN.MAX,
  delayMs: 0
})

const usersRouter = express.Router()

usersRouter.get('/me',
  authenticate,
  asyncMiddleware(getUserInformation)
)

usersRouter.get('/me/video-quota-used',
  authenticate,
  asyncMiddleware(getUserVideoQuotaUsed)
)

usersRouter.get('/me/videos',
  authenticate,
  paginationValidator,
  videosSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(getUserVideos)
)

usersRouter.get('/me/videos/:videoId/rating',
  authenticate,
  asyncMiddleware(usersVideoRatingValidator),
  asyncMiddleware(getUserVideoRating)
)

usersRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  paginationValidator,
  usersSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listUsers)
)

usersRouter.get('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersGetValidator),
  getUser
)

usersRouter.post('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersAddValidator),
  asyncMiddleware(createUserRetryWrapper)
)

usersRouter.post('/register',
  asyncMiddleware(ensureUserRegistrationAllowed),
  ensureUserRegistrationAllowedForIP,
  asyncMiddleware(usersRegisterValidator),
  asyncMiddleware(registerUserRetryWrapper)
)

usersRouter.put('/me',
  authenticate,
  usersUpdateMeValidator,
  asyncMiddleware(updateMe)
)

usersRouter.post('/me/avatar/pick',
  authenticate,
  reqAvatarFile,
  usersUpdateMyAvatarValidator,
  asyncMiddleware(updateMyAvatar)
)

usersRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersUpdateValidator),
  asyncMiddleware(updateUser)
)

usersRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersRemoveValidator),
  asyncMiddleware(removeUser)
)

usersRouter.post('/ask-reset-password',
  asyncMiddleware(usersAskResetPasswordValidator),
  asyncMiddleware(askResetUserPassword)
)

usersRouter.post('/:id/reset-password',
  asyncMiddleware(usersResetPasswordValidator),
  asyncMiddleware(resetUserPassword)
)

usersRouter.post('/token',
  loginRateLimiter,
  token,
  success
)
// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route

// ---------------------------------------------------------------------------

export {
  usersRouter
}

// ---------------------------------------------------------------------------

async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.oauth.token.User as UserModel
  const resultList = await VideoModel.listAccountVideosForApi(
    user.Account.id,
    req.query.start as number,
    req.query.count as number,
    req.query.sort as VideoSortField,
    false // Display my NSFW videos
  )

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function createUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
  const options = {
    arguments: [ req ],
    errorMessage: 'Cannot insert the user with many retries.'
  }

  const { user, account } = await retryTransactionWrapper(createUser, options)

  return res.json({
    user: {
      id: user.id,
      account: {
        id: account.id,
        uuid: account.Actor.uuid
      }
    }
  }).end()
}

async function createUser (req: express.Request) {
  const body: UserCreate = req.body
  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: body.role,
    videoQuota: body.videoQuota
  })

  const { user, account } = await createUserAccountAndChannel(userToCreate)

  logger.info('User %s with its channel and account created.', body.username)

  return { user, account }
}

async function registerUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
  const options = {
    arguments: [ req ],
    errorMessage: 'Cannot insert the user with many retries.'
  }

  await retryTransactionWrapper(registerUser, options)

  return res.type('json').status(204).end()
}

async function registerUser (req: express.Request) {
  const body: UserCreate = req.body

  const user = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: UserRole.USER,
    videoQuota: CONFIG.USER.VIDEO_QUOTA
  })

  await createUserAccountAndChannel(user)

  logger.info('User %s with its channel and account registered.', body.username)
}

async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)

  return res.json(user.toFormattedJSON())
}

async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
  // We did not load channels in res.locals.user
  const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
  const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)

  const data: UserVideoQuota = {
    videoQuotaUsed
  }
  return res.json(data)
}

function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  return res.json((res.locals.user as UserModel).toFormattedJSON())
}

async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
  const videoId = +req.params.videoId
  const accountId = +res.locals.oauth.token.User.Account.id

  const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
  const rating = ratingObj ? ratingObj.type : 'none'

  const json: FormattedUserVideoRate = {
    videoId,
    rating
  }
  res.json(json)
}

async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = await UserModel.loadById(req.params.id)

  await user.destroy()

  return res.sendStatus(204)
}

async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdateMe = req.body

  const user: UserModel = res.locals.oauth.token.user

  if (body.password !== undefined) user.password = body.password
  if (body.email !== undefined) user.email = body.email
  if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
  if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo

  await sequelizeTypescript.transaction(async t => {
    await user.save({ transaction: t })

    if (body.displayName !== undefined) user.Account.name = body.displayName
    if (body.description !== undefined) user.Account.description = body.description
    await user.Account.save({ transaction: t })

