diff options
Diffstat (limited to 'server/controllers/api/users.ts')
| -rw-r--r-- | server/controllers/api/users.ts | 78 |
1 files changed, 67 insertions, 11 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index c80f27a23..879ba3f91 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
| @@ -29,7 +29,12 @@ import { | |||
| 29 | usersUpdateValidator, | 29 | usersUpdateValidator, |
| 30 | usersVideoRatingValidator | 30 | usersVideoRatingValidator |
| 31 | } from '../../middlewares' | 31 | } from '../../middlewares' |
| 32 | import { usersAskResetPasswordValidator, usersResetPasswordValidator, videosSortValidator } from '../../middlewares/validators' | 32 | import { |
| 33 | usersAskResetPasswordValidator, | ||
| 34 | usersResetPasswordValidator, | ||
| 35 | videoImportsSortValidator, | ||
| 36 | videosSortValidator | ||
| 37 | } from '../../middlewares/validators' | ||
| 33 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' | 38 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' |
| 34 | import { UserModel } from '../../models/account/user' | 39 | import { UserModel } from '../../models/account/user' |
| 35 | import { OAuthTokenModel } from '../../models/oauth/oauth-token' | 40 | import { OAuthTokenModel } from '../../models/oauth/oauth-token' |
| @@ -39,6 +44,10 @@ import { createReqFiles } from '../../helpers/express-utils' | |||
| 39 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' | 44 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' |
| 40 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' | 45 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' |
| 41 | import { updateActorAvatarFile } from '../../lib/avatar' | 46 | import { updateActorAvatarFile } from '../../lib/avatar' |
| 47 | import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger' | ||
| 48 | import { VideoImportModel } from '../../models/video/video-import' | ||
| 49 | |||
| 50 | const auditLogger = auditLoggerFactory('users') | ||
| 42 | 51 | ||
| 43 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) | 52 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) |
| 44 | const loginRateLimiter = new RateLimit({ | 53 | const loginRateLimiter = new RateLimit({ |
| @@ -59,6 +68,15 @@ usersRouter.get('/me/video-quota-used', | |||
| 59 | asyncMiddleware(getUserVideoQuotaUsed) | 68 | asyncMiddleware(getUserVideoQuotaUsed) |
| 60 | ) | 69 | ) |
| 61 | 70 | ||
| 71 | usersRouter.get('/me/videos/imports', | ||
| 72 | authenticate, | ||
| 73 | paginationValidator, | ||
| 74 | videoImportsSortValidator, | ||
| 75 | setDefaultSort, | ||
| 76 | setDefaultPagination, | ||
| 77 | asyncMiddleware(getUserVideoImports) | ||
| 78 | ) | ||
| 79 | |||
| 62 | usersRouter.get('/me/videos', | 80 | usersRouter.get('/me/videos', |
| 63 | authenticate, | 81 | authenticate, |
| 64 | paginationValidator, | 82 | paginationValidator, |
| @@ -175,6 +193,18 @@ async function getUserVideos (req: express.Request, res: express.Response, next: | |||
| 175 | return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes })) | 193 | return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes })) |
| 176 | } | 194 | } |
| 177 | 195 | ||
| 196 | async function getUserVideoImports (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
| 197 | const user = res.locals.oauth.token.User as UserModel | ||
| 198 | const resultList = await VideoImportModel.listUserVideoImportsForApi( | ||
| 199 | user.Account.id, | ||
| 200 | req.query.start as number, | ||
| 201 | req.query.count as number, | ||
| 202 | req.query.sort | ||
| 203 | ) | ||
| 204 | |||
| 205 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | ||
| 206 | } | ||
| 207 | |||
| 178 | async function createUser (req: express.Request, res: express.Response) { | 208 | async function createUser (req: express.Request, res: express.Response) { |
| 179 | const body: UserCreate = req.body | 209 | const body: UserCreate = req.body |
| 180 | const userToCreate = new UserModel({ | 210 | const userToCreate = new UserModel({ |
| @@ -189,6 +219,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
| 189 | 219 | ||
| 190 | const { user, account } = await createUserAccountAndChannel(userToCreate) | 220 | const { user, account } = await createUserAccountAndChannel(userToCreate) |
| 191 | 221 | ||
| 222 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
| 192 | logger.info('User %s with its channel and account created.', body.username) | 223 | logger.info('User %s with its channel and account created.', body.username) |
| 193 | 224 | ||
| 194 | return res.json({ | 225 | return res.json({ |
| @@ -205,7 +236,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
| 205 | async function registerUser (req: express.Request, res: express.Response) { | 236 | async function registerUser (req: express.Request, res: express.Response) { |
| 206 | const body: UserCreate = req.body | 237 | const body: UserCreate = req.body |
| 207 | 238 | ||
| 208 | const user = new UserModel({ | 239 | const userToCreate = new UserModel({ |
| 209 | username: body.username, | 240 | username: body.username, |
| 210 | password: body.password, | 241 | password: body.password, |
| 211 | email: body.email, | 242 | email: body.email, |
| @@ -215,8 +246,9 @@ async function registerUser (req: express.Request, res: express.Response) { | |||
