diff options
author | Chocobozzz <me@florianbigard.com> | 2023-01-19 09:27:16 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2023-01-19 13:53:40 +0100 |
commit | e364e31e25bd1d4b8d801c845a96d6be708f0a18 (patch) | |
tree | 220785a42af361706eb8243960c5da9cddf4d2be /server/middlewares | |
parent | bc48e33b80f357767b98c1d310b04bdda24c6d46 (diff) | |
download | PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.gz PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.zst PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.zip |
Implement signup approval in server
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/config.ts | 1 | ||||
-rw-r--r-- | server/middlewares/validators/index.ts | 2 | ||||
-rw-r--r-- | server/middlewares/validators/shared/user-registrations.ts | 60 | ||||
-rw-r--r-- | server/middlewares/validators/shared/users.ts | 4 | ||||
-rw-r--r-- | server/middlewares/validators/sort.ts | 95 | ||||
-rw-r--r-- | server/middlewares/validators/user-email-verification.ts | 94 | ||||
-rw-r--r-- | server/middlewares/validators/user-registrations.ts | 203 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 151 |
8 files changed, 399 insertions, 211 deletions
diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts index 3a7daa573..c2dbfadb7 100644 --- a/server/middlewares/validators/config.ts +++ b/server/middlewares/validators/config.ts | |||
@@ -29,6 +29,7 @@ const customConfigUpdateValidator = [ | |||
29 | body('signup.enabled').isBoolean(), | 29 | body('signup.enabled').isBoolean(), |
30 | body('signup.limit').isInt(), | 30 | body('signup.limit').isInt(), |
31 | body('signup.requiresEmailVerification').isBoolean(), | 31 | body('signup.requiresEmailVerification').isBoolean(), |
32 | body('signup.requiresApproval').isBoolean(), | ||
32 | body('signup.minimumAge').isInt(), | 33 | body('signup.minimumAge').isInt(), |
33 | 34 | ||
34 | body('admin.email').isEmail(), | 35 | body('admin.email').isEmail(), |
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 9bc8887ff..1d0964667 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts | |||
@@ -21,8 +21,10 @@ export * from './server' | |||
21 | export * from './sort' | 21 | export * from './sort' |
22 | export * from './static' | 22 | export * from './static' |
23 | export * from './themes' | 23 | export * from './themes' |
24 | export * from './user-email-verification' | ||
24 | export * from './user-history' | 25 | export * from './user-history' |
25 | export * from './user-notifications' | 26 | export * from './user-notifications' |
27 | export * from './user-registrations' | ||
26 | export * from './user-subscriptions' | 28 | export * from './user-subscriptions' |
27 | export * from './users' | 29 | export * from './users' |
28 | export * from './videos' | 30 | export * from './videos' |
diff --git a/server/middlewares/validators/shared/user-registrations.ts b/server/middlewares/validators/shared/user-registrations.ts new file mode 100644 index 000000000..dbc7dda06 --- /dev/null +++ b/server/middlewares/validators/shared/user-registrations.ts | |||
@@ -0,0 +1,60 @@ | |||
1 | import express from 'express' | ||
2 | import { UserRegistrationModel } from '@server/models/user/user-registration' | ||
3 | import { MRegistration } from '@server/types/models' | ||
4 | import { forceNumber, pick } from '@shared/core-utils' | ||
5 | import { HttpStatusCode } from '@shared/models' | ||
6 | |||
7 | function checkRegistrationIdExist (idArg: number | string, res: express.Response) { | ||
8 | const id = forceNumber(idArg) | ||
9 | return checkRegistrationExist(() => UserRegistrationModel.load(id), res) | ||
10 | } | ||
11 | |||
12 | function checkRegistrationEmailExist (email: string, res: express.Response, abortResponse = true) { | ||
13 | return checkRegistrationExist(() => UserRegistrationModel.loadByEmail(email), res, abortResponse) | ||
14 | } | ||
15 | |||
16 | async function checkRegistrationHandlesDoNotAlreadyExist (options: { | ||
17 | username: string | ||
18 | channelHandle: string | ||
19 | email: string | ||
20 | res: express.Response | ||
21 | }) { | ||
22 | const { res } = options | ||
23 | |||
24 | const registration = await UserRegistrationModel.loadByEmailOrHandle(pick(options, [ 'username', 'email', 'channelHandle' ])) | ||
25 | |||
26 | if (registration) { | ||
27 | res.fail({ | ||
28 | status: HttpStatusCode.CONFLICT_409, | ||
29 | message: 'Registration with this username, channel name or email already exists.' | ||
30 | }) | ||
31 | return false | ||
32 | } | ||
33 | |||
34 | return true | ||
35 | } | ||
36 | |||
