diff options
author | Chocobozzz <me@florianbigard.com> | 2023-01-19 09:27:16 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2023-01-19 13:53:40 +0100 |
commit | e364e31e25bd1d4b8d801c845a96d6be708f0a18 (patch) | |
tree | 220785a42af361706eb8243960c5da9cddf4d2be /server/controllers/api/users/index.ts | |
parent | bc48e33b80f357767b98c1d310b04bdda24c6d46 (diff) | |
download | PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.gz PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.zst PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.zip |
Implement signup approval in server
Diffstat (limited to 'server/controllers/api/users/index.ts')
-rw-r--r-- | server/controllers/api/users/index.ts | 99 |
1 files changed, 7 insertions, 92 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index a8677a1d3..5a5a12e82 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -4,26 +4,21 @@ import { Hooks } from '@server/lib/plugins/hooks' | |||
4 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' | 4 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' |
5 | import { MUserAccountDefault } from '@server/types/models' | 5 | import { MUserAccountDefault } from '@server/types/models' |
6 | import { pick } from '@shared/core-utils' | 6 | import { pick } from '@shared/core-utils' |
7 | import { HttpStatusCode, UserCreate, UserCreateResult, UserRegister, UserRight, UserUpdate } from '@shared/models' | 7 | import { HttpStatusCode, UserCreate, UserCreateResult, UserRight, UserUpdate } from '@shared/models' |
8 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' | 8 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' |
9 | import { logger } from '../../../helpers/logger' | 9 | import { logger } from '../../../helpers/logger' |
10 | import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' | 10 | import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' |
11 | import { CONFIG } from '../../../initializers/config' | ||
12 | import { WEBSERVER } from '../../../initializers/constants' | 11 | import { WEBSERVER } from '../../../initializers/constants' |
13 | import { sequelizeTypescript } from '../../../initializers/database' | 12 | import { sequelizeTypescript } from '../../../initializers/database' |
14 | import { Emailer } from '../../../lib/emailer' | 13 | import { Emailer } from '../../../lib/emailer' |
15 | import { Notifier } from '../../../lib/notifier' | ||
16 | import { Redis } from '../../../lib/redis' | 14 | import { Redis } from '../../../lib/redis' |
17 | import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user' | 15 | import { buildUser, createUserAccountAndChannelAndPlaylist } from '../../../lib/user' |
18 | import { | 16 | import { |
19 | adminUsersSortValidator, | 17 | adminUsersSortValidator, |
20 | asyncMiddleware, | 18 | asyncMiddleware, |
21 | asyncRetryTransactionMiddleware, | 19 | asyncRetryTransactionMiddleware, |
22 | authenticate, | 20 | authenticate, |
23 | buildRateLimiter, | ||
24 | ensureUserHasRight, | 21 | ensureUserHasRight, |
25 | ensureUserRegistrationAllowed, | ||
26 | ensureUserRegistrationAllowedForIP, | ||
27 | paginationValidator, | 22 | paginationValidator, |
28 | setDefaultPagination, | 23 | setDefaultPagination, |
29 | setDefaultSort, | 24 | setDefaultSort, |
@@ -31,19 +26,17 @@ import { | |||
31 | usersAddValidator, | 26 | usersAddValidator, |
32 | usersGetValidator, | 27 | usersGetValidator, |
33 | usersListValidator, | 28 | usersListValidator, |
34 | usersRegisterValidator, | ||
35 | usersRemoveValidator, | 29 | usersRemoveValidator, |
36 | usersUpdateValidator | 30 | usersUpdateValidator |
37 | } from '../../../middlewares' | 31 | } from '../../../middlewares' |
38 | import { | 32 | import { |
39 | ensureCanModerateUser, | 33 | ensureCanModerateUser, |
40 | usersAskResetPasswordValidator, | 34 | usersAskResetPasswordValidator, |
41 | usersAskSendVerifyEmailValidator, | ||
42 | usersBlockingValidator, | 35 | usersBlockingValidator, |
43 | usersResetPasswordValidator, | 36 | usersResetPasswordValidator |
44 | usersVerifyEmailValidator | ||
45 | } from '../../../middlewares/validators' | 37 | } from '../../../middlewares/validators' |
46 | import { UserModel } from '../../../models/user/user' | 38 | import { UserModel } from '../../../models/user/user' |
39 | import { emailVerificationRouter } from './email-verification' | ||
47 | import { meRouter } from './me' | 40 | import { meRouter } from './me' |
48 | import { myAbusesRouter } from './my-abuses' | 41 | import { myAbusesRouter } from './my-abuses' |
49 | import { myBlocklistRouter } from './my-blocklist' | 42 | import { myBlocklistRouter } from './my-blocklist' |
@@ -51,22 +44,14 @@ import { myVideosHistoryRouter } from './my-history' | |||
51 | import { myNotificationsRouter } from './my-notifications' | 44 | import { myNotificationsRouter } from './my-notifications' |
52 | import { mySubscriptionsRouter } from './my-subscriptions' | 45 | import { mySubscriptionsRouter } from './my-subscriptions' |
53 | import { myVideoPlaylistsRouter } from './my-video-playlists' | 46 | import { myVideoPlaylistsRouter } from './my-video-playlists' |
47 | import { registrationsRouter } from './registrations' | ||
54 | import { twoFactorRouter } from './two-factor' | 48 | import { twoFactorRouter } from './two-factor' |
55 | 49 | ||
