1 files changed, 122 insertions, 97 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 15c07c693..ab9d0938c 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,3 +1,4 @@
+import { body, param } from 'express-validator/check'
 import 'express-validator'
 import * as express from 'express'
 import * as Promise from 'bluebird'
@@ -5,130 +6,154 @@ import * as validator from 'validator'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
-import { isSignupAllowed, logger } from '../../helpers'
+import {
+  isSignupAllowed,
+  logger,
+  isUserUsernameValid,
+  isUserPasswordValid,
+  isUserVideoQuotaValid,
+  isUserDisplayNSFWValid,
+  isVideoIdOrUUIDValid
+} from '../../helpers'
 import { UserInstance, VideoInstance } from '../../models'
-function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersAddValidator = [
-  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
-  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('email', 'Should have a valid email').isEmail()
+  body('email').isEmail().withMessage('Should have a valid email'),
-  req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid()
+  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
-  logger.debug('Checking usersAdd parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersAdd parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
-  })
+    })
-}
+  }
+]
-function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersRegisterValidator = [
-  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
-  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('email', 'Should have a valid email').isEmail()
+  body('email').isEmail().withMessage('Should have a valid email'),
-  logger.debug('Checking usersRegister parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRegister parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
-  })
+    })
-}
+  }
+]
-function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersRemoveValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  logger.debug('Checking usersRemove parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRemove parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserExists(req.params.id, res, (err, user) => {
+      checkUserExists(req.params.id, res, (err, user) => {
-      if (err) {
+        if (err) {
-        logger.error('Error in usersRemoveValidator.', err)
+          logger.error('Error in usersRemoveValidator.', err)
-        return res.sendStatus(500)
+          return res.sendStatus(500)
-      }
+        }
-      if (user.username === 'root') {
+        if (user.username === 'root') {
-        return res.status(400)
+          return res.status(400)
-                  .send({ error: 'Cannot remove the root user' })
+                    .send({ error: 'Cannot remove the root user' })
-                  .end()
+                    .end()
-      }
+        }
-      return next()
+        return next()
+      })
    })
-  })
+  }
-}
+]
-function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersUpdateValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
+  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
-  req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
+  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
-  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersUpdate parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserExists(req.params.id, res, next)
+      checkUserExists(req.params.id, res, next)
-  })
+    })
-}
+  }
+]
-function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersUpdateMeValidator = [
-  // Add old password verification
+  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
+  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
-  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
+  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
-  req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
-  logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    // TODO: Add old password verification
+    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
-function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersGetValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  checkErrors(req, res, () => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    checkUserExists(req.params.id, res, next)
+    checkErrors(req, res, () => {
-  })
+      checkUserExists(req.params.id, res, next)
-}
+    })
+  }
-function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+]
-  req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
-  logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+const usersVideoRatingValidator = [
-    let videoPromise: Promise<VideoInstance>
+  param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
-    if (validator.isUUID(req.params.videoId)) {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-      videoPromise = db.Video.loadByUUID(req.params.videoId)
+    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
-    } else {
-      videoPromise = db.Video.load(req.params.videoId)
-    }
-    videoPromise
+    checkErrors(req, res, () => {
-      .then(video => {
+      let videoPromise: Promise<VideoInstance>
-        if (!video) {
-          return res.status(404)