37 | async function checkRegistrationExist (finder: () => Promise<MRegistration>, res: express.Response, abortResponse = true) { | ||
38 | const registration = await finder() | ||
39 | |||
40 | if (!registration) { | ||
41 | if (abortResponse === true) { | ||
42 | res.fail({ | ||
43 | status: HttpStatusCode.NOT_FOUND_404, | ||
44 | message: 'User not found' | ||
45 | }) | ||
46 | } | ||
47 | |||
48 | return false | ||
49 | } | ||
50 | |||
51 | res.locals.userRegistration = registration | ||
52 | return true | ||
53 | } | ||
54 | |||
55 | export { | ||
56 | checkRegistrationIdExist, | ||
57 | checkRegistrationEmailExist, | ||
58 | checkRegistrationHandlesDoNotAlreadyExist, | ||
59 | checkRegistrationExist | ||
60 | } | ||
diff --git a/server/middlewares/validators/shared/users.ts b/server/middlewares/validators/shared/users.ts index b8f1436d3..030adc9f7 100644 --- a/server/middlewares/validators/shared/users.ts +++ b/server/middlewares/validators/shared/users.ts | |||
@@ -14,7 +14,7 @@ function checkUserEmailExist (email: string, res: express.Response, abortRespons | |||
14 | return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse) | 14 | return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse) |
15 | } | 15 | } |
16 | 16 | ||
17 | async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) { | 17 | async function checkUserNameOrEmailDoNotAlreadyExist (username: string, email: string, res: express.Response) { |
18 | const user = await UserModel.loadByUsernameOrEmail(username, email) | 18 | const user = await UserModel.loadByUsernameOrEmail(username, email) |
19 | 19 | ||
20 | if (user) { | 20 | if (user) { |
@@ -58,6 +58,6 @@ async function checkUserExist (finder: () => Promise<MUserDefault>, res: express | |||
58 | export { | 58 | export { |
59 | checkUserIdExist, | 59 | checkUserIdExist, |
60 | checkUserEmailExist, | 60 | checkUserEmailExist, |
61 | checkUserNameOrEmailDoesNotAlreadyExist, | 61 | checkUserNameOrEmailDoNotAlreadyExist, |
62 | checkUserExist | 62 | checkUserExist |
63 | } | 63 | } |
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts index 7d0639107..e6cc46317 100644 --- a/server/middlewares/validators/sort.ts +++ b/server/middlewares/validators/sort.ts | |||
@@ -1,9 +1,41 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { query } from 'express-validator' | 2 | import { query } from 'express-validator' |
3 | |||
4 | import { SORTABLE_COLUMNS } from '../../initializers/constants' | 3 | import { SORTABLE_COLUMNS } from '../../initializers/constants' |
5 | import { areValidationErrors } from './shared' | 4 | import { areValidationErrors } from './shared' |
6 | 5 | ||
6 | export const adminUsersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ADMIN_USERS) | ||
7 | export const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS) | ||
8 | export const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ]) | ||
9 | export const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES) | ||
10 | export const videosSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEOS) | ||
11 | export const videoImportsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_IMPORTS) | ||
12 | export const videosSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEOS_SEARCH) | ||
13 | export const videoChannelsSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH) | ||
14 | export const videoPlaylistsSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_PLAYLISTS_SEARCH) | ||
15 | export const videoCommentsValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_COMMENTS) | ||
16 | export const videoCommentThreadsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS) | ||
17 | export const videoRatesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_RATES) | ||
18 | export const blacklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.BLACKLISTS) | ||
19 | export const videoChannelsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNELS) | ||
20 | export const instanceFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.INSTANCE_FOLLOWERS) | ||
21 | export const instanceFollowingSortValidator = checkSortFactory(SORTABLE_COLUMNS.INSTANCE_FOLLOWING) | ||
22 | export const userSubscriptionsSortValidator = checkSortFactory(SORTABLE_COLUMNS.USER_SUBSCRIPTIONS) | ||
23 | export const accountsBlocklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS_BLOCKLIST) | ||
24 | export const serversBlocklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.SERVERS_BLOCKLIST) | ||
25 | export const userNotificationsSortValidator = checkSortFactory(SORTABLE_COLUMNS.USER_NOTIFICATIONS) | ||
