server/controllers/api/v1/users.js

   1 'use strict'
   2
   3 const each = require('async/each')
   4 const config = require('config')
   5 const express = require('express')
   6 const mongoose = require('mongoose')
   7 const waterfall = require('async/waterfall')
   8
   9 const constants = require('../../../initializers/constants')
  10 const friends = require('../../../lib/friends')
  11 const logger = require('../../../helpers/logger')
  12 const middlewares = require('../../../middlewares')
  13 const admin = middlewares.admin
  14 const oAuth = middlewares.oauth
  15 const validatorsUsers = middlewares.validators.users
  16
  17 const Client = mongoose.model('OAuthClient')
  18 const User = mongoose.model('User')
  19 const Video = mongoose.model('Video')
  20
  21 const router = express.Router()
  22
  23 router.get('/', listUsers)
  24
  25 router.post('/',
  26   oAuth.authenticate,
  27   admin.ensureIsAdmin,
  28   validatorsUsers.usersAdd,
  29   createUser
  30 )
  31
  32 router.put('/:id',
  33   oAuth.authenticate,
  34   validatorsUsers.usersUpdate,
  35   updateUser
  36 )
  37
  38 router.delete('/:username',
  39   oAuth.authenticate,
  40   admin.ensureIsAdmin,
  41   validatorsUsers.usersRemove,
  42   removeUser
  43 )
  44 router.get('/client', getAngularClient)
  45 router.post('/token', oAuth.token, success)
  46 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
  47
  48 // ---------------------------------------------------------------------------
  49
  50 module.exports = router
  51
  52 // ---------------------------------------------------------------------------
  53
  54 function createUser (req, res, next) {
  55   const user = new User({
  56     username: req.body.username,
  57     password: req.body.password,
  58     role: constants.USER_ROLES.USER
  59   })
  60
  61   user.save(function (err, createdUser) {
  62     if (err) return next(err)
  63
  64     return res.type('json').status(204).end()
  65   })
  66 }
  67
  68 function getAngularClient (req, res, next) {
  69   const serverHost = config.get('webserver.host')
  70   const serverPort = config.get('webserver.port')
  71   let headerHostShouldBe = serverHost
  72   if (serverPort !== 80 && serverPort !== 443) {
  73     headerHostShouldBe += ':' + serverPort
  74   }
  75
  76   // Don't make this check if this is a test instance
  77   if (process.env.NODE_ENV !== 'test' && req.get('host') !== headerHostShouldBe) {
  78     return res.type('json').status(403).end()
  79   }
  80
  81   Client.loadFirstClient(function (err, client) {
  82     if (err) return next(err)
  83     if (!client) return next(new Error('No client available.'))
  84
  85     res.json({
  86       client_id: client._id,
  87       client_secret: client.clientSecret
  88     })
  89   })
  90 }
  91
  92 function listUsers (req, res, next) {
  93   User.list(function (err, usersList) {
  94     if (err) return next(err)
  95
  96     res.json(getFormatedUsers(usersList))
  97   })
  98 }
  99
 100 function removeUser (req, res, next) {
 101   waterfall([
 102     function getUser (callback) {
 103       User.loadByUsername(req.params.username, callback)
 104     },
 105
 106     function getVideos (user, callback) {
 107       Video.listOwnedByAuthor(user.username, function (err, videos) {
 108         return callback(err, user, videos)
 109       })
 110     },
 111
 112     function removeVideosFromDB (user, videos, callback) {
 113       each(videos, function (video, callbackEach) {
 114         video.remove(callbackEach)
 115       }, function (err) {
 116         return callback(err, user, videos)
 117       })
 118     },
 119
 120     function sendInformationToFriends (user, videos, callback) {
 121       videos.forEach(function (video) {
 122         const params = {
 123           name: video.name,
 124           magnetUri: video.magnetUri
 125         }
 126
 127         friends.removeVideoToFriends(params)
 128       })
 129
 130       return callback(null, user)
 131     },
 132
 133     function removeUserFromDB (user, callback) {
 134       user.remove(callback)
 135     }
 136   ], function andFinally (err) {
 137     if (err) {
 138       logger.error('Errors when removed the user.', { error: err })
 139       return next(err)
 140     }
 141
 142     return res.type('json').status(204).end()
 143   })
 144 }
 145
 146 function updateUser (req, res, next) {
 147   User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 148     if (err) return next(err)
 149
 150     user.password = req.body.password
 151     user.save(function (err) {
 152       if (err) return next(err)
 153
 154       return res.json('json').status(204).end()
 155     })
 156   })
 157 }
 158
 159 function success (req, res, next) {
 160   res.end()
 161 }
 162
 163 // ---------------------------------------------------------------------------
 164
 165 function getFormatedUsers (users) {
 166   const formatedUsers = []
 167
 168   users.forEach(function (user) {
 169     formatedUsers.push(user.toFormatedJSON())
 170   })
 171
 172   return {
 173     data: formatedUsers
 174   }
 175 }