56 | const auditLogger = auditLoggerFactory('users') | 50 | const auditLogger = auditLoggerFactory('users') |
57 | 51 | ||
58 | const signupRateLimiter = buildRateLimiter({ | ||
59 | windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, | ||
60 | max: CONFIG.RATES_LIMIT.SIGNUP.MAX, | ||
61 | skipFailedRequests: true | ||
62 | }) | ||
63 | |||
64 | const askSendEmailLimiter = buildRateLimiter({ | ||
65 | windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, | ||
66 | max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX | ||
67 | }) | ||
68 | |||
69 | const usersRouter = express.Router() | 52 | const usersRouter = express.Router() |
53 | usersRouter.use('/', emailVerificationRouter) | ||
54 | usersRouter.use('/', registrationsRouter) | ||
70 | usersRouter.use('/', twoFactorRouter) | 55 | usersRouter.use('/', twoFactorRouter) |
71 | usersRouter.use('/', tokensRouter) | 56 | usersRouter.use('/', tokensRouter) |
72 | usersRouter.use('/', myNotificationsRouter) | 57 | usersRouter.use('/', myNotificationsRouter) |
@@ -122,14 +107,6 @@ usersRouter.post('/', | |||
122 | asyncRetryTransactionMiddleware(createUser) | 107 | asyncRetryTransactionMiddleware(createUser) |
123 | ) | 108 | ) |
124 | 109 | ||
125 | usersRouter.post('/register', | ||
126 | signupRateLimiter, | ||
127 | asyncMiddleware(ensureUserRegistrationAllowed), | ||
128 | ensureUserRegistrationAllowedForIP, | ||
129 | asyncMiddleware(usersRegisterValidator), | ||
130 | asyncRetryTransactionMiddleware(registerUser) | ||
131 | ) | ||
132 | |||
133 | usersRouter.put('/:id', | 110 | usersRouter.put('/:id', |
134 | authenticate, | 111 | authenticate, |
135 | ensureUserHasRight(UserRight.MANAGE_USERS), | 112 | ensureUserHasRight(UserRight.MANAGE_USERS), |
@@ -156,17 +133,6 @@ usersRouter.post('/:id/reset-password', | |||
156 | asyncMiddleware(resetUserPassword) | 133 | asyncMiddleware(resetUserPassword) |
157 | ) | 134 | ) |
158 | 135 | ||
159 | usersRouter.post('/ask-send-verify-email', | ||
160 | askSendEmailLimiter, | ||
161 | asyncMiddleware(usersAskSendVerifyEmailValidator), | ||
162 | asyncMiddleware(reSendVerifyUserEmail) | ||
163 | ) | ||
164 | |||
165 | usersRouter.post('/:id/verify-email', | ||
166 | asyncMiddleware(usersVerifyEmailValidator), | ||
167 | asyncMiddleware(verifyUserEmail) | ||
168 | ) | ||
169 | |||
170 | // --------------------------------------------------------------------------- | 136 | // --------------------------------------------------------------------------- |
171 | 137 | ||
172 | export { | 138 | export { |
@@ -218,35 +184,6 @@ async function createUser (req: express.Request, res: express.Response) { | |||
218 | }) | 184 | }) |
219 | } | 185 | } |
220 | 186 | ||
221 | async function registerUser (req: express.Request, res: express.Response) { | ||
222 | const body: UserRegister = req.body | ||
223 | |||
224 | const userToCreate = buildUser({ | ||
225 | ...pick(body, [ 'username', 'password', 'email' ]), | ||
226 | |||
227 | emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null | ||
228 | }) | ||
229 | |||
230 | const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ | ||
231 | userToCreate, | ||
232 | userDisplayName: body.displayName || undefined, | ||
233 | channelNames: body.channel | ||
234 | }) | ||
235 | |||
236 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) | ||
237 | logger.info('User %s with its channel and account registered.', body.username) | ||
238 | |||
239 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) { | ||
240 | await sendVerifyUserEmail(user) | ||
241 | } | ||
242 | |||
243 | Notifier.Instance.notifyOnNewUserRegistration(user) | ||
244 | |||
245 | Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res }) | ||
246 | |||
247 | return res.type('json').status(HttpStatusCode.NO_CONTENT_204).end() | ||
248 | } | ||
249 | |||
250 | async function unblockUser (req: express.Request, res: express.Response) { | 187 | async function unblockUser (req: express.Request, res: express.Response) { |
251 | const user = res.locals.user | 188 | const user = res.locals.user |
252 | 189 | ||
@@ -360,28 +297,6 @@ async function resetUserPassword (req: express.Request, res: express.Response) { | |||
360 | return res.status(HttpStatusCode.NO_CONTENT_204).end() | 297 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
361 | } | 298 | } |
362 | 299 | ||
363 | async function reSendVerifyUserEmail (req: express.Request, res: express.Response) { | ||
364 | const user = res.locals.user | ||
365 | |||
366 | await sendVerifyUserEmail(user) | ||
367 | |||
368 | return res.status(HttpStatusCode.NO_CONTENT_204).end() | ||
369 | } | ||
370 | |||
371 | async function verifyUserEmail (req: express.Request, res: express.Response) { | ||
372 | const user = res.locals.user | ||
373 | user.emailVerified = true | ||
374 | |||
375 | if (req.body.isPendingEmail === true) { | ||
376 | user.email = user.pendingEmail | ||
377 | user.pendingEmail = null | ||
378 | } | ||
379 | |||
380 | await user.save() | ||
381 | |||
382 | return res.status(HttpStatusCode.NO_CONTENT_204).end() | ||
383 | } | ||
384 | |||
385 | async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { | 300 | async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { |
386 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | 301 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) |
387 | 302 | ||