26 | export const videoPlaylistsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_PLAYLISTS) | ||
27 | export const pluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.PLUGINS) | ||
28 | export const availablePluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.AVAILABLE_PLUGINS) | ||
29 | export const videoRedundanciesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_REDUNDANCIES) | ||
30 | export const videoChannelSyncsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNEL_SYNCS) | ||
31 | |||
32 | export const accountsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNT_FOLLOWERS) | ||
33 | export const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CHANNEL_FOLLOWERS) | ||
34 | |||
35 | export const userRegistrationsSortValidator = checkSortFactory(SORTABLE_COLUMNS.USER_REGISTRATIONS) | ||
36 | |||
37 | // --------------------------------------------------------------------------- | ||
38 | |||
7 | function checkSortFactory (columns: string[], tags: string[] = []) { | 39 | function checkSortFactory (columns: string[], tags: string[] = []) { |
8 | return checkSort(createSortableColumns(columns), tags) | 40 | return checkSort(createSortableColumns(columns), tags) |
9 | } | 41 | } |
@@ -27,64 +59,3 @@ function createSortableColumns (sortableColumns: string[]) { | |||
27 | 59 | ||
28 | return sortableColumns.concat(sortableColumnDesc) | 60 | return sortableColumns.concat(sortableColumnDesc) |
29 | } | 61 | } |
30 | |||
31 | const adminUsersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ADMIN_USERS) | ||
32 | const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS) | ||
33 | const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ]) | ||
34 | const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES) | ||
35 | const videosSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEOS) | ||
36 | const videoImportsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_IMPORTS) | ||
37 | const videosSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEOS_SEARCH) | ||
38 | const videoChannelsSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH) | ||
39 | const videoPlaylistsSearchSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_PLAYLISTS_SEARCH) | ||
40 | const videoCommentsValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_COMMENTS) | ||
41 | const videoCommentThreadsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS) | ||
42 | const videoRatesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_RATES) | ||
43 | const blacklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.BLACKLISTS) | ||
44 | const videoChannelsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNELS) | ||
45 | const instanceFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.INSTANCE_FOLLOWERS) | ||
46 | const instanceFollowingSortValidator = checkSortFactory(SORTABLE_COLUMNS.INSTANCE_FOLLOWING) | ||
47 | const userSubscriptionsSortValidator = checkSortFactory(SORTABLE_COLUMNS.USER_SUBSCRIPTIONS) | ||
48 | const accountsBlocklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS_BLOCKLIST) | ||
49 | const serversBlocklistSortValidator = checkSortFactory(SORTABLE_COLUMNS.SERVERS_BLOCKLIST) | ||
50 | const userNotificationsSortValidator = checkSortFactory(SORTABLE_COLUMNS.USER_NOTIFICATIONS) | ||
51 | const videoPlaylistsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_PLAYLISTS) | ||
52 | const pluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.PLUGINS) | ||
53 | const availablePluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.AVAILABLE_PLUGINS) | ||
54 | const videoRedundanciesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_REDUNDANCIES) | ||
55 | const videoChannelSyncsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNEL_SYNCS) | ||
56 | |||
57 | const accountsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNT_FOLLOWERS) | ||
58 | const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CHANNEL_FOLLOWERS) | ||
59 | |||
60 | // --------------------------------------------------------------------------- | ||
61 | |||
62 | export { | ||
63 | adminUsersSortValidator, | ||
64 | abusesSortValidator, | ||
65 | videoChannelsSortValidator, | ||
66 | videoImportsSortValidator, | ||
67 | videoCommentsValidator, | ||
68 | videosSearchSortValidator, | ||
69 | videosSortValidator, | ||
70 | blacklistSortValidator, | ||
71 | accountsSortValidator, | ||
72 | instanceFollowersSortValidator, | ||
73 | instanceFollowingSortValidator, | ||
74 | jobsSortValidator, | ||
75 | videoCommentThreadsSortValidator, | ||