    await sendUpdateActor(user.Account, t)
  })

  return res.sendStatus(204)
}

async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
  const avatarPhysicalFile = req.files['avatarfile'][0]
  const user = res.locals.oauth.token.user
  const actor = user.Account.Actor

  const extension = extname(avatarPhysicalFile.filename)
  const avatarName = uuidv4() + extension
  const destination = join(CONFIG.STORAGE.AVATARS_DIR, avatarName)
  await processImage(avatarPhysicalFile, destination, AVATARS_SIZE)

  const avatar = await sequelizeTypescript.transaction(async t => {
    const updatedActor = await updateActorAvatarInstance(actor, avatarName, t)
    await updatedActor.save({ transaction: t })

    await sendUpdateActor(user.Account, t)

    return updatedActor.Avatar
  })

  return res
    .json({
      avatar: avatar.toFormattedJSON()
    })
    .end()
}

async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdate = req.body
  const user = res.locals.user as UserModel
  const roleChanged = body.role !== undefined && body.role !== user.role

  if (body.email !== undefined) user.email = body.email
  if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
  if (body.role !== undefined) user.role = body.role

  await user.save()

  // Destroy user token to refresh rights
  if (roleChanged) {
    await OAuthTokenModel.deleteUserToken(user.id)
  }

  // Don't need to send this update to followers, these attributes are not propagated

  return res.sendStatus(204)
}

async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel

  const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
  const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
  await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)

  return res.status(204).end()
}

async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel
  user.password = req.body.password

  await user.save()

