1 import express from 'express'
2 import { body, param } from 'express-validator'
3 import { toBooleanOrNull } from '@server/helpers/custom-validators/misc'
4 import { HttpStatusCode } from '@shared/models'
5 import { logger } from '../../helpers/logger'
6 import { Redis } from '../../lib/redis'
7 import { areValidationErrors, checkUserEmailExist, checkUserIdExist } from './shared'
8 import { checkRegistrationEmailExist, checkRegistrationIdExist } from './shared/user-registrations'
10 const usersAskSendVerifyEmailValidator = [
11 body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
13 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
14 if (areValidationErrors(req, res)) return
16 const [ userExists, registrationExists ] = await Promise.all([
17 checkUserEmailExist(req.body.email, res, false),
18 checkRegistrationEmailExist(req.body.email, res, false)
21 if (!userExists && !registrationExists) {
22 logger.debug('User or registration with email %s does not exist (asking verify email).', req.body.email)
23 // Do not leak our emails
24 return res.status(HttpStatusCode.NO_CONTENT_204).end()
27 if (res.locals.user?.pluginAuth) {
29 status: HttpStatusCode.CONFLICT_409,
30 message: 'Cannot ask verification email of a user that uses a plugin authentication.'
38 const usersVerifyEmailValidator = [
40 .isInt().not().isEmpty().withMessage('Should have a valid id'),
42 body('verificationString')
43 .not().isEmpty().withMessage('Should have a valid verification string'),
44 body('isPendingEmail')
46 .customSanitizer(toBooleanOrNull),
48 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
49 if (areValidationErrors(req, res)) return
50 if (!await checkUserIdExist(req.params.id, res)) return
52 const user = res.locals.user
53 const redisVerificationString = await Redis.Instance.getUserVerifyEmailLink(user.id)
55 if (redisVerificationString !== req.body.verificationString) {
56 return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' })
63 // ---------------------------------------------------------------------------
65 const registrationVerifyEmailValidator = [
66 param('registrationId')
67 .isInt().not().isEmpty().withMessage('Should have a valid registrationId'),
69 body('verificationString')
70 .not().isEmpty().withMessage('Should have a valid verification string'),
72 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
73 if (areValidationErrors(req, res)) return
74 if (!await checkRegistrationIdExist(req.params.registrationId, res)) return
76 const registration = res.locals.userRegistration
77 const redisVerificationString = await Redis.Instance.getRegistrationVerifyEmailLink(registration.id)
79 if (redisVerificationString !== req.body.verificationString) {
80 return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' })
87 // ---------------------------------------------------------------------------
90 usersAskSendVerifyEmailValidator,
91 usersVerifyEmailValidator,
93 registrationVerifyEmailValidator