76 | videoRatesSortValidator, | ||
77 | userSubscriptionsSortValidator, | ||
78 | availablePluginsSortValidator, | ||
79 | videoChannelsSearchSortValidator, | ||
80 | accountsBlocklistSortValidator, | ||
81 | serversBlocklistSortValidator, | ||
82 | userNotificationsSortValidator, | ||
83 | videoPlaylistsSortValidator, | ||
84 | videoRedundanciesSortValidator, | ||
85 | videoPlaylistsSearchSortValidator, | ||
86 | accountsFollowersSortValidator, | ||
87 | videoChannelsFollowersSortValidator, | ||
88 | videoChannelSyncsSortValidator, | ||
89 | pluginsSortValidator | ||
90 | } | ||
diff --git a/server/middlewares/validators/user-email-verification.ts b/server/middlewares/validators/user-email-verification.ts new file mode 100644 index 000000000..74702a8f5 --- /dev/null +++ b/server/middlewares/validators/user-email-verification.ts | |||
@@ -0,0 +1,94 @@ | |||
1 | import express from 'express' | ||
2 | import { body, param } from 'express-validator' | ||
3 | import { toBooleanOrNull } from '@server/helpers/custom-validators/misc' | ||
4 | import { HttpStatusCode } from '@shared/models' | ||
5 | import { logger } from '../../helpers/logger' | ||
6 | import { Redis } from '../../lib/redis' | ||
7 | import { areValidationErrors, checkUserEmailExist, checkUserIdExist } from './shared' | ||
8 | import { checkRegistrationEmailExist, checkRegistrationIdExist } from './shared/user-registrations' | ||
9 | |||
10 | const usersAskSendVerifyEmailValidator = [ | ||
11 | body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'), | ||
12 | |||
13 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
14 | if (areValidationErrors(req, res)) return | ||
15 | |||
16 | const [ userExists, registrationExists ] = await Promise.all([ | ||
17 | checkUserEmailExist(req.body.email, res, false), | ||
18 | checkRegistrationEmailExist(req.body.email, res, false) | ||
19 | ]) | ||
20 | |||
21 | if (!userExists && !registrationExists) { | ||
22 | logger.debug('User or registration with email %s does not exist (asking verify email).', req.body.email) | ||
23 | // Do not leak our emails | ||
24 | return res.status(HttpStatusCode.NO_CONTENT_204).end() | ||
25 | } | ||
26 | |||
27 | if (res.locals.user?.pluginAuth) { | ||
28 | return res.fail({ | ||
29 | status: HttpStatusCode.CONFLICT_409, | ||
30 | message: 'Cannot ask verification email of a user that uses a plugin authentication.' | ||
31 | }) | ||
32 | } | ||
33 | |||
34 | return next() | ||
35 | } | ||
36 | ] | ||
37 | |||
38 | const usersVerifyEmailValidator = [ | ||
39 | param('id') | ||
40 | .isInt().not().isEmpty().withMessage('Should have a valid id'), | ||
41 | |||
42 | body('verificationString') | ||
43 | .not().isEmpty().withMessage('Should have a valid verification string'), | ||
44 | body('isPendingEmail') | ||
45 | .optional() | ||
46 | .customSanitizer(toBooleanOrNull), | ||
47 | |||
48 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
49 | if (areValidationErrors(req, res)) return | ||
50 | if (!await checkUserIdExist(req.params.id, res)) return | ||
51 | |||
52 | const user = res.locals.user | ||
53 | const redisVerificationString = await Redis.Instance.getUserVerifyEmailLink(user.id) | ||
54 | |||
55 | if (redisVerificationString !== req.body.verificationString) { | ||
56 | return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' }) | ||
57 | } | ||
58 | |||
59 | return next() | ||
60 | } | ||
61 | ] | ||
62 | |||
63 | // --------------------------------------------------------------------------- | ||
64 | |||
65 | const registrationVerifyEmailValidator = [ | ||
66 | param('registrationId') | ||
67 | .isInt().not().isEmpty().withMessage('Should have a valid registrationId'), | ||
68 | |||
69 | body('verificationString') | ||
70 | .not().isEmpty().withMessage('Should have a valid verification string'), | ||
71 | |||
72 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
73 | if (areValidationErrors(req, res)) return | ||
74 | if (!await checkRegistrationIdExist(req.params.registrationId, res)) return | ||
75 | |||
76 | const registration = res.locals.userRegistration | ||
77 | const redisVerificationString = await Redis.Instance.getRegistrationVerifyEmailLink(registration.id) | ||
78 | |||
79 | if (redisVerificationString !== req.body.verificationString) { | ||
80 | return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' }) | ||
81 | } | ||
82 | |||
83 | return next() | ||
84 | } | ||
85 | ] | ||
86 | |||
87 | // --------------------------------------------------------------------------- | ||
88 | |||
89 | export { | ||
90 | usersAskSendVerifyEmailValidator, | ||
