Implement signup approval in server

[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / token.ts

diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts
index 3eae28b34b9242515e4cef915697be3d1f68eaa5..c6afea67c20058103c58ee375d027b0cd00a9bfd 100644 (file)
--- a/server/controllers/api/users/token.ts
+++ b/server/controllers/api/users/token.ts
@@ -1,28 +1,30 @@
-import * as express from 'express'
-import * as RateLimit from 'express-rate-limit'
-import { v4 as uuidv4 } from 'uuid'
+import express from 'express'
 import { logger } from '@server/helpers/logger'
 import { CONFIG } from '@server/initializers/config'
+import { OTP } from '@server/initializers/constants'
 import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth'
-import { handleOAuthToken } from '@server/lib/auth/oauth'
+import { handleOAuthToken, MissingTwoFactorError } from '@server/lib/auth/oauth'
 import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model'
 import { Hooks } from '@server/lib/plugins/hooks'
-import { asyncMiddleware, authenticate } from '@server/middlewares'
+import { asyncMiddleware, authenticate, buildRateLimiter, openapiOperationDoc } from '@server/middlewares'
+import { buildUUID } from '@shared/extra-utils'
 import { ScopedToken } from '@shared/models/users/user-scoped-token'
 
 const tokensRouter = express.Router()
 
-const loginRateLimiter = RateLimit({
+const loginRateLimiter = buildRateLimiter({
   windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
   max: CONFIG.RATES_LIMIT.LOGIN.MAX
 })
 
 tokensRouter.post('/token',
   loginRateLimiter,
+  openapiOperationDoc({ operationId: 'getOAuthToken' }),
   asyncMiddleware(handleToken)
 )
 
 tokensRouter.post('/revoke-token',
+  openapiOperationDoc({ operationId: 'revokeOAuthToken' }),
   authenticate,
   asyncMiddleware(handleTokenRevocation)
 )
@@ -64,7 +66,7 @@ async function handleToken (req: express.Request, res: express.Response, next: e
     res.set('Cache-Control', 'no-store')
     res.set('Pragma', 'no-cache')
 
-    Hooks.runAction('action:api.user.oauth2-got-token', { username: token.user.username, ip: req.ip })
+    Hooks.runAction('action:api.user.oauth2-got-token', { username: token.user.username, ip: req.ip, req, res })
 
     return res.json({
       token_type: 'Bearer',
@@ -78,9 +80,14 @@ async function handleToken (req: express.Request, res: express.Response, next: e
   } catch (err) {
     logger.warn('Login error', { err })
 
-    return res.status(err.code || 400).json({
-      code: err.name,
-      error: err.message
+    if (err instanceof MissingTwoFactorError) {
+      res.set(OTP.HEADER_NAME, OTP.HEADER_REQUIRED_VALUE)
+    }
+
+    return res.fail({
+      status: err.code,
+      message: err.message,
+      type: err.name
     })
   }
 }
@@ -88,7 +95,7 @@ async function handleToken (req: express.Request, res: express.Response, next: e
 async function handleTokenRevocation (req: express.Request, res: express.Response) {
   const token = res.locals.oauth.token
 
-  const result = await revokeToken(token, true)
+  const result = await revokeToken(token, { req, explicitLogout: true })
 
   return res.json(result)
 }
@@ -104,7 +111,7 @@ function getScopedTokens (req: express.Request, res: express.Response) {
 async function renewScopedTokens (req: express.Request, res: express.Response) {
   const user = res.locals.oauth.token.user
 
-  user.feedToken = uuidv4()
+  user.feedToken = buildUUID()
   await user.save()
 
   return res.json({