1 files changed, 236 insertions, 0 deletions
diff --git a/server/controllers/api/users/registrations.ts b/server/controllers/api/users/registrations.ts
new file mode 100644
index 000000000..3d4e0aa18
--- /dev/null
+++ b/server/controllers/api/users/registrations.ts
@@ -0,0 +1,236 @@
+import express from 'express'
+import { Emailer } from '@server/lib/emailer'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { UserRegistrationModel } from '@server/models/user/user-registration'
+import { pick } from '@shared/core-utils'
+import { HttpStatusCode, UserRegister, UserRegistrationRequest, UserRegistrationState, UserRight } from '@shared/models'
+import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { logger } from '../../../helpers/logger'
+import { CONFIG } from '../../../initializers/config'
+import { Notifier } from '../../../lib/notifier'
+import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyRegistrationEmail, sendVerifyUserEmail } from '../../../lib/user'
+import {
+  acceptOrRejectRegistrationValidator,
+  asyncMiddleware,
+  asyncRetryTransactionMiddleware,
+  authenticate,
+  buildRateLimiter,
+  ensureUserHasRight,
+  ensureUserRegistrationAllowedFactory,
+  ensureUserRegistrationAllowedForIP,
+  getRegistrationValidator,
+  listRegistrationsValidator,
+  paginationValidator,
+  setDefaultPagination,
+  setDefaultSort,
+  userRegistrationsSortValidator,
+  usersDirectRegistrationValidator,
+  usersRequestRegistrationValidator
+} from '../../../middlewares'
+const auditLogger = auditLoggerFactory('users')
+const registrationRateLimiter = buildRateLimiter({
+  windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
+  max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
+  skipFailedRequests: true
+})
+const registrationsRouter = express.Router()
+registrationsRouter.post('/registrations/request',
+  registrationRateLimiter,
+  asyncMiddleware(ensureUserRegistrationAllowedFactory('request-registration')),
+  ensureUserRegistrationAllowedForIP,
+  asyncMiddleware(usersRequestRegistrationValidator),
+  asyncRetryTransactionMiddleware(requestRegistration)
+)
+registrationsRouter.post('/registrations/:registrationId/accept',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(acceptOrRejectRegistrationValidator),
+  asyncRetryTransactionMiddleware(acceptRegistration)
+)
+registrationsRouter.post('/registrations/:registrationId/reject',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(acceptOrRejectRegistrationValidator),
+  asyncRetryTransactionMiddleware(rejectRegistration)
+)
+registrationsRouter.delete('/registrations/:registrationId',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(getRegistrationValidator),
+  asyncRetryTransactionMiddleware(deleteRegistration)
+)
+registrationsRouter.get('/registrations',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  paginationValidator,
+  userRegistrationsSortValidator,
+  setDefaultSort,
+  setDefaultPagination,
+  listRegistrationsValidator,
+  asyncMiddleware(listRegistrations)
+)
+registrationsRouter.post('/register',
+  registrationRateLimiter,
+  asyncMiddleware(ensureUserRegistrationAllowedFactory('direct-registration')),
+  ensureUserRegistrationAllowedForIP,
+  asyncMiddleware(usersDirectRegistrationValidator),
+  asyncRetryTransactionMiddleware(registerUser)
+)
+// ---------------------------------------------------------------------------
+export {
+  registrationsRouter
+}
+// ---------------------------------------------------------------------------
+async function requestRegistration (req: express.Request, res: express.Response) {
+  const body: UserRegistrationRequest = req.body
+  const registration = new UserRegistrationModel({
+    ...pick(body, [ 'username', 'password', 'email', 'registrationReason' ]),
+    accountDisplayName: body.displayName,
+    channelDisplayName: body.channel?.displayName,
+    channelHandle: body.channel?.name,
+    state: UserRegistrationState.PENDING,
+    emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
+  })
+  await registration.save()
+  if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
+    await sendVerifyRegistrationEmail(registration)
+  }
+  Notifier.Instance.notifyOnNewRegistrationRequest(registration)
+  Hooks.runAction('action:api.user.requested-registration', { body, registration, req, res })
+  return res.json(registration.toFormattedJSON())
+}
+// ---------------------------------------------------------------------------
+async function acceptRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  const userToCreate = buildUser({
+    username: registration.username,
+    password: registration.password,
+    email: registration.email,
+    emailVerified: registration.emailVerified
+  })
+  // We already encrypted password in registration model
+  userToCreate.skipPasswordEncryption = true
+  // TODO: handle conflicts if someone else created a channel handle/user handle/user email between registration and approval
+  const { user } = await createUserAccountAndChannelAndPlaylist({
+    userToCreate,
+    userDisplayName: registration.accountDisplayName,
+    channelNames: registration.channelHandle && registration.channelDisplayName
+      ? {
+        name: registration.channelHandle,
+        displayName: registration.channelDisplayName
+      }
+      : undefined
+  })
+  registration.userId = user.id
+  registration.state = UserRegistrationState.ACCEPTED
+  registration.moderationResponse = req.body.moderationResponse