91 | usersVerifyEmailValidator, | ||
92 | |||
93 | registrationVerifyEmailValidator | ||
94 | } | ||
diff --git a/server/middlewares/validators/user-registrations.ts b/server/middlewares/validators/user-registrations.ts new file mode 100644 index 000000000..e263c27c5 --- /dev/null +++ b/server/middlewares/validators/user-registrations.ts | |||
@@ -0,0 +1,203 @@ | |||
1 | import express from 'express' | ||
2 | import { body, param, query, ValidationChain } from 'express-validator' | ||
3 | import { exists, isIdValid } from '@server/helpers/custom-validators/misc' | ||
4 | import { isRegistrationModerationResponseValid, isRegistrationReasonValid } from '@server/helpers/custom-validators/user-registration' | ||
5 | import { CONFIG } from '@server/initializers/config' | ||
6 | import { Hooks } from '@server/lib/plugins/hooks' | ||
7 | import { HttpStatusCode, UserRegister, UserRegistrationRequest, UserRegistrationState } from '@shared/models' | ||
8 | import { isUserDisplayNameValid, isUserPasswordValid, isUserUsernameValid } from '../../helpers/custom-validators/users' | ||
9 | import { isVideoChannelDisplayNameValid, isVideoChannelUsernameValid } from '../../helpers/custom-validators/video-channels' | ||
10 | import { isSignupAllowed, isSignupAllowedForCurrentIP, SignupMode } from '../../lib/signup' | ||
11 | import { ActorModel } from '../../models/actor/actor' | ||
12 | import { areValidationErrors, checkUserNameOrEmailDoNotAlreadyExist } from './shared' | ||
13 | import { checkRegistrationHandlesDoNotAlreadyExist, checkRegistrationIdExist } from './shared/user-registrations' | ||
14 | |||
15 | const usersDirectRegistrationValidator = usersCommonRegistrationValidatorFactory() | ||
16 | |||
17 | const usersRequestRegistrationValidator = [ | ||
18 | ...usersCommonRegistrationValidatorFactory([ | ||
19 | body('registrationReason') | ||
20 | .custom(isRegistrationReasonValid) | ||
21 | ]), | ||
22 | |||
23 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
24 | const body: UserRegistrationRequest = req.body | ||
25 | |||
26 | if (CONFIG.SIGNUP.REQUIRES_APPROVAL !== true) { | ||
27 | return res.fail({ | ||
28 | status: HttpStatusCode.BAD_REQUEST_400, | ||
29 | message: 'Signup approval is not enabled on this instance' | ||
30 | }) | ||
31 | } | ||
32 | |||
33 | const options = { username: body.username, email: body.email, channelHandle: body.channel?.name, res } | ||
34 | if (!await checkRegistrationHandlesDoNotAlreadyExist(options)) return | ||
35 | |||
36 | return next() | ||
37 | } | ||
38 | ] | ||
39 | |||
40 | // --------------------------------------------------------------------------- | ||
41 | |||
42 | function ensureUserRegistrationAllowedFactory (signupMode: SignupMode) { | ||
43 | return async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
44 | const allowedParams = { | ||
45 | body: req.body, | ||
46 | ip: req.ip, | ||
47 | signupMode | ||
48 | } | ||
49 | |||
50 | const allowedResult = await Hooks.wrapPromiseFun( | ||
51 | isSignupAllowed, | ||
52 | allowedParams, | ||
53 | |||
54 | signupMode === 'direct-registration' | ||
55 | ? 'filter:api.user.signup.allowed.result' | ||
56 | : 'filter:api.user.request-signup.allowed.result' | ||
57 | ) | ||
58 | |||
59 | if (allowedResult.allowed === false) { | ||
60 | return res.fail({ | ||
61 | status: HttpStatusCode.FORBIDDEN_403, | ||
62 | message: allowedResult.errorMessage || 'User registration is not enabled, user limit is reached or registration requires approval.' | ||
63 | }) | ||
64 | } | ||
65 | |||
66 | return next() | ||
67 | } | ||
68 | } | ||
69 | |||
70 | const ensureUserRegistrationAllowedForIP = [ | ||
71 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
72 | const allowed = isSignupAllowedForCurrentIP(req.ip) | ||
73 | |||
74 | if (allowed === false) { | ||
75 | return res.fail({ | ||
76 | status: HttpStatusCode.FORBIDDEN_403, | ||
77 | message: 'You are not on a network authorized for registration.' | ||
78 | }) | ||
79 | } | ||
80 | |||
81 | return next() | ||
82 | } | ||
83 | ] | ||
84 | |||
85 | // --------------------------------------------------------------------------- | ||
86 | |||
87 | const acceptOrRejectRegistrationValidator = [ | ||
88 | param('registrationId') | ||
89 | .custom(isIdValid), | ||
90 | |||
91 | body('moderationResponse') | ||
92 | .custom(isRegistrationModerationResponseValid), | ||
93 | |||
94 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
95 | if (areValidationErrors(req, res)) return | ||
96 | if (!await checkRegistrationIdExist(req.params.registrationId, res)) return | ||
