server/controllers/api/users.ts

   1 import * as express from 'express'
   2 import 'multer'
   3 import { extname, join } from 'path'
   4 import * as uuidv4 from 'uuid/v4'
   5 import * as RateLimit from 'express-rate-limit'
   6 import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRate as FormattedUserVideoRate } from '../../../shared'
   7 import { retryTransactionWrapper } from '../../helpers/database-utils'
   8 import { processImage } from '../../helpers/image-utils'
   9 import { logger } from '../../helpers/logger'
  10 import { createReqFiles, getFormattedObjects } from '../../helpers/utils'
  11 import { AVATARS_SIZE, CONFIG, IMAGE_MIMETYPE_EXT, RATES_LIMIT, sequelizeTypescript } from '../../initializers'
  12 import { updateActorAvatarInstance } from '../../lib/activitypub'
  13 import { sendUpdateActor } from '../../lib/activitypub/send'
  14 import { Emailer } from '../../lib/emailer'
  15 import { Redis } from '../../lib/redis'
  16 import { createUserAccountAndChannel } from '../../lib/user'
  17 import {
  18   asyncMiddleware,
  19   authenticate,
  20   ensureUserHasRight,
  21   ensureUserRegistrationAllowed,
  22   paginationValidator,
  23   setDefaultPagination,
  24   setDefaultSort,
  25   token,
  26   usersAddValidator,
  27   usersGetValidator,
  28   usersRegisterValidator,
  29   usersRemoveValidator,
  30   usersSortValidator,
  31   usersUpdateMeValidator,
  32   usersUpdateValidator,
  33   usersVideoRatingValidator
  34 } from '../../middlewares'
  35 import {
  36   usersAskResetPasswordValidator,
  37   usersResetPasswordValidator,
  38   usersUpdateMyAvatarValidator,
  39   videosSortValidator
  40 } from '../../middlewares/validators'
  41 import { AccountVideoRateModel } from '../../models/account/account-video-rate'
  42 import { UserModel } from '../../models/account/user'
  43 import { OAuthTokenModel } from '../../models/oauth/oauth-token'
  44 import { VideoModel } from '../../models/video/video'
  45
  46 const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
  47 const loginRateLimiter = new RateLimit({
  48   windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
  49   max: RATES_LIMIT.LOGIN.MAX,
  50   delayMs: 0
  51 })
  52
  53 const usersRouter = express.Router()
  54
  55 usersRouter.get('/me',
  56   authenticate,
  57   asyncMiddleware(getUserInformation)
  58 )
  59
  60 usersRouter.get('/me/video-quota-used',
  61   authenticate,
  62   asyncMiddleware(getUserVideoQuotaUsed)
  63 )
  64
  65 usersRouter.get('/me/videos',
  66   authenticate,
  67   paginationValidator,
  68   videosSortValidator,
  69   setDefaultSort,
  70   setDefaultPagination,
  71   asyncMiddleware(getUserVideos)
  72 )
  73
  74 usersRouter.get('/me/videos/:videoId/rating',
  75   authenticate,
  76   asyncMiddleware(usersVideoRatingValidator),
  77   asyncMiddleware(getUserVideoRating)
  78 )
  79
  80 usersRouter.get('/',
  81   authenticate,
  82   ensureUserHasRight(UserRight.MANAGE_USERS),
  83   paginationValidator,
  84   usersSortValidator,
  85   setDefaultSort,
  86   setDefaultPagination,
  87   asyncMiddleware(listUsers)
  88 )
  89
  90 usersRouter.get('/:id',
  91   asyncMiddleware(usersGetValidator),
  92   getUser
  93 )
  94
  95 usersRouter.post('/',
  96   authenticate,
  97   ensureUserHasRight(UserRight.MANAGE_USERS),
