aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/users.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r--server/middlewares/validators/users.ts198
1 files changed, 85 insertions, 113 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 6b845f62b..ac7435b7d 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,22 +1,19 @@
1import { body, param } from 'express-validator/check'
2import 'express-validator'
3import * as express from 'express' 1import * as express from 'express'
4import * as Promise from 'bluebird' 2import 'express-validator'
5import * as validator from 'validator' 3import { body, param } from 'express-validator/check'
6
7import { database as db } from '../../initializers/database'
8import { checkErrors } from './utils'
9import { 4import {
5 isIdOrUUIDValid,
10 isSignupAllowed, 6 isSignupAllowed,
11 logger, 7 isUserDisplayNSFWValid,
12 isUserUsernameValid,
13 isUserPasswordValid, 8 isUserPasswordValid,
9 isUserRoleValid,
10 isUserUsernameValid,
14 isUserVideoQuotaValid, 11 isUserVideoQuotaValid,
15 isUserDisplayNSFWValid, 12 logger
16 isIdOrUUIDValid,
17 isUserRoleValid
18} from '../../helpers' 13} from '../../helpers'
19import { UserInstance, VideoInstance } from '../../models' 14import { isVideoExist } from '../../helpers/custom-validators/videos'
15import { database as db } from '../../initializers/database'
16import { areValidationErrors } from './utils'
20 17
21const usersAddValidator = [ 18const usersAddValidator = [
22 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), 19 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -25,12 +22,13 @@ const usersAddValidator = [
25 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 22 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
26 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), 23 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
27 24
28 (req: express.Request, res: express.Response, next: express.NextFunction) => { 25 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
29 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 26 logger.debug('Checking usersAdd parameters', { parameters: req.body })
30 27
31 checkErrors(req, res, () => { 28 if (areValidationErrors(req, res)) return
32 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) 29 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
33 }) 30
31 return next()
34 } 32 }
35] 33]
36 34
@@ -39,37 +37,33 @@ const usersRegisterValidator = [
39 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), 37 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
40 body('email').isEmail().withMessage('Should have a valid email'), 38 body('email').isEmail().withMessage('Should have a valid email'),
41 39
42 (req: express.Request, res: express.Response, next: express.NextFunction) => { 40 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
43 logger.debug('Checking usersRegister parameters', { parameters: req.body }) 41 logger.debug('Checking usersRegister parameters', { parameters: req.body })
44 42
45 checkErrors(req, res, () => { 43 if (areValidationErrors(req, res)) return
46 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) 44 if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
47 }) 45
46 return next()
48 } 47 }
49] 48]
50 49
51const usersRemoveValidator = [ 50const usersRemoveValidator = [
52 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), 51 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
53 52
54 (req: express.Request, res: express.Response, next: express.NextFunction) => { 53 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
55 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 54 logger.debug('Checking usersRemove parameters', { parameters: req.params })
56 55
57 checkErrors(req, res, () => { 56 if (areValidationErrors(req, res)) return
58 checkUserExists(req.params.id, res, (err, user) => { 57 if (!await checkUserIdExist(req.params.id, res)) return
59 if (err) { 58
60 logger.error('Error in usersRemoveValidator.', err) 59 const user = res.locals.user
61 return res.sendStatus(500) 60 if (user.username === 'root') {
62 } 61 return res.status(400)
63 62 .send({ error: 'Cannot remove the root user' })
64 if (user.username === 'root') { 63 .end()
65 return res.status(400) 64 }
66 .send({ error: 'Cannot remove the root user' }) 65
67 .end() 66 return next()
68 }
69
70 return next()
71 })
72 })
73 } 67 }
74] 68]
75 69
@@ -79,12 +73,13 @@ const usersUpdateValidator = [
79 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 73 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
80 body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), 74 body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
81 75
82 (req: express.Request, res: express.Response, next: express.NextFunction) => { 76 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
