server/controllers/api/users.js

   1 'use strict'
   2
   3 const express = require('express')
   4 const waterfall = require('async/waterfall')
   5
   6 const constants = require('../../initializers/constants')
   7 const db = require('../../initializers/database')
   8 const logger = require('../../helpers/logger')
   9 const utils = require('../../helpers/utils')
  10 const middlewares = require('../../middlewares')
  11 const admin = middlewares.admin
  12 const oAuth = middlewares.oauth
  13 const pagination = middlewares.pagination
  14 const sort = middlewares.sort
  15 const validatorsPagination = middlewares.validators.pagination
  16 const validatorsSort = middlewares.validators.sort
  17 const validatorsUsers = middlewares.validators.users
  18
  19 const router = express.Router()
  20
  21 router.get('/me',
  22   oAuth.authenticate,
  23   getUserInformation
  24 )
  25
  26 router.get('/me/videos/:videoId/rating',
  27   oAuth.authenticate,
  28   validatorsUsers.usersVideoRating,
  29   getUserVideoRating
  30 )
  31
  32 router.get('/',
  33   validatorsPagination.pagination,
  34   validatorsSort.usersSort,
  35   sort.setUsersSort,
  36   pagination.setPagination,
  37   listUsers
  38 )
  39
  40 router.post('/',
  41   oAuth.authenticate,
  42   admin.ensureIsAdmin,
  43   validatorsUsers.usersAdd,
  44   createUser
  45 )
  46
  47 router.post('/register',
  48   ensureRegistrationEnabled,
  49   validatorsUsers.usersAdd,
  50   createUser
  51 )
  52
  53 router.put('/:id',
  54   oAuth.authenticate,
  55   validatorsUsers.usersUpdate,
  56   updateUser
  57 )
  58
  59 router.delete('/:id',
  60   oAuth.authenticate,
  61   admin.ensureIsAdmin,
  62   validatorsUsers.usersRemove,
  63   removeUser
  64 )
  65
  66 router.post('/token', oAuth.token, success)
  67 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
  68
  69 // ---------------------------------------------------------------------------
  70
  71 module.exports = router
  72
  73 // ---------------------------------------------------------------------------
  74
  75 function ensureRegistrationEnabled (req, res, next) {
  76   const registrationEnabled = constants.CONFIG.SIGNUP.ENABLED
  77
  78   if (registrationEnabled === true) {
  79     return next()
  80   }
  81
  82   return res.status(400).send('User registration is not enabled.')
  83 }
  84
  85 function createUser (req, res, next) {
  86   const user = db.User.build({
  87     username: req.body.username,
  88     password: req.body.password,
  89     email: req.body.email,
  90     displayNSFW: false,
  91     role: constants.USER_ROLES.USER
  92   })
  93
  94   user.save().asCallback(function (err, createdUser) {
  95     if (err) return next(err)
  96
  97     return res.type('json').status(204).end()
  98   })
  99 }
 100
 101 function getUserInformation (req, res, next) {
 102   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 103     if (err) return next(err)
 104
 105     return res.json(user.toFormatedJSON())
 106   })
 107 }
 108
 109 function getUserVideoRating (req, res, next) {
 110   const videoId = req.params.videoId
 111   const userId = res.locals.oauth.token.User.id
 112
 113   db.UserVideoRate.load(userId, videoId, function (err, ratingObj) {
 114     if (err) return next(err)
 115
 116     const rating = ratingObj ? ratingObj.type : 'none'
 117
 118     res.json({
 119       videoId,
 120       rating
 121     })
 122   })
 123 }
 124
 125 function listUsers (req, res, next) {
 126   db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
 127     if (err) return next(err)
 128
 129     res.json(utils.getFormatedObjects(usersList, usersTotal))
 130   })
 131 }
 132
 133 function removeUser (req, res, next) {
 134   waterfall([
 135     function loadUser (callback) {
 136       db.User.loadById(req.params.id, callback)
 137     },
 138
 139     function deleteUser (user, callback) {
 140       user.destroy().asCallback(callback)
 141     }
 142   ], function andFinally (err) {
 143     if (err) {
 144       logger.error('Errors when removed the user.', { error: err })
 145       return next(err)
 146     }
 147
 148     return res.sendStatus(204)
 149   })
 150 }
 151
 152 function updateUser (req, res, next) {
 153   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 154     if (err) return next(err)
 155
 156     if (req.body.password) user.password = req.body.password
 157     if (req.body.displayNSFW !== undefined) user.displayNSFW = req.body.displayNSFW
 158
 159     user.save().asCallback(function (err) {
 160       if (err) return next(err)
 161
 162       return res.sendStatus(204)
 163     })
 164   })
 165 }
 166
 167 function success (req, res, next) {
 168   res.end()
 169 }