server/middlewares/validators/users.ts

   1 import 'express-validator'
   2 import * as express from 'express'
   3 import * as Promise from 'bluebird'
   4 import * as validator from 'validator'
   5
   6 import { database as db } from '../../initializers/database'
   7 import { checkErrors } from './utils'
   8 import { isSignupAllowed, logger } from '../../helpers'
   9 import { UserInstance, VideoInstance } from '../../models'
  10
  11 function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  12   req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
  13   req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
  14   req.checkBody('email', 'Should have a valid email').isEmail()
  15   req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid()
  16
  17   logger.debug('Checking usersAdd parameters', { parameters: req.body })
  18
  19   checkErrors(req, res, () => {
  20     checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
  21   })
  22 }
  23
  24 function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  25   req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
  26   req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
  27   req.checkBody('email', 'Should have a valid email').isEmail()
  28
  29   logger.debug('Checking usersRegister parameters', { parameters: req.body })
  30
  31   checkErrors(req, res, () => {
  32     checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
  33   })
  34 }
  35
  36 function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  37   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
  38
  39   logger.debug('Checking usersRemove parameters', { parameters: req.params })
  40
  41   checkErrors(req, res, () => {
  42     checkUserExists(req.params.id, res, (err, user) => {
  43       if (err) {
  44         logger.error('Error in usersRemoveValidator.', err)
  45         return res.sendStatus(500)
  46       }
  47
  48       if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
  49
  50       next()
  51     })
  52   })
  53 }
  54
  55 function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  56   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
  57   req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
  58   req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
  59
  60   logger.debug('Checking usersUpdate parameters', { parameters: req.body })
  61
  62   checkErrors(req, res, () => {
  63     checkUserExists(req.params.id, res, next)
  64   })
  65 }
  66
  67 function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  68   // Add old password verification
  69   req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
  70   req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
  71   req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
  72
  73   logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
  74
  75   checkErrors(req, res, next)
  76 }
  77
  78 function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  79   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
  80
  81   checkErrors(req, res, () => {
  82     checkUserExists(req.params.id, res, next)
  83   })
  84 }
  85
  86 function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  87   req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
  88
  89   logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
  90
  91   checkErrors(req, res, () => {
  92     let videoPromise: Promise<VideoInstance>
  93
  94     if (validator.isUUID(req.params.videoId)) {
  95       videoPromise = db.Video.loadByUUID(req.params.videoId)
  96     } else {
  97       videoPromise = db.Video.load(req.params.videoId)
  98     }
  99
 100     videoPromise
 101       .then(video => {
 102         if (!video) return res.status(404).send('Video not found')
 103
 104         next()
 105       })
 106       .catch(err => {
 107         logger.error('Error in user request validator.', err)
 108         return res.sendStatus(500)
 109       })
 110   })
 111 }
 112
 113 function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
 114   isSignupAllowed().then(allowed => {
 115     if (allowed === false) {
 116       return res.status(403).send('User registration is not enabled or user limit is reached.')
 117     }
 118
 119     return next()
 120   })
 121 }
 122
 123 // ---------------------------------------------------------------------------
 124
 125 export {
 126   usersAddValidator,
 127   usersRegisterValidator,
 128   usersRemoveValidator,
 129   usersUpdateValidator,
 130   usersUpdateMeValidator,
 131   usersVideoRatingValidator,
 132   ensureUserRegistrationAllowed,
 133   usersGetValidator
 134 }
 135
 136 // ---------------------------------------------------------------------------
 137
 138 function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
 139   db.User.loadById(id)
 140     .then(user => {
 141       if (!user) return res.status(404).send('User not found')
 142
 143       res.locals.user = user
 144       callback(null, user)
 145     })
 146     .catch(err => {
 147       logger.error('Error in user request validator.', err)
 148       return res.sendStatus(500)
 149     })
 150 }
 151
 152 function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
 153   db.User.loadByUsernameOrEmail(username, email)
 154       .then(user => {
 155         if (user) return res.status(409).send('User already exists.')
 156
 157         callback()
 158       })
 159       .catch(err => {
 160         logger.error('Error in usersAdd request validator.', err)
 161         return res.sendStatus(500)
 162       })
 163 }