-                    .json({ error: 'Video not found' })
-                    .end()
-        }
-        return next()
+      if (validator.isUUID(req.params.videoId)) {
-      })
+        videoPromise = db.Video.loadByUUID(req.params.videoId)
-      .catch(err => {
+      } else {
-        logger.error('Error in user request validator.', err)
+        videoPromise = db.Video.load(req.params.videoId)
-        return res.sendStatus(500)
+      }
-      })
-  })
-}
-function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
+      videoPromise
-  isSignupAllowed().then(allowed => {
+        .then(video => {
-    if (allowed === false) {
+          if (!video) {
-      return res.status(403)
+            return res.status(404)
-                .send({ error: 'User registration is not enabled or user limit is reached.' })
+                      .json({ error: 'Video not found' })
-                .end()
+                      .end()
-    }
+          }
+          return next()
+        })
+        .catch(err => {
+          logger.error('Error in user request validator.', err)
+          return res.sendStatus(500)
+        })
+    })
+  }
+]
+const ensureUserRegistrationAllowed = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    isSignupAllowed().then(allowed => {
+      if (allowed === false) {
+        return res.status(403)
+                  .send({ error: 'User registration is not enabled or user limit is reached.' })
+                  .end()
+      }
-    return next()
+      return next()
-  })
+    })
-}
+  }
+]
 // ---------------------------------------------------------------------------

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 15c07c693..ab9d0938c 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -1,3 +1,4 @@
		1	import { body, param } from 'express-validator/check'
1	import 'express-validator'	2	import 'express-validator'
2	import * as express from 'express'	3	import * as express from 'express'
3	import * as Promise from 'bluebird'	4	import * as Promise from 'bluebird'
@@ -5,130 +6,154 @@ import * as validator from 'validator'
5		6
6	import { database as db } from '../../initializers/database'	7	import { database as db } from '../../initializers/database'
7	import { checkErrors } from './utils'	8	import { checkErrors } from './utils'
8	import { isSignupAllowed, logger } from '../../helpers'	9	import {
		10	isSignupAllowed,
		11	logger,
		12	isUserUsernameValid,
		13	isUserPasswordValid,
		14	isUserVideoQuotaValid,
		15	isUserDisplayNSFWValid,
		16	isVideoIdOrUUIDValid
		17	} from '../../helpers'
9	import { UserInstance, VideoInstance } from '../../models'	18	import { UserInstance, VideoInstance } from '../../models'
10		19
11	function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	20	const usersAddValidator = [
12	req.checkBody('username', 'Should have a valid username').isUserUsernameValid()	21	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
13	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()	22	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
14	req.checkBody('email', 'Should have a valid email').isEmail()	23	body('email').isEmail().withMessage('Should have a valid email'),
15	req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid()	24	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
16		25
17	logger.debug('Checking usersAdd parameters', { parameters: req.body })	26	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		27	logger.debug('Checking usersAdd parameters', { parameters: req.body })
18		28
19	checkErrors(req, res, () => {	29	checkErrors(req, res, () => {
20	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)	30	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
21	})	31	})
22	}	32	}
		33	]
23		34
24	function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	35	const usersRegisterValidator = [
25	req.checkBody('username', 'Should have a valid username').isUserUsernameValid()	36	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
26	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()	37	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
27	req.checkBody('email', 'Should have a valid email').isEmail()	38	body('email').isEmail().withMessage('Should have a valid email'),
28		39
29	logger.debug('Checking usersRegister parameters', { parameters: req.body })	40	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		41	logger.debug('Checking usersRegister parameters', { parameters: req.body })
30		42
31	checkErrors(req, res, () => {	43	checkErrors(req, res, () => {
32	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)	44	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
33	})	45	})
34	}	46	}
		47	]
35		48
36	function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	49	const usersRemoveValidator = [
37	req.checkParams('id', 'Should have a valid id').notEmpty().isInt()	50	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
38		51
39	logger.debug('Checking usersRemove parameters', { parameters: req.params })	52	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		53	logger.debug('Checking usersRemove parameters', { parameters: req.params })
40		54
41	checkErrors(req, res, () => {	55	checkErrors(req, res, () => {
42	checkUserExists(req.params.id, res, (err, user) => {	56	checkUserExists(req.params.id, res, (err, user) => {
