aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/users.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r--server/middlewares/validators/users.ts219
1 files changed, 122 insertions, 97 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 15c07c693..ab9d0938c 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,3 +1,4 @@
1import { body, param } from 'express-validator/check'
1import 'express-validator' 2import 'express-validator'
2import * as express from 'express' 3import * as express from 'express'
3import * as Promise from 'bluebird' 4import * as Promise from 'bluebird'
@@ -5,130 +6,154 @@ import * as validator from 'validator'
5 6
6import { database as db } from '../../initializers/database' 7import { database as db } from '../../initializers/database'
7import { checkErrors } from './utils' 8import { checkErrors } from './utils'
8import { isSignupAllowed, logger } from '../../helpers' 9import {
10 isSignupAllowed,
11 logger,
12 isUserUsernameValid,
13 isUserPasswordValid,
14 isUserVideoQuotaValid,
15 isUserDisplayNSFWValid,
16 isVideoIdOrUUIDValid
17} from '../../helpers'
9import { UserInstance, VideoInstance } from '../../models' 18import { UserInstance, VideoInstance } from '../../models'
10 19
11function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 20const usersAddValidator = [
12 req.checkBody('username', 'Should have a valid username').isUserUsernameValid() 21 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
13 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 22 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
14 req.checkBody('email', 'Should have a valid email').isEmail() 23 body('email').isEmail().withMessage('Should have a valid email'),
15 req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid() 24 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
16 25
17 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 26 (req: express.Request, res: express.Response, next: express.NextFunction) => {
27 logger.debug('Checking usersAdd parameters', { parameters: req.body })
18 28
19 checkErrors(req, res, () => { 29 checkErrors(req, res, () => {
20 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) 30 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
21 }) 31 })
22} 32 }
33]
23 34
24function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 35const usersRegisterValidator = [
25 req.checkBody('username', 'Should have a valid username').isUserUsernameValid() 36 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
26 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 37 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
27 req.checkBody('email', 'Should have a valid email').isEmail() 38 body('email').isEmail().withMessage('Should have a valid email'),
28 39
29 logger.debug('Checking usersRegister parameters', { parameters: req.body }) 40 (req: express.Request, res: express.Response, next: express.NextFunction) => {
41 logger.debug('Checking usersRegister parameters', { parameters: req.body })
30 42
31 checkErrors(req, res, () => { 43 checkErrors(req, res, () => {
32 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) 44 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
33 }) 45 })
34} 46 }
47]
35 48
36function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 49const usersRemoveValidator = [
37 req.checkParams('id', 'Should have a valid id').notEmpty().isInt() 50 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
38 51
39 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 52 (req: express.Request, res: express.Response, next: express.NextFunction) => {
53 logger.debug('Checking usersRemove parameters', { parameters: req.params })
40 54
41 checkErrors(req, res, () => { 55 checkErrors(req, res, () => {
42 checkUserExists(req.params.id, res, (err, user) => { 56 checkUserExists(req.params.id, res, (err, user) => {
43 if (err) { 57 if (err) {
44 logger.error('Error in usersRemoveValidator.', err) 58 logger.error('Error in usersRemoveValidator.', err)
45 return res.sendStatus(500) 59 return res.sendStatus(500)
46 } 60 }
47 61
48 if (user.username === 'root') { 62 if (user.username === 'root') {
49 return res.status(400) 63 return res.status(400)
50 .send({ error: 'Cannot remove the root user' }) 64 .send({ error: 'Cannot remove the root user' })
51 .end() 65 .end()
52 } 66 }
53 67
54 return next() 68 return next()
69 })
55 }) 70 })
56 }) 71 }
57} 72]
58 73
59function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 74const usersUpdateValidator = [
60 req.checkParams('id', 'Should have a valid id').notEmpty().isInt() 75 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
61 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() 76 body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
62 req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid() 77 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
63 78
64 logger.debug('Checking usersUpdate parameters', { parameters: req.body }) 79 (req: express.Request, res: express.Response, next: express.NextFunction) => {
80 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
65 81
66 checkErrors(req, res, () => { 82 checkErrors(req, res, () => {
67 checkUserExists(req.params.id, res, next) 83 checkUserExists(req.params.id, res, next)
68 }) 84 })
69} 85 }
86]
70 87
71function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 88const usersUpdateMeValidator = [
72 // Add old password verification 89 body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
73 req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() 90 body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
74 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() 91 body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
75 req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
76 92
77 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) 93 (req: express.Request, res: express.Response, next: express.NextFunction) => {
94 // TODO: Add old password verification
95 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
78 96
79 checkErrors(req, res, next) 97 checkErrors(req, res, next)
80} 98 }
99]
81 100
82function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 101const usersGetValidator = [
83 req.checkParams('id', 'Should have a valid id').notEmpty().isInt() 102 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
84 103
85 checkErrors(req, res, () => { 104 (req: express.Request, res: express.Response, next: express.NextFunction) => {
86 checkUserExists(req.params.id, res, next) 105 checkErrors(req, res, () => {
87 }) 106 checkUserExists(req.params.id, res, next)
88} 107 })
89 108 }
90function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 109]
91 req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
92
93 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
94 110
95 checkErrors(req, res, () => { 111const usersVideoRatingValidator = [
96 let videoPromise: Promise<VideoInstance> 112 param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
97 113
98 if (validator.isUUID(req.params.videoId)) { 114 (req: express.Request, res: express.Response, next: express.NextFunction) => {
99 videoPromise = db.Video.loadByUUID(req.params.videoId) 115 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
100 } else {
101 videoPromise = db.Video.load(req.params.videoId)
102 }
103 116
104 videoPromise 117 checkErrors(req, res, () => {
105 .then(video => { 118 let videoPromise: Promise<VideoInstance>
106 if (!video) {
107 return res.status(404)
108 .json({ error: 'Video not found' })
109 .end()
110 }
111 119
112 return next() 120 if (validator.isUUID(req.params.videoId)) {
113 }) 121 videoPromise = db.Video.loadByUUID(req.params.videoId)
114 .catch(err => { 122 } else {
115 logger.error('Error in user request validator.', err) 123 videoPromise = db.Video.load(req.params.videoId)
116 return res.sendStatus(500) 124 }
117 })
118 })
119}
120 125
121function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { 126 videoPromise
122 isSignupAllowed().then(allowed => { 127 .then(video => {
123 if (allowed === false) { 128 if (!video) {
124 return res.status(403) 129 return res.status(404)
125 .send({ error: 'User registration is not enabled or user limit is reached.' }) 130 .json({ error: 'Video not found' })
126 .end() 131 .end()
127 } 132 }
133
134 return next()
135 })
136 .catch(err => {
137 logger.error('Error in user request validator.', err)
138 return res.sendStatus(500)
139 })
140 })
141 }
142]
143
144const ensureUserRegistrationAllowed = [
145 (req: express.Request, res: express.Response, next: express.NextFunction) => {
146 isSignupAllowed().then(allowed => {
147 if (allowed === false) {
148 return res.status(403)
149 .send({ error: 'User registration is not enabled or user limit is reached.' })
150 .end()
151 }
128 152
129 return next() 153 return next()
130 }) 154 })
131} 155 }
156]
132 157
133// --------------------------------------------------------------------------- 158// ---------------------------------------------------------------------------
134 159