diff options
Diffstat (limited to 'server/controllers/api/users')
-rw-r--r-- | server/controllers/api/users/index.ts | 35 | ||||
-rw-r--r-- | server/controllers/api/users/token.ts | 38 |
2 files changed, 42 insertions, 31 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index b30f42b43..c488f720b 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -26,12 +26,12 @@ import { | |||
26 | usersUpdateValidator | 26 | usersUpdateValidator |
27 | } from '../../../middlewares' | 27 | } from '../../../middlewares' |
28 | import { | 28 | import { |
29 | ensureCanManageUser, | ||
29 | usersAskResetPasswordValidator, | 30 | usersAskResetPasswordValidator, |
30 | usersAskSendVerifyEmailValidator, | 31 | usersAskSendVerifyEmailValidator, |
31 | usersBlockingValidator, | 32 | usersBlockingValidator, |
32 | usersResetPasswordValidator, | 33 | usersResetPasswordValidator, |
33 | usersVerifyEmailValidator, | 34 | usersVerifyEmailValidator |
34 | ensureCanManageUser | ||
35 | } from '../../../middlewares/validators' | 35 | } from '../../../middlewares/validators' |
36 | import { UserModel } from '../../../models/account/user' | 36 | import { UserModel } from '../../../models/account/user' |
37 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' | 37 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' |
@@ -49,15 +49,10 @@ import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' | |||
49 | import { UserRegister } from '../../../../shared/models/users/user-register.model' | 49 | import { UserRegister } from '../../../../shared/models/users/user-register.model' |
50 | import { MUser, MUserAccountDefault } from '@server/typings/models' | 50 | import { MUser, MUserAccountDefault } from '@server/typings/models' |
51 | import { Hooks } from '@server/lib/plugins/hooks' | 51 | import { Hooks } from '@server/lib/plugins/hooks' |
52 | import { handleIdAndPassLogin } from '@server/lib/auth' | 52 | import { tokensRouter } from '@server/controllers/api/users/token' |
53 | 53 | ||
54 | const auditLogger = auditLoggerFactory('users') | 54 | const auditLogger = auditLoggerFactory('users') |
55 | 55 | ||
56 | const loginRateLimiter = RateLimit({ | ||
57 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, | ||
58 | max: CONFIG.RATES_LIMIT.LOGIN.MAX | ||
59 | }) | ||
60 | |||
61 | // @ts-ignore | 56 | // @ts-ignore |
62 | const signupRateLimiter = RateLimit({ | 57 | const signupRateLimiter = RateLimit({ |
63 | windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, | 58 | windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, |
@@ -72,6 +67,7 @@ const askSendEmailLimiter = new RateLimit({ | |||
72 | }) | 67 | }) |
73 | 68 | ||
74 | const usersRouter = express.Router() | 69 | const usersRouter = express.Router() |
70 | usersRouter.use('/', tokensRouter) | ||
75 | usersRouter.use('/', myNotificationsRouter) | 71 | usersRouter.use('/', myNotificationsRouter) |
76 | usersRouter.use('/', mySubscriptionsRouter) | 72 | usersRouter.use('/', mySubscriptionsRouter) |
77 | usersRouter.use('/', myBlocklistRouter) | 73 | usersRouter.use('/', myBlocklistRouter) |
@@ -168,23 +164,6 @@ usersRouter.post('/:id/verify-email', | |||
168 | asyncMiddleware(verifyUserEmail) | 164 | asyncMiddleware(verifyUserEmail) |
169 | ) | 165 | ) |
170 | 166 | ||
171 | usersRouter.post('/token', | ||
172 | loginRateLimiter, | ||
173 | handleIdAndPassLogin, | ||
174 | tokenSuccess | ||
175 | ) | ||
176 | usersRouter.post('/token', | ||
177 | loginRateLimiter, | ||
178 | handleIdAndPassLogin, | ||
179 | tokenSuccess | ||
180 | ) | ||
181 | usersRouter.post('/revoke-token', | ||
182 | loginRateLimiter, | ||
183 | handleIdAndPassLogin, | ||
184 | tokenSuccess | ||
185 | ) | ||
186 | // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route | ||
187 | |||
188 | // --------------------------------------------------------------------------- | 167 | // --------------------------------------------------------------------------- |
189 | 168 | ||
190 | export { | 169 | export { |
@@ -391,12 +370,6 @@ async function verifyUserEmail (req: express.Request, res: express.Response) { | |||
391 | return res.status(204).end() | 370 | return res.status(204).end() |
392 | } | 371 | } |
393 | 372 | ||
394 | function tokenSuccess (req: express.Request) { | ||
395 | const username = req.body.username | ||
396 | |||
397 | Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) | ||
398 | } | ||
399 | |||
400 | async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { | 373 | async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { |
401 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | 374 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) |
402 | 375 | ||
diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts new file mode 100644 index 000000000..9694f9e5e --- /dev/null +++ b/server/controllers/api/users/token.ts | |||
@@ -0,0 +1,38 @@ | |||
1 | import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth' | ||
2 | import * as RateLimit from 'express-rate-limit' | ||
3 | import { CONFIG } from '@server/initializers/config' | ||
4 | import * as express from 'express' | ||
5 | import { Hooks } from '@server/lib/plugins/hooks' | ||
6 | import { asyncMiddleware, authenticate } from '@server/middlewares' | ||
7 | |||
8 | const tokensRouter = express.Router() | ||
9 | |||
10 | const loginRateLimiter = RateLimit({ | ||
11 | windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, | ||
12 | max: CONFIG.RATES_LIMIT.LOGIN.MAX | ||
13 | }) | ||
14 | |||
15 | tokensRouter.post('/token', | ||
16 | loginRateLimiter, | ||
17 | handleIdAndPassLogin, | ||
18 | tokenSuccess | ||
19 | ) | ||
20 | |||
21 | tokensRouter.post('/revoke-token', | ||
22 | authenticate, | ||
23 | asyncMiddleware(handleTokenRevocation), | ||
24 | tokenSuccess | ||
25 | ) | ||
26 | |||
27 | // --------------------------------------------------------------------------- | ||
28 | |||
29 | export { | ||
30 | tokensRouter | ||
31 | } | ||
32 | // --------------------------------------------------------------------------- | ||
33 | |||
34 | function tokenSuccess (req: express.Request) { | ||
35 | const username = req.body.username | ||
36 | |||
37 | Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) | ||
38 | } | ||