97 | |||
98 | if (res.locals.userRegistration.state !== UserRegistrationState.PENDING) { | ||
99 | return res.fail({ | ||
100 | status: HttpStatusCode.CONFLICT_409, | ||
101 | message: 'This registration is already accepted or rejected.' | ||
102 | }) | ||
103 | } | ||
104 | |||
105 | return next() | ||
106 | } | ||
107 | ] | ||
108 | |||
109 | // --------------------------------------------------------------------------- | ||
110 | |||
111 | const getRegistrationValidator = [ | ||
112 | param('registrationId') | ||
113 | .custom(isIdValid), | ||
114 | |||
115 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
116 | if (areValidationErrors(req, res)) return | ||
117 | if (!await checkRegistrationIdExist(req.params.registrationId, res)) return | ||
118 | |||
119 | return next() | ||
120 | } | ||
121 | ] | ||
122 | |||
123 | // --------------------------------------------------------------------------- | ||
124 | |||
125 | const listRegistrationsValidator = [ | ||
126 | query('search') | ||
127 | .optional() | ||
128 | .custom(exists), | ||
129 | |||
130 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
131 | if (areValidationErrors(req, res)) return | ||
132 | |||
133 | return next() | ||
134 | } | ||
135 | ] | ||
136 | |||
137 | // --------------------------------------------------------------------------- | ||
138 | |||
139 | export { | ||
140 | usersDirectRegistrationValidator, | ||
141 | usersRequestRegistrationValidator, | ||
142 | |||
143 | ensureUserRegistrationAllowedFactory, | ||
144 | ensureUserRegistrationAllowedForIP, | ||
145 | |||
146 | getRegistrationValidator, | ||
147 | listRegistrationsValidator, | ||
148 | |||
149 | acceptOrRejectRegistrationValidator | ||
150 | } | ||
151 | |||
152 | // --------------------------------------------------------------------------- | ||
153 | |||
154 | function usersCommonRegistrationValidatorFactory (additionalValidationChain: ValidationChain[] = []) { | ||
155 | return [ | ||
156 | body('username') | ||
157 | .custom(isUserUsernameValid), | ||
158 | body('password') | ||
159 | .custom(isUserPasswordValid), | ||
160 | body('email') | ||
161 | .isEmail(), | ||
162 | body('displayName') | ||
163 | .optional() | ||
164 | .custom(isUserDisplayNameValid), | ||
165 | |||
166 | body('channel.name') | ||
167 | .optional() | ||
168 | .custom(isVideoChannelUsernameValid), | ||
169 | body('channel.displayName') | ||
170 | .optional() | ||
171 | .custom(isVideoChannelDisplayNameValid), | ||
172 | |||
173 | ...additionalValidationChain, | ||
174 | |||
175 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
176 | if (areValidationErrors(req, res, { omitBodyLog: true })) return | ||
177 | |||
178 | const body: UserRegister | UserRegistrationRequest = req.body | ||
179 | |||
180 | if (!await checkUserNameOrEmailDoNotAlreadyExist(body.username, body.email, res)) return | ||
181 | |||
182 | if (body.channel) { | ||
183 | if (!body.channel.name || !body.channel.displayName) { | ||
184 | return res.fail({ message: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) | ||
185 | } | ||
186 | |||
187 | if (body.channel.name === body.username) { | ||
188 | return res.fail({ message: 'Channel name cannot be the same as user username.' }) | ||
189 | } | ||
190 | |||
191 | const existing = await ActorModel.loadLocalByName(body.channel.name) | ||
192 | if (existing) { | ||
193 | return res.fail({ | ||
194 | status: HttpStatusCode.CONFLICT_409, | ||
195 | message: `Channel with name ${body.channel.name} already exists.` | ||
196 | }) | ||
197 | } | ||
198 | } | ||
199 | |||
200 | return next() | ||
201 | } | ||
202 | ] | ||
203 | } | ||
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 64bd9ca70..f7033f44a 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -1,8 +1,7 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { body, param, query } from 'express-validator' | 2 | import { body, param, query } from 'express-validator' |
3 | import { Hooks } from '@server/lib/plugins/hooks' | ||
4 | import { forceNumber } from '@shared/core-utils' | 3 | import { forceNumber } from '@shared/core-utils' |
5 | import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models' | 4 | import { HttpStatusCode, UserRight, UserRole } from '@shared/models' |
6 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' | 5 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' |
7 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' | 6 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' |
8 | import { | 7 | import { |
@@ -24,17 +23,16 @@ import { | |||
