]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/users/index.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Optimize SQL requests of watch page API endpoints
[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / index.ts
1 import * as express from 'express'
2 import * as RateLimit from 'express-rate-limit'
3 import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
4 import { logger } from '../../../helpers/logger'
5 import { getFormattedObjects } from '../../../helpers/utils'
6 import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers'
7 import { Emailer } from '../../../lib/emailer'
8 import { Redis } from '../../../lib/redis'
9 import { createUserAccountAndChannel } from '../../../lib/user'
10 import {
11 asyncMiddleware,
12 asyncRetryTransactionMiddleware,
13 authenticate,
14 ensureUserHasRight,
15 ensureUserRegistrationAllowed,
16 ensureUserRegistrationAllowedForIP,
17 paginationValidator,
18 setDefaultPagination,
19 setDefaultSort,
20 token,
21 userAutocompleteValidator,
22 usersAddValidator,
23 usersGetValidator,
24 usersRegisterValidator,
25 usersRemoveValidator,
26 usersSortValidator,
27 usersUpdateValidator
28 } from '../../../middlewares'
29 import {
30 usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,
31 usersAskSendVerifyEmailValidator, usersVerifyEmailValidator
32 } from '../../../middlewares/validators'
33 import { UserModel } from '../../../models/account/user'
34 import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
35 import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
36 import { meRouter } from './me'
37
38 const auditLogger = auditLoggerFactory('users')
39
40 const loginRateLimiter = new RateLimit({
41 windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
42 max: RATES_LIMIT.LOGIN.MAX,
43 delayMs: 0
44 })
45
46 const askSendEmailLimiter = new RateLimit({
47 windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
48 max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
49 delayMs: 0
50 })
51
52 const usersRouter = express.Router()
53 usersRouter.use('/', meRouter)
54
55 usersRouter.get('/autocomplete',
56 userAutocompleteValidator,
57 asyncMiddleware(autocompleteUsers)
58 )
59
60 usersRouter.get('/',
61 authenticate,
62 ensureUserHasRight(UserRight.MANAGE_USERS),
63 paginationValidator,
64 usersSortValidator,
65 setDefaultSort,
66 setDefaultPagination,
67 asyncMiddleware(listUsers)
68 )
69
70 usersRouter.post('/:id/block',
71 authenticate,
72 ensureUserHasRight(UserRight.MANAGE_USERS),
73 asyncMiddleware(usersBlockingValidator),
74 asyncMiddleware(blockUser)
75 )
76 usersRouter.post('/:id/unblock',
77 authenticate,
78 ensureUserHasRight(UserRight.MANAGE_USERS),
79 asyncMiddleware(usersBlockingValidator),
80 asyncMiddleware(unblockUser)
81 )
82
83 usersRouter.get('/:id',
84 authenticate,
85 ensureUserHasRight(UserRight.MANAGE_USERS),
86 asyncMiddleware(usersGetValidator),
87 getUser
88 )
89
90 usersRouter.post('/',
91 authenticate,
92 ensureUserHasRight(UserRight.MANAGE_USERS),
93 asyncMiddleware(usersAddValidator),
94 asyncRetryTransactionMiddleware(createUser)
95 )
96
97 usersRouter.post('/register',
98 asyncMiddleware(ensureUserRegistrationAllowed),
99 ensureUserRegistrationAllowedForIP,
100 asyncMiddleware(usersRegisterValidator),
101 asyncRetryTransactionMiddleware(registerUser)
102 )
103
104 usersRouter.put('/:id',
105 authenticate,
106 ensureUserHasRight(UserRight.MANAGE_USERS),
107 asyncMiddleware(usersUpdateValidator),
108 asyncMiddleware(updateUser)
109 )
110
111 usersRouter.delete('/:id',
112 authenticate,
113 ensureUserHasRight(UserRight.MANAGE_USERS),
114 asyncMiddleware(usersRemoveValidator),
115 asyncMiddleware(removeUser)
116 )
117
118 usersRouter.post('/ask-reset-password',
119 asyncMiddleware(usersAskResetPasswordValidator),
120 asyncMiddleware(askResetUserPassword)
121 )
122
123 usersRouter.post('/:id/reset-password',
124 asyncMiddleware(usersResetPasswordValidator),
125 asyncMiddleware(resetUserPassword)
126 )
127
128 usersRouter.post('/ask-send-verify-email',
129 askSendEmailLimiter,
130 asyncMiddleware(usersAskSendVerifyEmailValidator),
131 asyncMiddleware(askSendVerifyUserEmail)
132 )
133
134 usersRouter.post('/:id/verify-email',
135 asyncMiddleware(usersVerifyEmailValidator),
136 asyncMiddleware(verifyUserEmail)
137 )
138
139 usersRouter.post('/token',
140 loginRateLimiter,
141 token,
142 success
143 )
144 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
145
146 // ---------------------------------------------------------------------------
147
148 export {
149 usersRouter
150 }
151
152 // ---------------------------------------------------------------------------
153
154 async function createUser (req: express.Request, res: express.Response) {
155 const body: UserCreate = req.body
156 const userToCreate = new UserModel({
157 username: body.username,
158 password: body.password,
159 email: body.email,
160 nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
161 autoPlayVideo: true,
162 role: body.role,
163 videoQuota: body.videoQuota,
164 videoQuotaDaily: body.videoQuotaDaily
165 })
166
167 const { user, account } = await createUserAccountAndChannel(userToCreate)
168
169 auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
170 logger.info('User %s with its channel and account created.', body.username)
171
172 return res.json({
173 user: {
174 id: user.id,
175 account: {
176 id: account.id,
177 uuid: account.Actor.uuid
178 }
179 }
180 }).end()
181 }
182
