diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-09-15 12:17:08 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-09-15 12:17:08 +0200 |
commit | b60e5f38daf77e720a27aa86d3b482c58906a03a (patch) | |
tree | a70909860ab9705d348b3c082f8af440e0a5e4d2 /server/middlewares/validators/users.ts | |
parent | 315cc0cc1871ab2a6d6c1bb61cf7b9f10511c3a9 (diff) | |
download | PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.gz PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.zst PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.zip |
Upgrade express validator to v4
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 219 |
1 files changed, 122 insertions, 97 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 15c07c693..ab9d0938c 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -1,3 +1,4 @@ | |||
1 | import { body, param } from 'express-validator/check' | ||
1 | import 'express-validator' | 2 | import 'express-validator' |
2 | import * as express from 'express' | 3 | import * as express from 'express' |
3 | import * as Promise from 'bluebird' | 4 | import * as Promise from 'bluebird' |
@@ -5,130 +6,154 @@ import * as validator from 'validator' | |||
5 | 6 | ||
6 | import { database as db } from '../../initializers/database' | 7 | import { database as db } from '../../initializers/database' |
7 | import { checkErrors } from './utils' | 8 | import { checkErrors } from './utils' |
8 | import { isSignupAllowed, logger } from '../../helpers' | 9 | import { |
10 | isSignupAllowed, | ||
11 | logger, | ||
12 | isUserUsernameValid, | ||
13 | isUserPasswordValid, | ||
14 | isUserVideoQuotaValid, | ||
15 | isUserDisplayNSFWValid, | ||
16 | isVideoIdOrUUIDValid | ||
17 | } from '../../helpers' | ||
9 | import { UserInstance, VideoInstance } from '../../models' | 18 | import { UserInstance, VideoInstance } from '../../models' |
10 | 19 | ||
11 | function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 20 | const usersAddValidator = [ |
12 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() | 21 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'), |
13 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | 22 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
14 | req.checkBody('email', 'Should have a valid email').isEmail() | 23 | body('email').isEmail().withMessage('Should have a valid email'), |
15 | req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid() | 24 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
16 | 25 | ||
17 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
27 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | ||
18 | 28 | ||
19 | checkErrors(req, res, () => { | 29 | checkErrors(req, res, () => { |
20 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | 30 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) |
21 | }) | 31 | }) |
22 | } | 32 | } |
33 | ] | ||
23 | 34 | ||
24 | function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 35 | const usersRegisterValidator = [ |
25 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() | 36 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'), |
26 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | 37 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
27 | req.checkBody('email', 'Should have a valid email').isEmail() | 38 | body('email').isEmail().withMessage('Should have a valid email'), |
28 | 39 | ||
29 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) | 40 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
41 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) | ||
30 | 42 | ||
31 | checkErrors(req, res, () => { | 43 | checkErrors(req, res, () => { |
32 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | 44 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) |
33 | }) | 45 | }) |
34 | } | 46 | } |
47 | ] | ||
35 | 48 | ||
36 | function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 49 | const usersRemoveValidator = [ |
37 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() | 50 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
38 | 51 | ||
39 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | 52 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
53 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | ||
40 | 54 | ||
41 | checkErrors(req, res, () => { | 55 | checkErrors(req, res, () => { |
42 | checkUserExists(req.params.id, res, (err, user) => { | 56 | checkUserExists(req.params.id, res, (err, user) => { |
43 | if (err) { | 57 | if (err) { |
44 | logger.error('Error in usersRemoveValidator.', err) | 58 | logger.error('Error in usersRemoveValidator.', err) |
45 | return res.sendStatus(500) | 59 | return res.sendStatus(500) |
46 | } | 60 | } |
47 | 61 | ||
48 | if (user.username === 'root') { | 62 | if (user.username === 'root') { |
49 | return res.status(400) | 63 | return res.status(400) |
50 | .send({ error: 'Cannot remove the root user' }) | 64 | .send({ error: 'Cannot remove the root user' }) |
51 | .end() | 65 | .end() |
52 | } | 66 | } |
53 | 67 | ||
54 | return next() | 68 | return next() |
69 | }) | ||
55 | }) | 70 | }) |
56 | }) | 71 | } |
57 | } | 72 | ] |