  98   asyncMiddleware(usersAddValidator),
  99   asyncMiddleware(createUserRetryWrapper)
 100 )
 101
 102 usersRouter.post('/register',
 103   asyncMiddleware(ensureUserRegistrationAllowed),
 104   asyncMiddleware(usersRegisterValidator),
 105   asyncMiddleware(registerUserRetryWrapper)
 106 )
 107
 108 usersRouter.put('/me',
 109   authenticate,
 110   usersUpdateMeValidator,
 111   asyncMiddleware(updateMe)
 112 )
 113
 114 usersRouter.post('/me/avatar/pick',
 115   authenticate,
 116   reqAvatarFile,
 117   usersUpdateMyAvatarValidator,
 118   asyncMiddleware(updateMyAvatar)
 119 )
 120
 121 usersRouter.put('/:id',
 122   authenticate,
 123   ensureUserHasRight(UserRight.MANAGE_USERS),
 124   asyncMiddleware(usersUpdateValidator),
 125   asyncMiddleware(updateUser)
 126 )
 127
 128 usersRouter.delete('/:id',
 129   authenticate,
 130   ensureUserHasRight(UserRight.MANAGE_USERS),
 131   asyncMiddleware(usersRemoveValidator),
 132   asyncMiddleware(removeUser)
 133 )
 134
 135 usersRouter.post('/ask-reset-password',
 136   asyncMiddleware(usersAskResetPasswordValidator),
 137   asyncMiddleware(askResetUserPassword)
 138 )
 139
 140 usersRouter.post('/:id/reset-password',
 141   asyncMiddleware(usersResetPasswordValidator),
 142   asyncMiddleware(resetUserPassword)
 143 )
 144
 145 usersRouter.post('/token',
 146   loginRateLimiter,
 147   token,
 148   success
 149 )
 150 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
 151
 152 // ---------------------------------------------------------------------------
 153
 154 export {
 155   usersRouter
 156 }
 157
 158 // ---------------------------------------------------------------------------
 159
 160 async function getUserVideos (req: express.Request, res: express.Response, next: express.NextFunction) {
 161   const user = res.locals.oauth.token.User as UserModel
 162   const resultList = await VideoModel.listUserVideosForApi(user.id ,req.query.start, req.query.count, req.query.sort)
 163
 164   return res.json(getFormattedObjects(resultList.data, resultList.total))
 165 }
 166
 167 async function createUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
 168   const options = {
 169     arguments: [ req ],
 170     errorMessage: 'Cannot insert the user with many retries.'
 171   }
 172
 173   const { user, account } = await retryTransactionWrapper(createUser, options)
 174
 175   return res.json({
 176     user: {
 177       id: user.id,
 178       uuid: account.uuid
 179     }
 180   }).end()
 181 }
 182
 183 async function createUser (req: express.Request) {
 184   const body: UserCreate = req.body
 185   const userToCreate = new UserModel({
 186     username: body.username,
 187     password: body.password,
 188     email: body.email,
 189     displayNSFW: false,
 190     autoPlayVideo: true,
 191     role: body.role,
 192     videoQuota: body.videoQuota
 193   })
 194
 195   const { user, account } = await createUserAccountAndChannel(userToCreate)
 196
 197   logger.info('User %s with its channel and account created.', body.username)
 198
 199   return { user, account }
 200 }
 201
 202 async function registerUserRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
 203   const options = {
 204     arguments: [ req ],
 205     errorMessage: 'Cannot insert the user with many retries.'