+  await registration.save()
+  logger.info('Registration of %s accepted', registration.username)
+  Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+async function rejectRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  registration.state = UserRegistrationState.REJECTED
+  registration.moderationResponse = req.body.moderationResponse
+  await registration.save()
+  Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
+  logger.info('Registration of %s rejected', registration.username)
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+// ---------------------------------------------------------------------------
+async function deleteRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  await registration.destroy()
+  logger.info('Registration of %s deleted', registration.username)
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+// ---------------------------------------------------------------------------
+async function listRegistrations (req: express.Request, res: express.Response) {
+  const resultList = await UserRegistrationModel.listForApi({
+    start: req.query.start,
+    count: req.query.count,
+    sort: req.query.sort,
+    search: req.query.search
+  })
+  return res.json({
+    total: resultList.total,
+    data: resultList.data.map(d => d.toFormattedJSON())
+  })
+}
+// ---------------------------------------------------------------------------
+async function registerUser (req: express.Request, res: express.Response) {
+  const body: UserRegister = req.body
+  const userToCreate = buildUser({
+    ...pick(body, [ 'username', 'password', 'email' ]),
+    emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
+  })
+  const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
+    userToCreate,
+    userDisplayName: body.displayName || undefined,
+    channelNames: body.channel
+  })
+  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
+  logger.info('User %s with its channel and account registered.', body.username)
+  if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
+    await sendVerifyUserEmail(user)
+  }
+  Notifier.Instance.notifyOnNewDirectRegistration(user)
+  Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res })
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}

diff --git a/server/controllers/api/users/registrations.ts b/server/controllers/api/users/registrations.ts new file mode 100644 index 000000000..3d4e0aa18 --- /dev/null +++ b/server/controllers/api/users/registrations.ts
@@ -0,0 +1,236 @@
	1	import express from 'express'
	2	import { Emailer } from '@server/lib/emailer'
	3	import { Hooks } from '@server/lib/plugins/hooks'
	4	import { UserRegistrationModel } from '@server/models/user/user-registration'
	5	import { pick } from '@shared/core-utils'
	6	import { HttpStatusCode, UserRegister, UserRegistrationRequest, UserRegistrationState, UserRight } from '@shared/models'
	7	import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
	8	import { logger } from '../../../helpers/logger'
	9	import { CONFIG } from '../../../initializers/config'
	10	import { Notifier } from '../../../lib/notifier'
	11	import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyRegistrationEmail, sendVerifyUserEmail } from '../../../lib/user'
	12	import {
	13	acceptOrRejectRegistrationValidator,
	14	asyncMiddleware,
	15	asyncRetryTransactionMiddleware,
	16	authenticate,
	17	buildRateLimiter,
	18	ensureUserHasRight,
	19	ensureUserRegistrationAllowedFactory,
	20	ensureUserRegistrationAllowedForIP,
	21	getRegistrationValidator,
	22	listRegistrationsValidator,
	23	paginationValidator,
	24	setDefaultPagination,
	25	setDefaultSort,
	26	userRegistrationsSortValidator,
	27	usersDirectRegistrationValidator,
	28	usersRequestRegistrationValidator
	29	} from '../../../middlewares'
	30
	31	const auditLogger = auditLoggerFactory('users')
	32
	33	const registrationRateLimiter = buildRateLimiter({
	34	windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
	35	max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
	36	skipFailedRequests: true
	37	})
	38
	39	const registrationsRouter = express.Router()
	40
	41	registrationsRouter.post('/registrations/request',
	42	registrationRateLimiter,
	43	asyncMiddleware(ensureUserRegistrationAllowedFactory('request-registration')),
	44	ensureUserRegistrationAllowedForIP,
	45	asyncMiddleware(usersRequestRegistrationValidator),
	46	asyncRetryTransactionMiddleware(requestRegistration)
	47	)
	48
	49	registrationsRouter.post('/registrations/:registrationId/accept',
	50	authenticate,
	51	ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
	52	asyncMiddleware(acceptOrRejectRegistrationValidator),
	53	asyncRetryTransactionMiddleware(acceptRegistration)
	54	)
	55	registrationsRouter.post('/registrations/:registrationId/reject',
	56	authenticate,
	57	ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
	58	asyncMiddleware(acceptOrRejectRegistrationValidator),
	59	asyncRetryTransactionMiddleware(rejectRegistration)
	60	)
	61
	62	registrationsRouter.delete('/registrations/:registrationId',
	63	authenticate,
	64	ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
	65	asyncMiddleware(getRegistrationValidator),
	66	asyncRetryTransactionMiddleware(deleteRegistration)
	67	)
	68
	69	registrationsRouter.get('/registrations',
	70	authenticate,
	71	ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
	72	paginationValidator,
	73	userRegistrationsSortValidator,
	74	setDefaultSort,
	75	setDefaultPagination,