43	if (err) {	57	if (err) {
44	logger.error('Error in usersRemoveValidator.', err)	58	logger.error('Error in usersRemoveValidator.', err)
45	return res.sendStatus(500)	59	return res.sendStatus(500)
46	}	60	}
47		61
48	if (user.username === 'root') {	62	if (user.username === 'root') {
49	return res.status(400)	63	return res.status(400)
50	.send({ error: 'Cannot remove the root user' })	64	.send({ error: 'Cannot remove the root user' })
51	.end()	65	.end()
52	}	66	}
53		67
54	return next()	68	return next()
		69	})
55	})	70	})
56	})	71	}
57	}	72	]
58		73
59	function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	74	const usersUpdateValidator = [
60	req.checkParams('id', 'Should have a valid id').notEmpty().isInt()	75	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
61	req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()	76	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
62	req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()	77	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
63		78
64	logger.debug('Checking usersUpdate parameters', { parameters: req.body })	79	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		80	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
65		81
66	checkErrors(req, res, () => {	82	checkErrors(req, res, () => {
67	checkUserExists(req.params.id, res, next)	83	checkUserExists(req.params.id, res, next)
68	})	84	})
69	}	85	}
		86	]
70		87
71	function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	88	const usersUpdateMeValidator = [
72	// Add old password verification	89	body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
73	req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()	90	body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
74	req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()	91	body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
75	req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
76		92
77	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })	93	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		94	// TODO: Add old password verification
		95	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
78		96
79	checkErrors(req, res, next)	97	checkErrors(req, res, next)
80	}	98	}
		99	]
81		100
82	function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	101	const usersGetValidator = [
83	req.checkParams('id', 'Should have a valid id').notEmpty().isInt()	102	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
84		103
85	checkErrors(req, res, () => {	104	(req: express.Request, res: express.Response, next: express.NextFunction) => {
86	checkUserExists(req.params.id, res, next)	105	checkErrors(req, res, () => {
87	})	106	checkUserExists(req.params.id, res, next)
88	}	107	})
89		108	}
90	function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {	109	]
91	req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
92
93	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
94		110
95	checkErrors(req, res, () => {	111	const usersVideoRatingValidator = [
96	let videoPromise: Promise<VideoInstance>	112	param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
97		113
98	if (validator.isUUID(req.params.videoId)) {	114	(req: express.Request, res: express.Response, next: express.NextFunction) => {
99	videoPromise = db.Video.loadByUUID(req.params.videoId)	115	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
100	} else {
101	videoPromise = db.Video.load(req.params.videoId)
102	}
103		116
104	videoPromise	117	checkErrors(req, res, () => {
105	.then(video => {	118	let videoPromise: Promise<VideoInstance>
106	if (!video) {
107	return res.status(404)
108	.json({ error: 'Video not found' })
109	.end()
110	}
111		119
112	return next()	120	if (validator.isUUID(req.params.videoId)) {
113	})	121	videoPromise = db.Video.loadByUUID(req.params.videoId)
114	.catch(err => {	122	} else {
115	logger.error('Error in user request validator.', err)	123	videoPromise = db.Video.load(req.params.videoId)
116	return res.sendStatus(500)	124	}
117	})
118	})
119	}
120		125
121	function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {	126	videoPromise
122	isSignupAllowed().then(allowed => {	127	.then(video => {
123	if (allowed === false) {	128	if (!video) {
124	return res.status(403)	129	return res.status(404)
125	.send({ error: 'User registration is not enabled or user limit is reached.' })	130	.json({ error: 'Video not found' })
126	.end()	131	.end()
127	}	132	}
		133
		134	return next()
		135	})
		136	.catch(err => {
		137	logger.error('Error in user request validator.', err)
		138	return res.sendStatus(500)
		139	})
		140	})
		141	}
		142	]
		143
		144	const ensureUserRegistrationAllowed = [
		145	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		146	isSignupAllowed().then(allowed => {
		147	if (allowed === false) {
		148	return res.status(403)
		149	.send({ error: 'User registration is not enabled or user limit is reached.' })
		150	.end()
		151	}
128		152
129	return next()	153	return next()
130	})	154	})
131	}	155	}
		156	]
132		157
133	// ---------------------------------------------------------------------------	158	// ---------------------------------------------------------------------------
134		159