 206   }
 207
 208   await retryTransactionWrapper(registerUser, options)
 209
 210   return res.type('json').status(204).end()
 211 }
 212
 213 async function registerUser (req: express.Request) {
 214   const body: UserCreate = req.body
 215
 216   const user = new UserModel({
 217     username: body.username,
 218     password: body.password,
 219     email: body.email,
 220     displayNSFW: false,
 221     autoPlayVideo: true,
 222     role: UserRole.USER,
 223     videoQuota: CONFIG.USER.VIDEO_QUOTA
 224   })
 225
 226   await createUserAccountAndChannel(user)
 227
 228   logger.info('User %s with its channel and account registered.', body.username)
 229 }
 230
 231 async function getUserInformation (req: express.Request, res: express.Response, next: express.NextFunction) {
 232   // We did not load channels in res.locals.user
 233   const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
 234
 235   return res.json(user.toFormattedJSON())
 236 }
 237
 238 async function getUserVideoQuotaUsed (req: express.Request, res: express.Response, next: express.NextFunction) {
 239   // We did not load channels in res.locals.user
 240   const user = await UserModel.loadByUsernameAndPopulateChannels(res.locals.oauth.token.user.username)
 241   const videoQuotaUsed = await UserModel.getOriginalVideoFileTotalFromUser(user)
 242
 243   return res.json({
 244     videoQuotaUsed
 245   })
 246 }
 247
 248 function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
 249   return res.json((res.locals.user as UserModel).toFormattedJSON())
 250 }
 251
 252 async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
 253   const videoId = +req.params.videoId
 254   const accountId = +res.locals.oauth.token.User.Account.id
 255
 256   const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
 257   const rating = ratingObj ? ratingObj.type : 'none'
 258
 259   const json: FormattedUserVideoRate = {
 260     videoId,
 261     rating
 262   }
 263   res.json(json)
 264 }
 265
 266 async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
 267   const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
 268
 269   return res.json(getFormattedObjects(resultList.data, resultList.total))
 270 }
 271
 272 async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
 273   const user = await UserModel.loadById(req.params.id)
 274
 275   await user.destroy()
 276
 277   return res.sendStatus(204)
 278 }
 279
 280 async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
 281   const body: UserUpdateMe = req.body
 282
 283   const user: UserModel = res.locals.oauth.token.user
 284
 285   if (body.password !== undefined) user.password = body.password
 286   if (body.email !== undefined) user.email = body.email
 287   if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW
 288   if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
 289
 290   await sequelizeTypescript.transaction(async t => {
 291     await user.save({ transaction: t })
 292
 293     if (body.description !== undefined) user.Account.description = body.description
 294     await user.Account.save({ transaction: t })
 295
 296     await sendUpdateActor(user.Account, t)
 297   })
 298
 299   return res.sendStatus(204)
 300 }
 301
 302 async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
 303   const avatarPhysicalFile = req.files['avatarfile'][0]
 304   const user = res.locals.oauth.token.user
 305   const actor = user.Account.Actor
 306
 307   const extension = extname(avatarPhysicalFile.filename)
 308   const avatarName = uuidv4() + extension
 309   const destination = join(CONFIG.STORAGE.AVATARS_DIR, avatarName)
 310   await processImage(avatarPhysicalFile, destination, AVATARS_SIZE)
 311
 312   const avatar = await sequelizeTypescript.transaction(async t => {
 313     const updatedActor = await updateActorAvatarInstance(actor, avatarName, t)
 314     await updatedActor.save({ transaction: t })
 315
 316     await sendUpdateActor(user.Account, t)
 317
 318     return updatedActor.Avatar
 319   })
 320
 321   return res
 322     .json({
 323       avatar: avatar.toFormattedJSON()
 324     })
 325     .end()
 326 }
 327
 328 async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
 329   const body: UserUpdate = req.body
 330   const user = res.locals.user as UserModel
 331   const roleChanged = body.role !== undefined && body.role !== user.role
 332
 333   if (body.email !== undefined) user.email = body.email
 334   if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
 335   if (body.role !== undefined) user.role = body.role
 336
 337   await user.save()
 338
 339   // Destroy user token to refresh rights
 340   if (roleChanged) {
 341     await OAuthTokenModel.deleteUserToken(user.id)
 342   }
 343
 344   // Don't need to send this update to followers, these attributes are not propagated
 345
 346   return res.sendStatus(204)
 347 }
 348
 349 async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
 350   const user = res.locals.user as UserModel
 351
 352   const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
 353   const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
 354   await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)
 355
 356   return res.status(204).end()
 357 }
 358
 359 async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
 360   const user = res.locals.user as UserModel
 361   user.password = req.body.password
 362
 363   await user.save()
 364
 365   return res.status(204).end()
 366 }
 367
 368 function success (req: express.Request, res: express.Response, next: express.NextFunction) {
 369   res.end()
 370 }