183 async function registerUser (req: express.Request, res: express.Response) {
184 const body: UserCreate = req.body
185
186 const userToCreate = new UserModel({
187 username: body.username,
188 password: body.password,
189 email: body.email,
190 nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
191 autoPlayVideo: true,
192 role: UserRole.USER,
193 videoQuota: CONFIG.USER.VIDEO_QUOTA,
194 videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY,
195 emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
196 })
197
198 const { user } = await createUserAccountAndChannel(userToCreate)
199
200 auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
201 logger.info('User %s with its channel and account registered.', body.username)
202
203 if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
204 await sendVerifyUserEmail(user)
205 }
206
207 return res.type('json').status(204).end()
208 }
209
210 async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
211 const user: UserModel = res.locals.user
212
213 await changeUserBlock(res, user, false)
214
215 return res.status(204).end()
216 }
217
218 async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
219 const user: UserModel = res.locals.user
220 const reason = req.body.reason
221
222 await changeUserBlock(res, user, true, reason)
223
224 return res.status(204).end()
225 }
226
227 function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
228 return res.json((res.locals.user as UserModel).toFormattedJSON())
229 }
230
231 async function autocompleteUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
232 const resultList = await UserModel.autoComplete(req.query.search as string)
233
234 return res.json(resultList)
235 }
236
237 async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
238 const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
239
240 return res.json(getFormattedObjects(resultList.data, resultList.total))
241 }
242
243 async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
244 const user: UserModel = res.locals.user
245
246 await user.destroy()
247
248 auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
249
250 return res.sendStatus(204)
251 }
252
253 async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
254 const body: UserUpdate = req.body
255 const userToUpdate = res.locals.user as UserModel
256 const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
257 const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
258
259 if (body.email !== undefined) userToUpdate.email = body.email
260 if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
261 if (body.videoQuotaDaily !== undefined) userToUpdate.videoQuotaDaily = body.videoQuotaDaily
262 if (body.role !== undefined) userToUpdate.role = body.role
263
264 const user = await userToUpdate.save()
265
266 // Destroy user token to refresh rights
267 if (roleChanged) {
268 await OAuthTokenModel.deleteUserToken(userToUpdate.id)
269 }
270
271 auditLogger.update(
272 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
273 new UserAuditView(user.toFormattedJSON()),
274 oldUserAuditView
275 )
276
277 // Don't need to send this update to followers, these attributes are not propagated
278
279 return res.sendStatus(204)
280 }
281
282 async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
283 const user = res.locals.user as UserModel
284
285 const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
286 const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
287 await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)
288
289 return res.status(204).end()
290 }
291
292 async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
293 const user = res.locals.user as UserModel
294 user.password = req.body.password
295
296 await user.save()
297
298 return res.status(204).end()
299 }
300
301 async function sendVerifyUserEmail (user: UserModel) {
302 const verificationString = await Redis.Instance.setVerifyEmailVerificationString(user.id)
303 const url = CONFIG.WEBSERVER.URL + '/verify-account/email?userId=' + user.id + '&verificationString=' + verificationString
304 await Emailer.Instance.addVerifyEmailJob(user.email, url)
305 return
306 }
307
308 async function askSendVerifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) {
309 const user = res.locals.user as UserModel
310
311 await sendVerifyUserEmail(user)
312
313 return res.status(204).end()
314 }
315
316 async function verifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) {
317 const user = res.locals.user as UserModel
318 user.emailVerified = true
319
320 await user.save()
321
322 return res.status(204).end()
323 }
324
325 function success (req: express.Request, res: express.Response, next: express.NextFunction) {
326 res.end()
327 }
328
329 async function changeUserBlock (res: express.Response, user: UserModel, block: boolean, reason?: string) {
330 const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
331
332 user.blocked = block
333 user.blockedReason = reason || null
334
335 await sequelizeTypescript.transaction(async t => {
336 await OAuthTokenModel.deleteUserToken(user.id, t)
337
338 await user.save({ transaction: t })
339 })
340
341 await Emailer.Instance.addUserBlockJob(user, block, reason)
342
343 auditLogger.update(
344 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
345 new UserAuditView(user.toFormattedJSON()),
346 oldUserAuditView
347 )
348 }
ActivityPub-federated video streaming platform using P2P directly in your web browser