+ if (areValidationErrors(req, res)) return
+ if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
+
+ const body: UserRegister = req.body
+ if (body.channel) {
+ if (!body.channel.name || !body.channel.displayName) {
+ return res.fail({ message: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' })
+ }
+
+ if (body.channel.name === body.username) {
+ return res.fail({ message: 'Channel name cannot be the same as user username.' })
+ }
+
+ const existing = await ActorModel.loadLocalByName(body.channel.name)
+ if (existing) {
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: `Channel with name ${body.channel.name} already exists.`
+ })
+ }
+ }
+
+ return next()
+ }
+]
+
+const usersRemoveValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersRemove parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ if (user.username === 'root') {
+ return res.fail({ message: 'Cannot remove the root user' })
+ }
+
+ return next()
+ }
+]
+
+const usersBlockingValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+ body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersBlocking parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ if (user.username === 'root') {
+ return res.fail({ message: 'Cannot block the root user' })
+ }
+
+ return next()
+ }
+]
+
+const deleteMeValidator = [
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const user = res.locals.oauth.token.User
+ if (user.username === 'root') {
+ return res.fail({ message: 'You cannot delete your root account.' })
+ }
+
+ return next()
+ }
+]
+
+const usersUpdateValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+ body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
+ body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
+ body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
+ body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
+ body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
+ body('pluginAuth').optional(),
+ body('role')
+ .optional()
+ .customSanitizer(toIntOrNull)
+ .custom(isUserRoleValid).withMessage('Should have a valid role'),
+ body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
+ return res.fail({ message: 'Cannot change root role.' })
+ }
+
+ return next()
+ }
+]
+
+const usersUpdateMeValidator = [
+ body('displayName')
+ .optional()
+ .custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
+ body('description')
+ .optional()
+ .custom(isUserDescriptionValid).withMessage('Should have a valid description'),
+ body('currentPassword')
+ .optional()
+ .custom(isUserPasswordValid).withMessage('Should have a valid current password'),
+ body('password')
+ .optional()
+ .custom(isUserPasswordValid).withMessage('Should have a valid password'),
+ body('email')
+ .optional()
+ .isEmail().withMessage('Should have a valid email attribute'),
+ body('nsfwPolicy')
+ .optional()
+ .custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
+ body('autoPlayVideo')
+ .optional()
+ .custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
+ body('videoLanguages')
+ .optional()
+ .custom(isUserVideoLanguages).withMessage('Should have a valid video languages attribute'),
+ body('videosHistoryEnabled')
+ .optional()
+ .custom(isUserVideosHistoryEnabledValid).withMessage('Should have a valid videos history enabled attribute'),
+ body('theme')
+ .optional()
+ .custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'),
+ body('noInstanceConfigWarningModal')
+ .optional()
+ .custom(v => isNoInstanceConfigWarningModal(v)).withMessage('Should have a valid noInstanceConfigWarningModal boolean'),
+ body('noWelcomeModal')
+ .optional()
+ .custom(v => isNoWelcomeModal(v)).withMessage('Should have a valid noWelcomeModal boolean'),
+ body('autoPlayNextVideo')
+ .optional()
+ .custom(v => isUserAutoPlayNextVideoValid(v)).withMessage('Should have a valid autoPlayNextVideo boolean'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
+
+ const user = res.locals.oauth.token.User
+
+ if (req.body.password || req.body.email) {
+ if (user.pluginAuth !== null) {
+ return res.fail({ message: 'You cannot update your email or password that is associated with an external auth system.' })
+ }
+
+ if (!req.body.currentPassword) {
+ return res.fail({ message: 'currentPassword parameter is missing.' })
+ }
+
+ if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
+ return res.fail({
+ status: HttpStatusCode.UNAUTHORIZED_401,
+ message: 'currentPassword is invalid.'
+ })
+ }
+ }
+
+ if (areValidationErrors(req, res)) return
+
+ return next()
+ }
+]
+
+const usersGetValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+ query('withStats').optional().isBoolean().withMessage('Should have a valid stats flag'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersGet parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res, req.query.withStats)) return
+
+ return next()
+ }
+]
+
+const usersVideoRatingValidator = [
+ isValidVideoIdParam('videoId'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await doesVideoExist(req.params.videoId, res, 'id')) return
+
+ return next()
+ }
+]
+
+const ensureUserRegistrationAllowed = [
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const allowedParams = {
+ body: req.body,
+ ip: req.ip
+ }
+
+ const allowedResult = await Hooks.wrapPromiseFun(
+ isSignupAllowed,
+ allowedParams,
+ 'filter:api.user.signup.allowed.result'
+ )
+
+ if (allowedResult.allowed === false) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.'