import express from 'express'
-import RateLimit from 'express-rate-limit'
import { tokensRouter } from '@server/controllers/api/users/token'
import { Hooks } from '@server/lib/plugins/hooks'
import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
import { Redis } from '../../../lib/redis'
import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
import {
+ adminUsersSortValidator,
asyncMiddleware,
asyncRetryTransactionMiddleware,
authenticate,
+ buildRateLimiter,
ensureUserHasRight,
ensureUserRegistrationAllowed,
ensureUserRegistrationAllowedForIP,
usersListValidator,
usersRegisterValidator,
usersRemoveValidator,
- adminUsersSortValidator,
usersUpdateValidator
} from '../../../middlewares'
import {
- ensureCanManageUser,
+ ensureCanModerateUser,
usersAskResetPasswordValidator,
usersAskSendVerifyEmailValidator,
usersBlockingValidator,
import { myNotificationsRouter } from './my-notifications'
import { mySubscriptionsRouter } from './my-subscriptions'
import { myVideoPlaylistsRouter } from './my-video-playlists'
+import { twoFactorRouter } from './two-factor'
const auditLogger = auditLoggerFactory('users')
-const signupRateLimiter = RateLimit({
+const signupRateLimiter = buildRateLimiter({
windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
skipFailedRequests: true
})
-const askSendEmailLimiter = RateLimit({
+const askSendEmailLimiter = buildRateLimiter({
windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
})
const usersRouter = express.Router()
+usersRouter.use('/', twoFactorRouter)
usersRouter.use('/', tokensRouter)
usersRouter.use('/', myNotificationsRouter)
usersRouter.use('/', mySubscriptionsRouter)
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersBlockingValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(blockUser)
)
usersRouter.post('/:id/unblock',
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersBlockingValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(unblockUser)
)
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersUpdateValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(updateUser)
)
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersRemoveValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(removeUser)
)
})
const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
- userToCreate: userToCreate,
+ userToCreate,
userDisplayName: body.displayName || undefined,
channelNames: body.channel
})
const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
- await Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
+ Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
return res.status(HttpStatusCode.NO_CONTENT_204).end()
}