58 | 73 | ||
59 | function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 74 | const usersUpdateValidator = [ |
60 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() | 75 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
61 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() | 76 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
62 | req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid() | 77 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
63 | 78 | ||
64 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 79 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
80 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | ||
65 | 81 | ||
66 | checkErrors(req, res, () => { | 82 | checkErrors(req, res, () => { |
67 | checkUserExists(req.params.id, res, next) | 83 | checkUserExists(req.params.id, res, next) |
68 | }) | 84 | }) |
69 | } | 85 | } |
86 | ] | ||
70 | 87 | ||
71 | function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 88 | const usersUpdateMeValidator = [ |
72 | // Add old password verification | 89 | body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'), |
73 | req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() | 90 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
74 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() | 91 | body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'), |
75 | req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() | ||
76 | 92 | ||
77 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) | 93 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
94 | // TODO: Add old password verification | ||
95 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) | ||
78 | 96 | ||
79 | checkErrors(req, res, next) | 97 | checkErrors(req, res, next) |
80 | } | 98 | } |
99 | ] | ||
81 | 100 | ||
82 | function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 101 | const usersGetValidator = [ |
83 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() | 102 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
84 | 103 | ||
85 | checkErrors(req, res, () => { | 104 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
86 | checkUserExists(req.params.id, res, next) | 105 | checkErrors(req, res, () => { |
87 | }) | 106 | checkUserExists(req.params.id, res, next) |
88 | } | 107 | }) |
89 | 108 | } | |
90 | function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 109 | ] |
91 | req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid() | ||
92 | |||
93 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) | ||
94 | 110 | ||
95 | checkErrors(req, res, () => { | 111 | const usersVideoRatingValidator = [ |
96 | let videoPromise: Promise<VideoInstance> | 112 | param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), |
97 | 113 | ||
98 | if (validator.isUUID(req.params.videoId)) { | 114 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
99 | videoPromise = db.Video.loadByUUID(req.params.videoId) | 115 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) |
100 | } else { | ||
101 | videoPromise = db.Video.load(req.params.videoId) | ||
102 | } | ||
103 | 116 | ||
104 | videoPromise | 117 | checkErrors(req, res, () => { |
105 | .then(video => { | 118 | let videoPromise: Promise<VideoInstance> |
106 | if (!video) { | ||
107 | return res.status(404) | ||
108 | .json({ error: 'Video not found' }) | ||
109 | .end() | ||
110 | } | ||
111 | 119 | ||
112 | return next() | 120 | if (validator.isUUID(req.params.videoId)) { |
113 | }) | 121 | videoPromise = db.Video.loadByUUID(req.params.videoId) |
114 | .catch(err => { | 122 | } else { |
115 | logger.error('Error in user request validator.', err) | 123 | videoPromise = db.Video.load(req.params.videoId) |
116 | return res.sendStatus(500) | 124 | } |
117 | }) | ||
118 | }) | ||
119 | } | ||
120 | 125 | ||
121 | function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { | 126 | videoPromise |
122 | isSignupAllowed().then(allowed => { | 127 | .then(video => { |
123 | if (allowed === false) { | 128 | if (!video) { |
124 | return res.status(403) | 129 | return res.status(404) |
125 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | 130 | .json({ error: 'Video not found' }) |
126 | .end() | 131 | .end() |
127 | } | 132 | } |
133 | |||
134 | return next() | ||
135 | }) | ||
136 | .catch(err => { | ||
137 | logger.error('Error in user request validator.', err) | ||
138 | return res.sendStatus(500) | ||
139 | }) | ||
140 | }) | ||
141 | } | ||
142 | ] | ||
143 | |||
144 | const ensureUserRegistrationAllowed = [ | ||
145 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
146 | isSignupAllowed().then(allowed => { | ||
147 | if (allowed === false) { | ||
148 | return res.status(403) | ||
149 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | ||
150 | .end() | ||
151 | } | ||
128 | 152 | ||
129 | return next() | 153 | return next() |
130 | }) | 154 | }) |
131 | } | 155 | } |
156 | ] | ||
132 | 157 | ||
133 | // --------------------------------------------------------------------------- | 158 | // --------------------------------------------------------------------------- |
134 | 159 | ||