83 logger.debug('Checking usersUpdate parameters', { parameters: req.body }) 77 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
84 78
85 checkErrors(req, res, () => { 79 if (areValidationErrors(req, res)) return
86 checkUserExists(req.params.id, res, next) 80 if (!await checkUserIdExist(req.params.id, res)) return
87 }) 81
82 return next()
88 } 83 }
89] 84]
90 85
@@ -97,64 +92,48 @@ const usersUpdateMeValidator = [
97 // TODO: Add old password verification 92 // TODO: Add old password verification
98 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) 93 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
99 94
100 checkErrors(req, res, next) 95 if (areValidationErrors(req, res)) return
96
97 return next()
101 } 98 }
102] 99]
103 100
104const usersGetValidator = [ 101const usersGetValidator = [
105 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), 102 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
106 103
107 (req: express.Request, res: express.Response, next: express.NextFunction) => { 104 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
108 checkErrors(req, res, () => { 105 logger.debug('Checking usersGet parameters', { parameters: req.body })
109 checkUserExists(req.params.id, res, next) 106
110 }) 107 if (areValidationErrors(req, res)) return
108 if (!await checkUserIdExist(req.params.id, res)) return
109
110 return next()
111 } 111 }
112] 112]
113 113
114const usersVideoRatingValidator = [ 114const usersVideoRatingValidator = [
115 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 115 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
116 116
117 (req: express.Request, res: express.Response, next: express.NextFunction) => { 117 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
118 logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) 118 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
119 119
120 checkErrors(req, res, () => { 120 if (areValidationErrors(req, res)) return
121 let videoPromise: Promise<VideoInstance> 121 if (!await isVideoExist(req.params.videoId, res)) return
122 122
123 if (validator.isUUID(req.params.videoId)) { 123 return next()
124 videoPromise = db.Video.loadByUUID(req.params.videoId)
125 } else {
126 videoPromise = db.Video.load(req.params.videoId)
127 }
128
129 videoPromise
130 .then(video => {
131 if (!video) {
132 return res.status(404)
133 .json({ error: 'Video not found' })
134 .end()
135 }
136
137 return next()
138 })
139 .catch(err => {
140 logger.error('Error in user request validator.', err)
141 return res.sendStatus(500)
142 })
143 })
144 } 124 }
145] 125]
146 126
147const ensureUserRegistrationAllowed = [ 127const ensureUserRegistrationAllowed = [
148 (req: express.Request, res: express.Response, next: express.NextFunction) => { 128 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
149 isSignupAllowed().then(allowed => { 129 const allowed = await isSignupAllowed()
150 if (allowed === false) { 130 if (allowed === false) {
151 return res.status(403) 131 return res.status(403)
152 .send({ error: 'User registration is not enabled or user limit is reached.' }) 132 .send({ error: 'User registration is not enabled or user limit is reached.' })
153 .end() 133 .end()
154 } 134 }
155 135
156 return next() 136 return next()
157 })
158 } 137 }
159] 138]
160 139
@@ -173,37 +152,30 @@ export {
173 152
174// --------------------------------------------------------------------------- 153// ---------------------------------------------------------------------------
175 154
176function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { 155async function checkUserIdExist (id: number, res: express.Response) {
177 db.User.loadById(id) 156 const user = await db.User.loadById(id)
178 .then(user => { 157
179 if (!user) { 158 if (!user) {
180 return res.status(404) 159 res.status(404)
181 .send({ error: 'User not found' }) 160 .send({ error: 'User not found' })
182 .end() 161 .end()
183 } 162
184 163 return false
185 res.locals.user = user 164 }
186 return callback(null, user) 165
187 }) 166 res.locals.user = user
188 .catch(err => { 167 return true
189 logger.error('Error in user request validator.', err)
190 return res.sendStatus(500)
191 })
192} 168}
193 169
194function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { 170async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
195 db.User.loadByUsernameOrEmail(username, email) 171 const user = await db.User.loadByUsernameOrEmail(username, email)
196 .then(user => { 172
197 if (user) { 173 if (user) {
198 return res.status(409) 174 res.status(409)
199 .send({ error: 'User with this username of email already exists.' }) 175 .send({ error: 'User with this username of email already exists.' })
200 .end() 176 .end()
201 } 177 return false
202 178 }
203 return callback() 179
204 }) 180 return true
205 .catch(err => {
206 logger.error('Error in usersAdd request validator.', err)
207 return res.sendStatus(500)
208 })
209} 181}