import * as Bluebird from 'bluebird'
import * as express from 'express'
-import { body, param } from 'express-validator'
+import { body, param, query } from 'express-validator'
import { omit } from 'lodash'
import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
import {
isUserDisplayNameValid,
isUserNSFWPolicyValid,
isUserPasswordValid,
+ isUserPasswordValidOrEmpty,
isUserRoleValid,
isUserUsernameValid,
isUserVideoLanguages,
import { isThemeRegistered } from '../../lib/plugins/theme-utils'
import { doesVideoExist } from '../../helpers/middlewares'
import { UserRole } from '../../../shared/models/users'
-import { MUserDefault } from '@server/typings/models'
+import { MUserDefault } from '@server/types/models'
+import { Hooks } from '@server/lib/plugins/hooks'
+
+const usersListValidator = [
+ query('blocked')
+ .optional()
+ .isBoolean().withMessage('Should be a valid boolean banned state'),
+
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersList parameters', { parameters: req.query })
+
+ if (areValidationErrors(req, res)) return
+
+ return next()
+ }
+]
const usersAddValidator = [
body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
- body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
+ body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'),
body('email').isEmail().withMessage('Should have a valid email'),
+ body('channelName').optional().custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
body('role')
.json({ error: 'You can only create users (and not administrators or moderators)' })
}
+ if (req.body.channelName) {
+ if (req.body.channelName === req.body.username) {
+ return res.status(400)
+ .json({ error: 'Channel name cannot be the same as user username.' })
+ }
+
+ const existing = await ActorModel.loadLocalByName(req.body.channelName)
+ if (existing) {
+ return res.status(409)
+ .json({ error: `Channel with name ${req.body.channelName} already exists.` })
+ }
+ }
+
return next()
}
]
]
const deleteMeValidator = [
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
const user = res.locals.oauth.token.User
if (user.username === 'root') {
return res.status(400)
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
+ const user = res.locals.oauth.token.User
+
if (req.body.password || req.body.email) {
+ if (user.pluginAuth !== null) {
+ return res.status(400)
+ .json({ error: 'You cannot update your email or password that is associated with an external auth system.' })
+ }
+
if (!req.body.currentPassword) {
return res.status(400)
.json({ error: 'currentPassword parameter is missing.' })
- .end()
}
- const user = res.locals.oauth.token.User
if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
return res.status(401)
.json({ error: 'currentPassword is invalid.' })
const usersGetValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+ query('withStats').optional().isBoolean().withMessage('Should have a valid stats flag'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking usersGet parameters', { parameters: req.params })
if (areValidationErrors(req, res)) return
- if (!await checkUserIdExist(req.params.id, res)) return
+ if (!await checkUserIdExist(req.params.id, res, req.query.withStats)) return
return next()
}
const ensureUserRegistrationAllowed = [
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- const allowed = await isSignupAllowed()
- if (allowed === false) {
+ const allowedParams = {
+ body: req.body,
+ ip: req.ip
+ }
+
+ const allowedResult = await Hooks.wrapPromiseFun(
+ isSignupAllowed,
+ allowedParams,
+ 'filter:api.user.signup.allowed.result'
+ )
+
+ if (allowedResult.allowed === false) {
return res.status(403)
- .json({ error: 'User registration is not enabled or user limit is reached.' })
+ .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' })
}
return next()
]
const ensureUserRegistrationAllowedForIP = [
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
const allowed = isSignupAllowedForCurrentIP(req.ip)
if (allowed === false) {
]
const ensureAuthUserOwnsAccountValidator = [
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
const user = res.locals.oauth.token.User
if (res.locals.account.id !== user.Account.id) {
// ---------------------------------------------------------------------------
export {
+ usersListValidator,
usersAddValidator,
deleteMeValidator,
usersRegisterValidator,
// ---------------------------------------------------------------------------
-function checkUserIdExist (id: number, res: express.Response) {
- return checkUserExist(() => UserModel.loadById(id), res)
+function checkUserIdExist (idArg: number | string, res: express.Response, withStats = false) {
+ const id = parseInt(idArg + '', 10)
+ return checkUserExist(() => UserModel.loadByIdWithChannels(id, withStats), res)
}
function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
projects / github / Chocobozzz / PeerTube.git / blobdiff