setDefaultPagination,
setDefaultSort,
token,
+ userAutocompleteValidator,
usersAddValidator,
usersGetValidator,
usersRegisterValidator,
usersUpdateValidator
} from '../../../middlewares'
import {
- usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,
- usersAskSendVerifyEmailValidator, usersVerifyEmailValidator
+ usersAskResetPasswordValidator,
+ usersAskSendVerifyEmailValidator,
+ usersBlockingValidator,
+ usersResetPasswordValidator,
+ usersVerifyEmailValidator
} from '../../../middlewares/validators'
import { UserModel } from '../../../models/account/user'
-import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
-import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
import { meRouter } from './me'
+import { deleteUserToken } from '../../../lib/oauth-model'
+import { myBlocklistRouter } from './my-blocklist'
const auditLogger = auditLoggerFactory('users')
delayMs: 0
})
+const askSendEmailLimiter = new RateLimit({
+ windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
+ max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
+ delayMs: 0
+})
+
const usersRouter = express.Router()
+usersRouter.use('/', myBlocklistRouter)
usersRouter.use('/', meRouter)
+usersRouter.get('/autocomplete',
+ userAutocompleteValidator,
+ asyncMiddleware(autocompleteUsers)
+)
+
usersRouter.get('/',
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
)
usersRouter.post('/ask-send-verify-email',
- loginRateLimiter,
+ askSendEmailLimiter,
asyncMiddleware(usersAskSendVerifyEmailValidator),
asyncMiddleware(askSendVerifyUserEmail)
)
const { user, account } = await createUserAccountAndChannel(userToCreate)
- auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+ auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
logger.info('User %s with its channel and account created.', body.username)
return res.json({
return res.json((res.locals.user as UserModel).toFormattedJSON())
}
+async function autocompleteUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
+ const resultList = await UserModel.autoComplete(req.query.search as string)
+
+ return res.json(resultList)
+}
+
async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
- const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)
+ const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search)
return res.json(getFormattedObjects(resultList.data, resultList.total))
}
await user.destroy()
- auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+ auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
return res.sendStatus(204)
}
const user = await userToUpdate.save()
// Destroy user token to refresh rights
- if (roleChanged) {
- await OAuthTokenModel.deleteUserToken(userToUpdate.id)
- }
+ if (roleChanged) await deleteUserToken(userToUpdate.id)
- auditLogger.update(
- res.locals.oauth.token.User.Account.Actor.getIdentifier(),
- new UserAuditView(user.toFormattedJSON()),
- oldUserAuditView
- )
+ auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
// Don't need to send this update to followers, these attributes are not propagated
user.blockedReason = reason || null
await sequelizeTypescript.transaction(async t => {
- await OAuthTokenModel.deleteUserToken(user.id, t)
+ await deleteUserToken(user.id, t)
await user.save({ transaction: t })
})
await Emailer.Instance.addUserBlockJob(user, block, reason)
- auditLogger.update(
- res.locals.oauth.token.User.Account.Actor.getIdentifier(),
- new UserAuditView(user.toFormattedJSON()),
- oldUserAuditView
- )
+ auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
}