  return res.status(204).end()
}

function success (req: express.Request, res: express.Response, next: express.NextFunction) {
  res.end()
}
Commit	Line	Data
	1	import * as express from 'express'
	2	import 'multer'
	3	import { extname, join } from 'path'
	4	import * as uuidv4 from 'uuid/v4'
	5	import * as RateLimit from 'express-rate-limit'
	6	import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
	7	import { retryTransactionWrapper } from '../../helpers/database-utils'
	8	import { processImage } from '../../helpers/image-utils'
	9	import { logger } from '../../helpers/logger'
	10	import { getFormattedObjects } from '../../helpers/utils'
	11	import { AVATARS_SIZE, CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
	12	import { updateActorAvatarInstance } from '../../lib/activitypub'
	13	import { sendUpdateActor } from '../../lib/activitypub/send'
	14	import { Emailer } from '../../lib/emailer'
	15	import { Redis } from '../../lib/redis'
	16	import { createUserAccountAndChannel } from '../../lib/user'
	17	import {
	18	asyncMiddleware,
	19	authenticate,
	20	ensureUserHasRight,
	21	ensureUserRegistrationAllowed,
	22	ensureUserRegistrationAllowedForIP,
	23	paginationValidator,
	24	setDefaultPagination,
	25	setDefaultSort,
	26	token,
	27	usersAddValidator,
	28	usersGetValidator,
	29	usersRegisterValidator,
	30	usersRemoveValidator,
	31	usersSortValidator,
	32	usersUpdateMeValidator,
	33	usersUpdateValidator,
	34	usersVideoRatingValidator
	35	} from '../../middlewares'
	36	import {
	37	usersAskResetPasswordValidator,
	38	usersResetPasswordValidator,
	39	usersUpdateMyAvatarValidator,
	40	videosSortValidator
	41	} from '../../middlewares/validators'
	42	import { AccountVideoRateModel } from '../../models/account/account-video-rate'
	43	import { UserModel } from '../../models/account/user'
	44	import { OAuthTokenModel } from '../../models/oauth/oauth-token'
	45	import { VideoModel } from '../../models/video/video'
	46	import { VideoSortField } from '../../../client/src/app/shared/video/sort-field.type'
	47	import { createReqFiles } from '../../helpers/express-utils'
	48	import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
	49
	50	const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
	51	const loginRateLimiter = new RateLimit({
	52	windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
	53	max: RATES_LIMIT.LOGIN.MAX,
	54	delayMs: 0
	55	})
	56
	57	const usersRouter = express.Router()
	58
	59	usersRouter.get('/me',
	60	authenticate,
	61	asyncMiddleware(getUserInformation)
	62	)
	63
	64	usersRouter.get('/me/video-quota-used',
	65	authenticate,
	66	asyncMiddleware(getUserVideoQuotaUsed)
	67	)
	68
	69	usersRouter.get('/me/videos',
	70	authenticate,
	71	paginationValidator,
	72	videosSortValidator,
	73	setDefaultSort,
	74	setDefaultPagination,
	75	asyncMiddleware(getUserVideos)
	76	)
	77
	78	usersRouter.get('/me/videos/:videoId/rating',
	79	authenticate,
	80	asyncMiddleware(usersVideoRatingValidator),
	81	asyncMiddleware(getUserVideoRating)
	82	)
	83
	84	usersRouter.get('/',
	85	authenticate,
	86	ensureUserHasRight(UserRight.MANAGE_USERS),
	87	paginationValidator,
	88	usersSortValidator,
	89	setDefaultSort,
	90	setDefaultPagination,
	91	asyncMiddleware(listUsers)
	92	)
	93
	94	usersRouter.get('/:id',
	95	authenticate,
	96	ensureUserHasRight(UserRight.MANAGE_USERS),
	97	asyncMiddleware(usersGetValidator),
	98	getUser
	99	)
	100
	101	usersRouter.post('/',
	102	authenticate,
	103	ensureUserHasRight(UserRight.MANAGE_USERS),
	104	asyncMiddleware(usersAddValidator),
	105	asyncMiddleware(createUserRetryWrapper)
	106	)
	107
	108	usersRouter.post('/register',
	109	asyncMiddleware(ensureUserRegistrationAllowed),
	110	ensureUserRegistrationAllowedForIP,
	111	asyncMiddleware(usersRegisterValidator),
	112	asyncMiddleware(registerUserRetryWrapper)
	113	)
	114
	115	usersRouter.put('/me',
	116	authenticate,
	117	usersUpdateMeValidator,
	118	asyncMiddleware(updateMe)
	119	)
	120
	121	usersRouter.post('/me/avatar/pick',
	122	authenticate,
	123	reqAvatarFile,
	124	usersUpdateMyAvatarValidator,
	125	asyncMiddleware(updateMyAvatar)
	126	)
	127
	128	usersRouter.put('/:id',
	129	authenticate,
	130	ensureUserHasRight(UserRight.MANAGE_USERS),
	131	asyncMiddleware(usersUpdateValidator),
	132	asyncMiddleware(updateUser)
	133	)
	134
	135	usersRouter.delete('/:id',
	136	authenticate,
	137	ensureUserHasRight(UserRight.MANAGE_USERS),
	138	asyncMiddleware(usersRemoveValidator),
	139	asyncMiddleware(removeUser)
	140	)
	141
	142	usersRouter.post('/ask-reset-password',
	143	asyncMiddleware(usersAskResetPasswordValidator),
	144	asyncMiddleware(askResetUserPassword)
	145	)
	146
	147	usersRouter.post('/:id/reset-password',
	148	asyncMiddleware(usersResetPasswordValidator),
	149	asyncMiddleware(resetUserPassword)
	150	)
	151
	152	usersRouter.post('/token',
	153	loginRateLimiter,
	154	token,
	155	success
	156	)
	157	// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
	158
	159	// ---------------------------------------------------------------------------
	160
	161	export {
	162	usersRouter
	163	}
	164
	165	// ---------------------------------------------------------------------------
	166
	167	async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
	168	const user = res.locals.oauth.token.User as UserModel
	169	const resultList = await VideoModel.listAccountVideosForApi(
	170	user.Account.id,
	171	req.query.start as number,
	172	req.query.count as number,
	173	req.query.sort as VideoSortField,
	174	false // Display my NSFW videos
	175	)
	176
	177	return res.json(getFormattedObjects(resultList.data, resultList.total))
	178	}
	179
	180	async function createUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
	181	const options = {
	182	arguments: [ req ],
	183	errorMessage: 'Cannot insert the user with many retries.'
	184	}
	185
	186	const { user, account } = await retryTransactionWrapper(createUser, options)
	187
	188	return res.json({
	189	user: {
	190	id: user.id,
	191	account: {
	192	id: account.id,
	193	uuid: account.Actor.uuid
	194	}
	195	}
	196	}).end()
	197	}
	198
	199	async function createUser (req: express.Request) {
