Merge branch 'feature/webtorrent-disabling' into develop

[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / index.ts

diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 008c34ca480c42a11bf683375743025fc5834705..9fcb8077f4e451c7ff14ec34c5de8526edcb220b 100644 (file)
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -18,6 +18,7 @@ import {
   setDefaultPagination,
   setDefaultSort,
   token,
+  userAutocompleteValidator,
   usersAddValidator,
   usersGetValidator,
   usersRegisterValidator,
@@ -26,13 +27,17 @@ import {
   usersUpdateValidator
 } from '../../../middlewares'
 import {
-  usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,
-  usersAskSendVerifyEmailValidator, usersVerifyEmailValidator
+  usersAskResetPasswordValidator,
+  usersAskSendVerifyEmailValidator,
+  usersBlockingValidator,
+  usersResetPasswordValidator,
+  usersVerifyEmailValidator
 } from '../../../middlewares/validators'
 import { UserModel } from '../../../models/account/user'
-import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
-import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { meRouter } from './me'
+import { deleteUserToken } from '../../../lib/oauth-model'
+import { myBlocklistRouter } from './my-blocklist'
 
 const auditLogger = auditLoggerFactory('users')
 
@@ -42,9 +47,21 @@ const loginRateLimiter = new RateLimit({
   delayMs: 0
 })
 
+const askSendEmailLimiter = new RateLimit({
+  windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
+  max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
+  delayMs: 0
+})
+
 const usersRouter = express.Router()
+usersRouter.use('/', myBlocklistRouter)
 usersRouter.use('/', meRouter)
 
+usersRouter.get('/autocomplete',
+  userAutocompleteValidator,
+  asyncMiddleware(autocompleteUsers)
+)
+
 usersRouter.get('/',
   authenticate,
   ensureUserHasRight(UserRight.MANAGE_USERS),
@@ -114,7 +131,7 @@ usersRouter.post('/:id/reset-password',
 )
 
 usersRouter.post('/ask-send-verify-email',
-  loginRateLimiter,
+  askSendEmailLimiter,
   asyncMiddleware(usersAskSendVerifyEmailValidator),
   asyncMiddleware(askSendVerifyUserEmail)
 )
@@ -154,7 +171,7 @@ async function createUser (req: express.Request, res: express.Response) {
 
   const { user, account } = await createUserAccountAndChannel(userToCreate)
 
-  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
   logger.info('User %s with its channel and account created.', body.username)
 
   return res.json({
@@ -216,8 +233,14 @@ function getUser (req: express.Request, res: express.Response, next: express.Nex
   return res.json((res.locals.user as UserModel).toFormattedJSON())
 }
 
+async function autocompleteUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const resultList = await UserModel.autoComplete(req.query.search as string)
+
+  return res.json(resultList)
+}
+
 async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
+  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search)
 
   return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
@@ -227,7 +250,7 @@ async function removeUser (req: express.Request, res: express.Response, next: ex
 
   await user.destroy()
 
-  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
 
   return res.sendStatus(204)
 }
@@ -246,15 +269,9 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
   const user = await userToUpdate.save()
 
   // Destroy user token to refresh rights
-  if (roleChanged) {
-    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
-  }
+  if (roleChanged) await deleteUserToken(userToUpdate.id)
 
-  auditLogger.update(
-    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-    new UserAuditView(user.toFormattedJSON()),
-    oldUserAuditView
-  )
+  auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
 
   // Don't need to send this update to followers, these attributes are not propagated
 
@@ -315,16 +332,12 @@ async function changeUserBlock (res: express.Response, user: UserModel, block: b
   user.blockedReason = reason || null
 
   await sequelizeTypescript.transaction(async t => {
-    await OAuthTokenModel.deleteUserToken(user.id, t)
+    await deleteUserToken(user.id, t)
 
     await user.save({ transaction: t })
   })
 
   await Emailer.Instance.addUserBlockJob(user, block, reason)
 
-  auditLogger.update(
-    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-    new UserAuditView(user.toFormattedJSON()),
-    oldUserAuditView
-  )
+  auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
 }