+ return next()
+ }
+]
+
+const ensureUserRegistrationAllowedForIP = [
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const allowed = isSignupAllowedForCurrentIP(req.ip)
+
+ if (allowed === false) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'You are not on a network authorized for registration.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const usersAskResetPasswordValidator = [
+ body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })
+
+ if (areValidationErrors(req, res)) return
+
+ const exists = await checkUserEmailExist(req.body.email, res, false)
+ if (!exists) {
+ logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
+ // Do not leak our emails
+ return res.status(HttpStatusCode.NO_CONTENT_204).end()
+ }
+
+ return next()
+ }
+]
+
+const usersResetPasswordValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+ body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
+ body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersResetPassword parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)
+
+ if (redisVerificationString !== req.body.verificationString) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Invalid verification string.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const usersAskSendVerifyEmailValidator = [
+ body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body })
+
+ if (areValidationErrors(req, res)) return
+ const exists = await checkUserEmailExist(req.body.email, res, false)
+ if (!exists) {
+ logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
+ // Do not leak our emails
+ return res.status(HttpStatusCode.NO_CONTENT_204).end()
+ }
+
+ return next()
+ }
+]
+
+const usersVerifyEmailValidator = [
+ param('id')
+ .isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+ body('verificationString')
+ .not().isEmpty().withMessage('Should have a valid verification string'),
+ body('isPendingEmail')
+ .optional()
+ .customSanitizer(toBooleanOrNull),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)
+
+ if (redisVerificationString !== req.body.verificationString) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Invalid verification string.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const userAutocompleteValidator = [
+ param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
+]
+
+const ensureAuthUserOwnsAccountValidator = [
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const user = res.locals.oauth.token.User
+
+ if (res.locals.account.id !== user.Account.id) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Only owner can access ratings list.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const ensureCanManageUser = [
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const authUser = res.locals.oauth.token.User
+ const onUser = res.locals.user
+
+ if (authUser.role === UserRole.ADMINISTRATOR) return next()
+ if (authUser.role === UserRole.MODERATOR && onUser.role === UserRole.USER) return next()
+
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'A moderator can only manager users.'