	200	const body: UserCreate = req.body
	201	const userToCreate = new UserModel({
	202	username: body.username,
	203	password: body.password,
	204	email: body.email,
	205	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
	206	autoPlayVideo: true,
	207	role: body.role,
	208	videoQuota: body.videoQuota
	209	})
	210
	211	const { user, account } = await createUserAccountAndChannel(userToCreate)
	212
	213	logger.info('User %s with its channel and account created.', body.username)
	214
	215	return { user, account }
	216	}
	217
	218	async function registerUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
	219	const options = {
	220	arguments: [ req ],
	221	errorMessage: 'Cannot insert the user with many retries.'
	222	}
	223
	224	await retryTransactionWrapper(registerUser, options)
	225
	226	return res.type('json').status(204).end()
	227	}
	228
	229	async function registerUser (req: express.Request) {
	230	const body: UserCreate = req.body
	231
	232	const user = new UserModel({
	233	username: body.username,
	234	password: body.password,
	235	email: body.email,
	236	nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
	237	autoPlayVideo: true,
	238	role: UserRole.USER,
	239	videoQuota: CONFIG.USER.VIDEO_QUOTA
	240	})
	241
	242	await createUserAccountAndChannel(user)
	243
	244	logger.info('User %s with its channel and account registered.', body.username)
	245	}
	246
	247	async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
	248	// We did not load channels in res.locals.user
	249	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
	250
	251	return res.json(user.toFormattedJSON())
	252	}
	253
	254	async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
	255	// We did not load channels in res.locals.user
	256	const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
	257	const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)
	258
	259	const data: UserVideoQuota = {
	260	videoQuotaUsed
	261	}
	262	return res.json(data)
	263	}
	264
	265	function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
	266	return res.json((res.locals.user as UserModel).toFormattedJSON())
	267	}
	268
	269	async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
	270	const videoId = +req.params.videoId
	271	const accountId = +res.locals.oauth.token.User.Account.id
	272
	273	const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
	274	const rating = ratingObj ? ratingObj.type : 'none'
	275
	276	const json: FormattedUserVideoRate = {
	277	videoId,
	278	rating
	279	}
	280	res.json(json)
	281	}
	282
	283	async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
	284	const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
	285
	286	return res.json(getFormattedObjects(resultList.data, resultList.total))
	287	}
	288
	289	async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
	290	const user = await UserModel.loadById(req.params.id)
	291
	292	await user.destroy()
	293
	294	return res.sendStatus(204)
	295	}
	296
	297	async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
	298	const body: UserUpdateMe = req.body
	299
	300	const user: UserModel = res.locals.oauth.token.user
	301
	302	if (body.password !== undefined) user.password = body.password
	303	if (body.email !== undefined) user.email = body.email
	304	if (body.nsfwPolicy !== undefined) user.nsfwPolicy = body.nsfwPolicy
	305	if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
	306
	307	await sequelizeTypescript.transaction(async t => {
	308	await user.save({ transaction: t })
	309
	310	if (body.displayName !== undefined) user.Account.name = body.displayName
	311	if (body.description !== undefined) user.Account.description = body.description
	312	await user.Account.save({ transaction: t })
	313
	314	await sendUpdateActor(user.Account, t)
	315	})
	316
	317	return res.sendStatus(204)
	318	}
	319
	320	async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
	321	const avatarPhysicalFile = req.files['avatarfile'][0]
	322	const user = res.locals.oauth.token.user
	323	const actor = user.Account.Actor
	324
	325	const extension = extname(avatarPhysicalFile.filename)
	326	const avatarName = uuidv4() + extension
	327	const destination = join(CONFIG.STORAGE.AVATARS_DIR, avatarName)
	328	await processImage(avatarPhysicalFile, destination, AVATARS_SIZE)
	329
	330	const avatar = await sequelizeTypescript.transaction(async t => {
	331	const updatedActor = await updateActorAvatarInstance(actor, avatarName, t)
	332	await updatedActor.save({ transaction: t })
	333
	334	await sendUpdateActor(user.Account, t)
	335
	336	return updatedActor.Avatar
	337	})
	338
	339	return res
	340	.json({
	341	avatar: avatar.toFormattedJSON()
	342	})
	343	.end()
	344	}
	345
	346	async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
	347	const body: UserUpdate = req.body
	348	const user = res.locals.user as UserModel
	349	const roleChanged = body.role !== undefined && body.role !== user.role
	350
	351	if (body.email !== undefined) user.email = body.email
	352	if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
	353	if (body.role !== undefined) user.role = body.role
	354
	355	await user.save()
	356
	357	// Destroy user token to refresh rights
	358	if (roleChanged) {
	359	await OAuthTokenModel.deleteUserToken(user.id)
	360	}
	361
	362	// Don't need to send this update to followers, these attributes are not propagated
	363
	364	return res.sendStatus(204)
	365	}
	366
	367	async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	368	const user = res.locals.user as UserModel
	369
	370	const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
	371	const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
	372	await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)
	373
	374	return res.status(204).end()
	375	}
	376
	377	async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
	378	const user = res.locals.user as UserModel
	379	user.password = req.body.password
	380
	381	await user.save()
	382
	383	return res.status(204).end()
	384	}
	385
	386	function success (req: express.Request, res: express.Response, next: express.NextFunction) {
	387	res.end()
	388	}