diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 198 |
1 files changed, 85 insertions, 113 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 6b845f62b..ac7435b7d 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -1,22 +1,19 @@ | |||
1 | import { body, param } from 'express-validator/check' | ||
2 | import 'express-validator' | ||
3 | import * as express from 'express' | 1 | import * as express from 'express' |
4 | import * as Promise from 'bluebird' | 2 | import 'express-validator' |
5 | import * as validator from 'validator' | 3 | import { body, param } from 'express-validator/check' |
6 | |||
7 | import { database as db } from '../../initializers/database' | ||
8 | import { checkErrors } from './utils' | ||
9 | import { | 4 | import { |
5 | isIdOrUUIDValid, | ||
10 | isSignupAllowed, | 6 | isSignupAllowed, |
11 | logger, | 7 | isUserDisplayNSFWValid, |
12 | isUserUsernameValid, | ||
13 | isUserPasswordValid, | 8 | isUserPasswordValid, |
9 | isUserRoleValid, | ||
10 | isUserUsernameValid, | ||
14 | isUserVideoQuotaValid, | 11 | isUserVideoQuotaValid, |
15 | isUserDisplayNSFWValid, | 12 | logger |
16 | isIdOrUUIDValid, | ||
17 | isUserRoleValid | ||
18 | } from '../../helpers' | 13 | } from '../../helpers' |
19 | import { UserInstance, VideoInstance } from '../../models' | 14 | import { isVideoExist } from '../../helpers/custom-validators/videos' |
15 | import { database as db } from '../../initializers/database' | ||
16 | import { areValidationErrors } from './utils' | ||
20 | 17 | ||
21 | const usersAddValidator = [ | 18 | const usersAddValidator = [ |
22 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), | 19 | body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), |
@@ -25,12 +22,13 @@ const usersAddValidator = [ | |||
25 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 22 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
26 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | 23 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), |
27 | 24 | ||
28 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 25 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
29 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 26 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
30 | 27 | ||
31 | checkErrors(req, res, () => { | 28 | if (areValidationErrors(req, res)) return |
32 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | 29 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return |
33 | }) | 30 | |
31 | return next() | ||
34 | } | 32 | } |
35 | ] | 33 | ] |
36 | 34 | ||
@@ -39,37 +37,33 @@ const usersRegisterValidator = [ | |||
39 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | 37 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
40 | body('email').isEmail().withMessage('Should have a valid email'), | 38 | body('email').isEmail().withMessage('Should have a valid email'), |
41 | 39 | ||
42 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 40 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
43 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) | 41 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) |
44 | 42 | ||
45 | checkErrors(req, res, () => { | 43 | if (areValidationErrors(req, res)) return |
46 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | 44 | if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return |
47 | }) | 45 | |
46 | return next() | ||
48 | } | 47 | } |
49 | ] | 48 | ] |
50 | 49 | ||
51 | const usersRemoveValidator = [ | 50 | const usersRemoveValidator = [ |
52 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 51 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
53 | 52 | ||
54 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 53 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
55 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | 54 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) |
56 | 55 | ||
57 | checkErrors(req, res, () => { | 56 | if (areValidationErrors(req, res)) return |
58 | checkUserExists(req.params.id, res, (err, user) => { | 57 | if (!await checkUserIdExist(req.params.id, res)) return |
59 | if (err) { | 58 | |
60 | logger.error('Error in usersRemoveValidator.', err) | 59 | const user = res.locals.user |
61 | return res.sendStatus(500) | 60 | if (user.username === 'root') { |
62 | } | 61 | return res.status(400) |
63 | 62 | .send({ error: 'Cannot remove the root user' }) | |
64 | if (user.username === 'root') { | 63 | .end() |
65 | return res.status(400) | 64 | } |
66 | .send({ error: 'Cannot remove the root user' }) | 65 | |
67 | .end() | 66 | return next() |
68 | } | ||
69 | |||
70 | return next() | ||
71 | }) | ||
72 | }) | ||
73 | } | 67 | } |
74 | ] | 68 | ] |
75 | 69 | ||
@@ -79,12 +73,13 @@ const usersUpdateValidator = [ | |||
79 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 73 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
80 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | 74 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), |
81 | 75 | ||
82 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 76 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
83 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 77 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) |
84 | 78 | ||
85 | checkErrors(req, res, () => { | 79 | if (areValidationErrors(req, res)) return |