| 215 | videoQuota: CONFIG.USER.VIDEO_QUOTA | 246 | videoQuota: CONFIG.USER.VIDEO_QUOTA |
| 216 | }) | 247 | }) |
| 217 | 248 | ||
| 218 | await createUserAccountAndChannel(user) | 249 | const { user } = await createUserAccountAndChannel(userToCreate) |
| 219 | 250 | ||
| 251 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) | ||
| 220 | logger.info('User %s with its channel and account registered.', body.username) | 252 | logger.info('User %s with its channel and account registered.', body.username) |
| 221 | 253 | ||
| 222 | return res.type('json').status(204).end() | 254 | return res.type('json').status(204).end() |
| @@ -269,6 +301,8 @@ async function removeUser (req: express.Request, res: express.Response, next: ex | |||
| 269 | 301 | ||
| 270 | await user.destroy() | 302 | await user.destroy() |
| 271 | 303 | ||
| 304 | auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
| 305 | |||
| 272 | return res.sendStatus(204) | 306 | return res.sendStatus(204) |
| 273 | } | 307 | } |
| 274 | 308 | ||
| @@ -276,6 +310,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 276 | const body: UserUpdateMe = req.body | 310 | const body: UserUpdateMe = req.body |
| 277 | 311 | ||
| 278 | const user: UserModel = res.locals.oauth.token.user | 312 | const user: UserModel = res.locals.oauth.token.user |
| 313 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
| 279 | 314 | ||
| 280 | if (body.password !== undefined) user.password = body.password | 315 | if (body.password !== undefined) user.password = body.password |
| 281 | if (body.email !== undefined) user.email = body.email | 316 | if (body.email !== undefined) user.email = body.email |
| @@ -290,6 +325,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 290 | await user.Account.save({ transaction: t }) | 325 | await user.Account.save({ transaction: t }) |
| 291 | 326 | ||
| 292 | await sendUpdateActor(user.Account, t) | 327 | await sendUpdateActor(user.Account, t) |
| 328 | |||
| 329 | auditLogger.update( | ||
| 330 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 331 | new UserAuditView(user.toFormattedJSON()), | ||
| 332 | oldUserAuditView | ||
| 333 | ) | ||
| 293 | }) | 334 | }) |
| 294 | 335 | ||
| 295 | return res.sendStatus(204) | 336 | return res.sendStatus(204) |
| @@ -297,10 +338,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 297 | 338 | ||
| 298 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { | 339 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 299 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] | 340 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] |
| 300 | const account = res.locals.oauth.token.user.Account | 341 | const user: UserModel = res.locals.oauth.token.user |
| 342 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
| 343 | const account = user.Account | ||
| 301 | 344 | ||
| 302 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) | 345 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) |
| 303 | 346 | ||
| 347 | auditLogger.update( | ||
| 348 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 349 | new UserAuditView(user.toFormattedJSON()), | ||
| 350 | oldUserAuditView | ||
| 351 | ) | ||
| 352 | |||
| 304 | return res | 353 | return res |
| 305 | .json({ | 354 | .json({ |
| 306 | avatar: avatar.toFormattedJSON() | 355 | avatar: avatar.toFormattedJSON() |
| @@ -310,20 +359,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next | |||
| 310 | 359 | ||
| 311 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 360 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 312 | const body: UserUpdate = req.body | 361 | const body: UserUpdate = req.body |
| 313 | const user = res.locals.user as UserModel | 362 | const userToUpdate = res.locals.user as UserModel |
| 314 | const roleChanged = body.role !== undefined && body.role !== user.role | 363 | const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) |
| 364 | const roleChanged = body.role !== undefined && body.role !== userToUpdate.role | ||
| 315 | 365 | ||
| 316 | if (body.email !== undefined) user.email = body.email | 366 | if (body.email !== undefined) userToUpdate.email = body.email |
| 317 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | 367 | if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota |
| 318 | if (body.role !== undefined) user.role = body.role | 368 | if (body.role !== undefined) userToUpdate.role = body.role |
| 319 | 369 | ||
| 320 | await user.save() | 370 | const user = await userToUpdate.save() |
| 321 | 371 | ||
| 322 | // Destroy user token to refresh rights | 372 | // Destroy user token to refresh rights |
| 323 | if (roleChanged) { | 373 | if (roleChanged) { |
| 324 | await OAuthTokenModel.deleteUserToken(user.id) | 374 | await OAuthTokenModel.deleteUserToken(userToUpdate.id) |
| 325 | } | 375 | } |
| 326 | 376 | ||
| 377 | auditLogger.update( | ||
| 378 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 379 | new UserAuditView(user.toFormattedJSON()), | ||
| 380 | oldUserAuditView | ||
| 381 | ) | ||
| 382 | |||
| 327 | // Don't need to send this update to followers, these attributes are not propagated | 383 | // Don't need to send this update to followers, these attributes are not propagated |
| 328 | 384 | ||
| 329 | return res.sendStatus(204) | 385 | return res.sendStatus(204) |