24 | isUserVideoQuotaValid, | 23 | isUserVideoQuotaValid, |
25 | isUserVideosHistoryEnabledValid | 24 | isUserVideosHistoryEnabledValid |
26 | } from '../../helpers/custom-validators/users' | 25 | } from '../../helpers/custom-validators/users' |
27 | import { isVideoChannelDisplayNameValid, isVideoChannelUsernameValid } from '../../helpers/custom-validators/video-channels' | 26 | import { isVideoChannelUsernameValid } from '../../helpers/custom-validators/video-channels' |
28 | import { logger } from '../../helpers/logger' | 27 | import { logger } from '../../helpers/logger' |
29 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' | 28 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' |
30 | import { Redis } from '../../lib/redis' | 29 | import { Redis } from '../../lib/redis' |
31 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup' | ||
32 | import { ActorModel } from '../../models/actor/actor' | 30 | import { ActorModel } from '../../models/actor/actor' |
33 | import { | 31 | import { |
34 | areValidationErrors, | 32 | areValidationErrors, |
35 | checkUserEmailExist, | 33 | checkUserEmailExist, |
36 | checkUserIdExist, | 34 | checkUserIdExist, |
37 | checkUserNameOrEmailDoesNotAlreadyExist, | 35 | checkUserNameOrEmailDoNotAlreadyExist, |
38 | doesVideoChannelIdExist, | 36 | doesVideoChannelIdExist, |
39 | doesVideoExist, | 37 | doesVideoExist, |
40 | isValidVideoIdParam | 38 | isValidVideoIdParam |
@@ -81,7 +79,7 @@ const usersAddValidator = [ | |||
81 | 79 | ||
82 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 80 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
83 | if (areValidationErrors(req, res, { omitBodyLog: true })) return | 81 | if (areValidationErrors(req, res, { omitBodyLog: true })) return |
84 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return | 82 | if (!await checkUserNameOrEmailDoNotAlreadyExist(req.body.username, req.body.email, res)) return |
85 | 83 | ||
86 | const authUser = res.locals.oauth.token.User | 84 | const authUser = res.locals.oauth.token.User |
87 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { | 85 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { |
@@ -109,51 +107,6 @@ const usersAddValidator = [ | |||
109 | } | 107 | } |
110 | ] | 108 | ] |
111 | 109 | ||
112 | const usersRegisterValidator = [ | ||
113 | body('username') | ||
114 | .custom(isUserUsernameValid), | ||
115 | body('password') | ||
116 | .custom(isUserPasswordValid), | ||
117 | body('email') | ||
118 | .isEmail(), | ||
119 | body('displayName') | ||
120 | .optional() | ||
121 | .custom(isUserDisplayNameValid), | ||
122 | |||
123 | body('channel.name') | ||
124 | .optional() | ||
125 | .custom(isVideoChannelUsernameValid), | ||
126 | body('channel.displayName') | ||
127 | .optional() | ||
128 | .custom(isVideoChannelDisplayNameValid), | ||
129 | |||
130 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
131 | if (areValidationErrors(req, res, { omitBodyLog: true })) return | ||
132 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return | ||
133 | |||
134 | const body: UserRegister = req.body | ||
135 | if (body.channel) { | ||
136 | if (!body.channel.name || !body.channel.displayName) { | ||
137 | return res.fail({ message: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) | ||
138 | } | ||
139 | |||
140 | if (body.channel.name === body.username) { | ||
141 | return res.fail({ message: 'Channel name cannot be the same as user username.' }) | ||
142 | } | ||
143 | |||
144 | const existing = await ActorModel.loadLocalByName(body.channel.name) | ||
145 | if (existing) { | ||
146 | return res.fail({ | ||
147 | status: HttpStatusCode.CONFLICT_409, | ||
148 | message: `Channel with name ${body.channel.name} already exists.` | ||
149 | }) | ||
150 | } | ||
151 | } | ||
152 | |||
153 | return next() | ||
154 | } | ||
155 | ] | ||
156 | |||
157 | const usersRemoveValidator = [ | 110 | const usersRemoveValidator = [ |
158 | param('id') | 111 | param('id') |
159 | .custom(isIdValid), | 112 | .custom(isIdValid), |
@@ -365,45 +318,6 @@ const usersVideosValidator = [ | |||
365 | } | 318 | } |
366 | ] | 319 | ] |
367 | 320 | ||
368 | const ensureUserRegistrationAllowed = [ | ||
369 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
370 | const allowedParams = { | ||
371 | body: req.body, | ||
372 | ip: req.ip | ||
373 | } | ||
374 | |||
375 | const allowedResult = await Hooks.wrapPromiseFun( | ||
376 | isSignupAllowed, | ||
377 | allowedParams, | ||
378 | 'filter:api.user.signup.allowed.result' | ||
379 | ) | ||
380 | |||
381 | if (allowedResult.allowed === false) { | ||