86 | checkUserExists(req.params.id, res, next) | 80 | if (!await checkUserIdExist(req.params.id, res)) return |
87 | }) | 81 | |
82 | return next() | ||
88 | } | 83 | } |
89 | ] | 84 | ] |
90 | 85 | ||
@@ -97,64 +92,48 @@ const usersUpdateMeValidator = [ | |||
97 | // TODO: Add old password verification | 92 | // TODO: Add old password verification |
98 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) | 93 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) |
99 | 94 | ||
100 | checkErrors(req, res, next) | 95 | if (areValidationErrors(req, res)) return |
96 | |||
97 | return next() | ||
101 | } | 98 | } |
102 | ] | 99 | ] |
103 | 100 | ||
104 | const usersGetValidator = [ | 101 | const usersGetValidator = [ |
105 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 102 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
106 | 103 | ||
107 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 104 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
108 | checkErrors(req, res, () => { | 105 | logger.debug('Checking usersGet parameters', { parameters: req.body }) |
109 | checkUserExists(req.params.id, res, next) | 106 | |
110 | }) | 107 | if (areValidationErrors(req, res)) return |
108 | if (!await checkUserIdExist(req.params.id, res)) return | ||
109 | |||
110 | return next() | ||
111 | } | 111 | } |
112 | ] | 112 | ] |
113 | 113 | ||
114 | const usersVideoRatingValidator = [ | 114 | const usersVideoRatingValidator = [ |
115 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 115 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), |
116 | 116 | ||
117 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 117 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
118 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) | 118 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) |
119 | 119 | ||
120 | checkErrors(req, res, () => { | 120 | if (areValidationErrors(req, res)) return |
121 | let videoPromise: Promise<VideoInstance> | 121 | if (!await isVideoExist(req.params.videoId, res)) return |
122 | 122 | ||
123 | if (validator.isUUID(req.params.videoId)) { | 123 | return next() |
124 | videoPromise = db.Video.loadByUUID(req.params.videoId) | ||
125 | } else { | ||
126 | videoPromise = db.Video.load(req.params.videoId) | ||
127 | } | ||
128 | |||
129 | videoPromise | ||
130 | .then(video => { | ||
131 | if (!video) { | ||
132 | return res.status(404) | ||
133 | .json({ error: 'Video not found' }) | ||
134 | .end() | ||
135 | } | ||
136 | |||
137 | return next() | ||
138 | }) | ||
139 | .catch(err => { | ||
140 | logger.error('Error in user request validator.', err) | ||
141 | return res.sendStatus(500) | ||
142 | }) | ||
143 | }) | ||
144 | } | 124 | } |
145 | ] | 125 | ] |
146 | 126 | ||
147 | const ensureUserRegistrationAllowed = [ | 127 | const ensureUserRegistrationAllowed = [ |
148 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 128 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
149 | isSignupAllowed().then(allowed => { | 129 | const allowed = await isSignupAllowed() |
150 | if (allowed === false) { | 130 | if (allowed === false) { |
151 | return res.status(403) | 131 | return res.status(403) |
152 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | 132 | .send({ error: 'User registration is not enabled or user limit is reached.' }) |
153 | .end() | 133 | .end() |
154 | } | 134 | } |
155 | 135 | ||
156 | return next() | 136 | return next() |
157 | }) | ||
158 | } | 137 | } |
159 | ] | 138 | ] |
160 | 139 | ||
@@ -173,37 +152,30 @@ export { | |||
173 | 152 | ||
174 | // --------------------------------------------------------------------------- | 153 | // --------------------------------------------------------------------------- |
175 | 154 | ||
176 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { | 155 | async function checkUserIdExist (id: number, res: express.Response) { |
177 | db.User.loadById(id) | 156 | const user = await db.User.loadById(id) |
178 | .then(user => { | 157 | |
179 | if (!user) { | 158 | if (!user) { |
180 | return res.status(404) | 159 | res.status(404) |
181 | .send({ error: 'User not found' }) | 160 | .send({ error: 'User not found' }) |
182 | .end() | 161 | .end() |
183 | } | 162 | |
184 | 163 | return false | |
185 | res.locals.user = user | 164 | } |
186 | return callback(null, user) | 165 | |
187 | }) | 166 | res.locals.user = user |
188 | .catch(err => { | 167 | return true |
189 | logger.error('Error in user request validator.', err) | ||
190 | return res.sendStatus(500) | ||
191 | }) | ||
192 | } | 168 | } |
193 | 169 | ||
194 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { | 170 | async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) { |
195 | db.User.loadByUsernameOrEmail(username, email) | 171 | const user = await db.User.loadByUsernameOrEmail(username, email) |
196 | .then(user => { | 172 | |
197 | if (user) { | 173 | if (user) { |
198 | return res.status(409) | 174 | res.status(409) |
199 | .send({ error: 'User with this username of email already exists.' }) | 175 | .send({ error: 'User with this username of email already exists.' }) |
200 | .end() | 176 | .end() |
201 | } | 177 | return false |
202 | 178 | } | |
203 | return callback() | 179 | |
204 | }) | 180 | return true |
205 | .catch(err => { | ||
206 | logger.error('Error in usersAdd request validator.', err) | ||
207 | return res.sendStatus(500) | ||
208 | }) | ||
209 | } | 181 | } |