	76	listRegistrationsValidator,
	77	asyncMiddleware(listRegistrations)
	78	)
	79
	80	registrationsRouter.post('/register',
	81	registrationRateLimiter,
	82	asyncMiddleware(ensureUserRegistrationAllowedFactory('direct-registration')),
	83	ensureUserRegistrationAllowedForIP,
	84	asyncMiddleware(usersDirectRegistrationValidator),
	85	asyncRetryTransactionMiddleware(registerUser)
	86	)
	87
	88	// ---------------------------------------------------------------------------
	89
	90	export {
	91	registrationsRouter
	92	}
	93
	94	// ---------------------------------------------------------------------------
	95
	96	async function requestRegistration (req: express.Request, res: express.Response) {
	97	const body: UserRegistrationRequest = req.body
	98
	99	const registration = new UserRegistrationModel({
	100	...pick(body, [ 'username', 'password', 'email', 'registrationReason' ]),
	101
	102	accountDisplayName: body.displayName,
	103	channelDisplayName: body.channel?.displayName,
	104	channelHandle: body.channel?.name,
	105
	106	state: UserRegistrationState.PENDING,
	107
	108	emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
	109	})
	110
	111	await registration.save()
	112
	113	if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
	114	await sendVerifyRegistrationEmail(registration)
	115	}
	116
	117	Notifier.Instance.notifyOnNewRegistrationRequest(registration)
	118
	119	Hooks.runAction('action:api.user.requested-registration', { body, registration, req, res })
	120
	121	return res.json(registration.toFormattedJSON())
	122	}
	123
	124	// ---------------------------------------------------------------------------
	125
	126	async function acceptRegistration (req: express.Request, res: express.Response) {
	127	const registration = res.locals.userRegistration
	128
	129	const userToCreate = buildUser({
	130	username: registration.username,
	131	password: registration.password,
	132	email: registration.email,
	133	emailVerified: registration.emailVerified
	134	})
	135	// We already encrypted password in registration model
	136	userToCreate.skipPasswordEncryption = true
	137
	138	// TODO: handle conflicts if someone else created a channel handle/user handle/user email between registration and approval
	139
	140	const { user } = await createUserAccountAndChannelAndPlaylist({
	141	userToCreate,
	142	userDisplayName: registration.accountDisplayName,
	143	channelNames: registration.channelHandle && registration.channelDisplayName
	144	? {
	145	name: registration.channelHandle,
	146	displayName: registration.channelDisplayName
	147	}
	148	: undefined
	149	})
	150
	151	registration.userId = user.id
	152	registration.state = UserRegistrationState.ACCEPTED
	153	registration.moderationResponse = req.body.moderationResponse
	154
	155	await registration.save()
	156
	157	logger.info('Registration of %s accepted', registration.username)
	158
	159	Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
	160
	161	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
	162	}
	163
	164	async function rejectRegistration (req: express.Request, res: express.Response) {
	165	const registration = res.locals.userRegistration
	166
	167	registration.state = UserRegistrationState.REJECTED
	168	registration.moderationResponse = req.body.moderationResponse
	169
	170	await registration.save()
	171
	172	Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
	173
	174	logger.info('Registration of %s rejected', registration.username)
	175
	176	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
	177	}
	178
	179	// ---------------------------------------------------------------------------
	180
	181	async function deleteRegistration (req: express.Request, res: express.Response) {
	182	const registration = res.locals.userRegistration
	183
	184	await registration.destroy()
	185
	186	logger.info('Registration of %s deleted', registration.username)
	187
	188	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
	189	}
	190
	191	// ---------------------------------------------------------------------------
	192
	193	async function listRegistrations (req: express.Request, res: express.Response) {
	194	const resultList = await UserRegistrationModel.listForApi({
	195	start: req.query.start,
	196	count: req.query.count,
	197	sort: req.query.sort,
	198	search: req.query.search
	199	})
	200
	201	return res.json({
	202	total: resultList.total,
	203	data: resultList.data.map(d => d.toFormattedJSON())
	204	})
	205	}
	206
	207	// ---------------------------------------------------------------------------
	208
	209	async function registerUser (req: express.Request, res: express.Response) {
	210	const body: UserRegister = req.body
	211
	212	const userToCreate = buildUser({
	213	...pick(body, [ 'username', 'password', 'email' ]),
	214
	215	emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
	216	})
	217
	218	const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
	219	userToCreate,
	220	userDisplayName: body.displayName \|\| undefined,
	221	channelNames: body.channel
	222	})
	223
	224	auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
	225	logger.info('User %s with its channel and account registered.', body.username)
	226
	227	if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
	228	await sendVerifyUserEmail(user)
	229	}
	230
	231	Notifier.Instance.notifyOnNewDirectRegistration(user)
	232
	233	Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res })
	234
	235	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
	236	}