diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 61 |
1 files changed, 38 insertions, 23 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index ebb343535..aec6324bf 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -6,7 +6,7 @@ import * as validator from 'validator' | |||
6 | import { database as db } from '../../initializers/database' | 6 | import { database as db } from '../../initializers/database' |
7 | import { checkErrors } from './utils' | 7 | import { checkErrors } from './utils' |
8 | import { isSignupAllowed, logger } from '../../helpers' | 8 | import { isSignupAllowed, logger } from '../../helpers' |
9 | import { VideoInstance } from '../../models' | 9 | import { UserInstance, VideoInstance } from '../../models' |
10 | 10 | ||
11 | function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 11 | function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
12 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() | 12 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() |
@@ -17,16 +17,19 @@ function usersAddValidator (req: express.Request, res: express.Response, next: e | |||
17 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 17 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
18 | 18 | ||
19 | checkErrors(req, res, () => { | 19 | checkErrors(req, res, () => { |
20 | db.User.loadByUsernameOrEmail(req.body.username, req.body.email) | 20 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) |
21 | .then(user => { | 21 | }) |
22 | if (user) return res.status(409).send('User already exists.') | 22 | } |
23 | 23 | ||
24 | next() | 24 | function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
25 | }) | 25 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() |
26 | .catch(err => { | 26 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() |
27 | logger.error('Error in usersAdd request validator.', err) | 27 | req.checkBody('email', 'Should have a valid email').isEmail() |
28 | return res.sendStatus(500) | 28 | |
29 | }) | 29 | logger.debug('Checking usersRegister parameters', { parameters: req.body }) |
30 | |||
31 | checkErrors(req, res, () => { | ||
32 | checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next) | ||
30 | }) | 33 | }) |
31 | } | 34 | } |
32 | 35 | ||
@@ -36,18 +39,16 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next | |||
36 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | 39 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) |
37 | 40 | ||
38 | checkErrors(req, res, () => { | 41 | checkErrors(req, res, () => { |
39 | db.User.loadById(req.params.id) | 42 | checkUserExists(req.params.id, res, (err, user) => { |
40 | .then(user => { | 43 | if (err) { |
41 | if (!user) return res.status(404).send('User not found') | 44 | logger.error('Error in usersRemoveValidator.', err) |
45 | return res.sendStatus(500) | ||
46 | } | ||
42 | 47 | ||
43 | if (user.username === 'root') return res.status(400).send('Cannot remove the root user') | 48 | if (user.username === 'root') return res.status(400).send('Cannot remove the root user') |
44 | 49 | ||
45 | next() | 50 | next() |
46 | }) | 51 | }) |
47 | .catch(err => { | ||
48 | logger.error('Error in usersRemove request validator.', err) | ||
49 | return res.sendStatus(500) | ||
50 | }) | ||
51 | }) | 52 | }) |
52 | } | 53 | } |
53 | 54 | ||
@@ -69,7 +70,7 @@ function usersUpdateMeValidator (req: express.Request, res: express.Response, ne | |||
69 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() | 70 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() |
70 | req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() | 71 | req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() |
71 | 72 | ||
72 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 73 | logger.debug('Checking usersUpdateMe parameters', { parameters: req.body }) |
73 | 74 | ||
74 | checkErrors(req, res, next) | 75 | checkErrors(req, res, next) |
75 | } | 76 | } |
@@ -123,6 +124,7 @@ function ensureUserRegistrationAllowed (req: express.Request, res: express.Respo | |||
123 | 124 | ||
124 | export { | 125 | export { |
125 | usersAddValidator, | 126 | usersAddValidator, |
127 | usersRegisterValidator, | ||
126 | usersRemoveValidator, | 128 | usersRemoveValidator, |
127 | usersUpdateValidator, | 129 | usersUpdateValidator, |
128 | usersUpdateMeValidator, | 130 | usersUpdateMeValidator, |
@@ -133,16 +135,29 @@ export { | |||
133 | 135 | ||
134 | // --------------------------------------------------------------------------- | 136 | // --------------------------------------------------------------------------- |
135 | 137 | ||
136 | function checkUserExists (id: number, res: express.Response, callback: () => void) { | 138 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { |
137 | db.User.loadById(id) | 139 | db.User.loadById(id) |
138 | .then(user => { | 140 | .then(user => { |
139 | if (!user) return res.status(404).send('User not found') | 141 | if (!user) return res.status(404).send('User not found') |
140 | 142 | ||
141 | res.locals.user = user | 143 | res.locals.user = user |
142 | callback() | 144 | callback(null, user) |
143 | }) | 145 | }) |
144 | .catch(err => { | 146 | .catch(err => { |
145 | logger.error('Error in user request validator.', err) | 147 | logger.error('Error in user request validator.', err) |
146 | return res.sendStatus(500) | 148 | return res.sendStatus(500) |
147 | }) | 149 | }) |
148 | } | 150 | } |
151 | |||
152 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { | ||
153 | db.User.loadByUsernameOrEmail(username, email) | ||
154 | .then(user => { | ||
155 | if (user) return res.status(409).send('User already exists.') | ||
156 | |||
157 | callback() | ||
158 | }) | ||
159 | .catch(err => { | ||
160 | logger.error('Error in usersAdd request validator.', err) | ||
161 | return res.sendStatus(500) | ||
162 | }) | ||
163 | } | ||