382 | return res.fail({ | ||
383 | status: HttpStatusCode.FORBIDDEN_403, | ||
384 | message: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' | ||
385 | }) | ||
386 | } | ||
387 | |||
388 | return next() | ||
389 | } | ||
390 | ] | ||
391 | |||
392 | const ensureUserRegistrationAllowedForIP = [ | ||
393 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
394 | const allowed = isSignupAllowedForCurrentIP(req.ip) | ||
395 | |||
396 | if (allowed === false) { | ||
397 | return res.fail({ | ||
398 | status: HttpStatusCode.FORBIDDEN_403, | ||
399 | message: 'You are not on a network authorized for registration.' | ||
400 | }) | ||
401 | } | ||
402 | |||
403 | return next() | ||
404 | } | ||
405 | ] | ||
406 | |||
407 | const usersAskResetPasswordValidator = [ | 321 | const usersAskResetPasswordValidator = [ |
408 | body('email') | 322 | body('email') |
409 | .isEmail(), | 323 | .isEmail(), |
@@ -455,58 +369,6 @@ const usersResetPasswordValidator = [ | |||
455 | } | 369 | } |
456 | ] | 370 | ] |
457 | 371 | ||
458 | const usersAskSendVerifyEmailValidator = [ | ||
459 | body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'), | ||
460 | |||
461 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
462 | if (areValidationErrors(req, res)) return | ||
463 | |||
464 | const exists = await checkUserEmailExist(req.body.email, res, false) | ||
465 | if (!exists) { | ||
466 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) | ||
467 | // Do not leak our emails | ||
468 | return res.status(HttpStatusCode.NO_CONTENT_204).end() | ||
469 | } | ||
470 | |||
471 | if (res.locals.user.pluginAuth) { | ||
472 | return res.fail({ | ||
473 | status: HttpStatusCode.CONFLICT_409, | ||
474 | message: 'Cannot ask verification email of a user that uses a plugin authentication.' | ||
475 | }) | ||
476 | } | ||
477 | |||
478 | return next() | ||
479 | } | ||
480 | ] | ||
481 | |||
482 | const usersVerifyEmailValidator = [ | ||
483 | param('id') | ||
484 | .isInt().not().isEmpty().withMessage('Should have a valid id'), | ||
485 | |||
486 | body('verificationString') | ||
487 | .not().isEmpty().withMessage('Should have a valid verification string'), | ||
488 | body('isPendingEmail') | ||
489 | .optional() | ||
490 | .customSanitizer(toBooleanOrNull), | ||
491 | |||
492 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
493 | if (areValidationErrors(req, res)) return | ||
494 | if (!await checkUserIdExist(req.params.id, res)) return | ||
495 | |||
496 | const user = res.locals.user | ||
497 | const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id) | ||
498 | |||
499 | if (redisVerificationString !== req.body.verificationString) { | ||
500 | return res.fail({ | ||
501 | status: HttpStatusCode.FORBIDDEN_403, | ||
502 | message: 'Invalid verification string.' | ||
503 | }) | ||
504 | } | ||
505 | |||
506 | return next() | ||
507 | } | ||
508 | ] | ||
509 | |||
510 | const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Request) => number | string) => { | 372 | const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Request) => number | string) => { |
511 | return [ | 373 | return [ |
512 | body('currentPassword').optional().custom(exists), | 374 | body('currentPassword').optional().custom(exists), |
@@ -603,21 +465,16 @@ export { | |||
603 | usersListValidator, | 465 | usersListValidator, |
604 | usersAddValidator, | 466 | usersAddValidator, |
605 | deleteMeValidator, | 467 | deleteMeValidator, |
606 | usersRegisterValidator, | ||
607 | usersBlockingValidator, | 468 | usersBlockingValidator, |
608 | usersRemoveValidator, | 469 | usersRemoveValidator, |
609 | usersUpdateValidator, | 470 | usersUpdateValidator, |
610 | usersUpdateMeValidator, | 471 | usersUpdateMeValidator, |
611 | usersVideoRatingValidator, | 472 | usersVideoRatingValidator, |
612 | usersCheckCurrentPasswordFactory, | 473 | usersCheckCurrentPasswordFactory, |
613 | ensureUserRegistrationAllowed, | ||
614 | ensureUserRegistrationAllowedForIP, | ||
615 | usersGetValidator, | 474 | usersGetValidator, |
616 | usersVideosValidator, | 475 | usersVideosValidator, |
617 | usersAskResetPasswordValidator, | 476 | usersAskResetPasswordValidator, |
618 | usersResetPasswordValidator, | 477 | usersResetPasswordValidator, |
619 | usersAskSendVerifyEmailValidator, | ||
620 | usersVerifyEmailValidator, | ||
621 | userAutocompleteValidator, | 478 | userAutocompleteValidator, |
622 | ensureAuthUserOwnsAccountValidator, | 479 | ensureAuthUserOwnsAccountValidator, |
623 | ensureCanModerateUser, | 480 | ensureCanModerateUser, |