server/middlewares/validators/users.ts

   1 import 'express-validator'
   2 import * as express from 'express'
   3 import * as Promise from 'bluebird'
   4 import * as validator from 'validator'
   5
   6 import { database as db } from '../../initializers/database'
   7 import { checkErrors } from './utils'
   8 import { isSignupAllowed, logger } from '../../helpers'
   9 import { VideoInstance } from '../../models'
  10
  11 function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  12   req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
  13   req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
  14   req.checkBody('email', 'Should have a valid email').isEmail()
  15
  16   logger.debug('Checking usersAdd parameters', { parameters: req.body })
  17
  18   checkErrors(req, res, () => {
  19     db.User.loadByUsernameOrEmail(req.body.username, req.body.email)
  20       .then(user => {
  21         if (user) return res.status(409).send('User already exists.')
  22
  23         next()
  24       })
  25       .catch(err => {
  26         logger.error('Error in usersAdd request validator.', err)
  27         return res.sendStatus(500)
  28       })
  29   })
  30 }
  31
  32 function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  33   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
  34
  35   logger.debug('Checking usersRemove parameters', { parameters: req.params })
  36
  37   checkErrors(req, res, () => {
  38     db.User.loadById(req.params.id)
  39       .then(user => {
  40         if (!user) return res.status(404).send('User not found')
  41
  42         if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
  43
  44         next()
  45       })
  46       .catch(err => {
  47         logger.error('Error in usersRemove request validator.', err)
  48         return res.sendStatus(500)
  49       })
  50   })
  51 }
  52
  53 function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  54   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
  55   // Add old password verification
  56   req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
  57   req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
  58
  59   logger.debug('Checking usersUpdate parameters', { parameters: req.body })
  60
  61   checkErrors(req, res, next)
  62 }
  63
  64 function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  65   req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
  66
  67   logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
  68
  69   checkErrors(req, res, () => {
  70     let videoPromise: Promise<VideoInstance>
  71
  72     if (validator.isUUID(req.params.videoId)) {
  73       videoPromise = db.Video.loadByUUID(req.params.videoId)
  74     } else {
  75       videoPromise = db.Video.load(req.params.videoId)
  76     }
  77
  78     videoPromise
  79       .then(video => {
  80         if (!video) return res.status(404).send('Video not found')
  81
  82         next()
  83       })
  84       .catch(err => {
  85         logger.error('Error in user request validator.', err)
  86         return res.sendStatus(500)
  87       })
  88   })
  89 }
  90
  91 function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
  92   isSignupAllowed().then(allowed => {
  93     if (allowed === false) {
  94       return res.status(403).send('User registration is not enabled or user limit is reached.')
  95     }
  96
  97     return next()
  98   })
  99 }
 100
 101 // ---------------------------------------------------------------------------
 102
 103 export {
 104   usersAddValidator,
 105   usersRemoveValidator,
 106   usersUpdateValidator,
 107   usersVideoRatingValidator,
 108   ensureUserRegistrationAllowed
 109 }