1 files changed, 85 insertions, 113 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 6b845f62b..ac7435b7d 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,22 +1,19 @@
-import { body, param } from 'express-validator/check'
-import 'express-validator'
 import * as express from 'express'
-import * as Promise from 'bluebird'
+import 'express-validator'
-import * as validator from 'validator'
+import { body, param } from 'express-validator/check'
-import { database as db } from '../../initializers/database'
-import { checkErrors } from './utils'
 import {
+  isIdOrUUIDValid,
  isSignupAllowed,
-  logger,
+  isUserDisplayNSFWValid,
-  isUserUsernameValid,
  isUserPasswordValid,
+  isUserRoleValid,
+  isUserUsernameValid,
  isUserVideoQuotaValid,
-  isUserDisplayNSFWValid,
+  logger
-  isIdOrUUIDValid,
-  isUserRoleValid
 } from '../../helpers'
-import { UserInstance, VideoInstance } from '../../models'
+import { isVideoExist } from '../../helpers/custom-validators/videos'
+import { database as db } from '../../initializers/database'
+import { areValidationErrors } from './utils'
 const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -25,12 +22,13 @@ const usersAddValidator = [
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
-    })
+    return next()
  }
 ]
@@ -39,37 +37,33 @@ const usersRegisterValidator = [
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
-    })
+    return next()
  }
 ]
 const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkUserExists(req.params.id, res, (err, user) => {
+    if (!await checkUserIdExist(req.params.id, res)) return
-        if (err) {
-          logger.error('Error in usersRemoveValidator.', err)
+    const user = res.locals.user
-          return res.sendStatus(500)
+    if (user.username === 'root') {
-        }
+      return res.status(400)
+                .send({ error: 'Cannot remove the root user' })
-        if (user.username === 'root') {
+                .end()
-          return res.status(400)
+    }
-                    .send({ error: 'Cannot remove the root user' })
-                    .end()
+    return next()
-        }
-        return next()
-      })
-    })
  }
 ]
@@ -79,12 +73,13 @@ const usersUpdateValidator = [
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkUserExists(req.params.id, res, next)
+    if (!await checkUserIdExist(req.params.id, res)) return
-    })
+    return next()
  }
 ]
@@ -97,64 +92,48 @@ const usersUpdateMeValidator = [
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
-    checkErrors(req, res, next)
+    if (areValidationErrors(req, res)) return
+    return next()
  }
 ]
 const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    checkErrors(req, res, () => {
+    logger.debug('Checking usersGet parameters', { parameters: req.body })
-      checkUserExists(req.params.id, res, next)
-    })
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+    return next()
  }
 ]
 const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      let videoPromise: Promise<VideoInstance>
+    if (!await isVideoExist(req.params.videoId, res)) return
-      if (validator.isUUID(req.params.videoId)) {
+    return next()
-        videoPromise = db.Video.loadByUUID(req.params.videoId)
-      } else {
-        videoPromise = db.Video.load(req.params.videoId)
-      }
-      videoPromise
-        .then(video => {
-          if (!video) {
-            return res.status(404)
-                      .json({ error: 'Video not found' })
-                      .end()
-          }
-          return next()
-        })
-        .catch(err => {
-          logger.error('Error in user request validator.', err)
-          return res.sendStatus(500)
-        })
-    })
  }
 ]
 const ensureUserRegistrationAllowed = [
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    isSignupAllowed().then(allowed => {
+    const allowed = await isSignupAllowed()
-      if (allowed === false) {
+    if (allowed === false) {
-        return res.status(403)
+      return res.status(403)
-                  .send({ error: 'User registration is not enabled or user limit is reached.' })
+                .send({ error: 'User registration is not enabled or user limit is reached.' })
-                  .end()
+                .end()
-      }
+    }
-      return next()
+    return next()
-    })
  }
 ]
@@ -173,37 +152,30 @@ export {
 // ---------------------------------------------------------------------------
-function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
+async function checkUserIdExist (id: number, res: express.Response) {
-  db.User.loadById(id)
+  const user = await db.User.loadById(id)
-    .then(user => {
-      if (!user) {
+  if (!user) {
-        return res.status(404)
+    res.status(404)
-                  .send({ error: 'User not found' })
+              .send({ error: 'User not found' })
-                  .end()
+              .end()
-      }
+    return false
-      res.locals.user = user
+  }
-      return callback(null, user)
-    })
+  res.locals.user = user
-    .catch(err => {
+  return true
-      logger.error('Error in user request validator.', err)
-      return res.sendStatus(500)
-    })
 }
-function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
+async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
-  db.User.loadByUsernameOrEmail(username, email)
+  const user = await db.User.loadByUsernameOrEmail(username, email)
-      .then(user => {
-        if (user) {
+  if (user) {
-          return res.status(409)
+    res.status(409)
-                    .send({ error: 'User with this username of email already exists.' })
+              .send({ error: 'User with this username of email already exists.' })
-                    .end()
+              .end()
-        }
+    return false
+  }
-        return callback()
-      })
+  return true
-      .catch(err => {
-        logger.error('Error in usersAdd request validator.', err)
-        return res.sendStatus(500)
-      })
 }

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 6b845f62b..ac7435b7d 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -1,22 +1,19 @@
1	import { body, param } from 'express-validator/check'
2	import 'express-validator'
3	import * as express from 'express'	1	import * as express from 'express'
4	import * as Promise from 'bluebird'	2	import 'express-validator'
5	import * as validator from 'validator'	3	import { body, param } from 'express-validator/check'
6
7	import { database as db } from '../../initializers/database'
8	import { checkErrors } from './utils'
9	import {	4	import {
		5	isIdOrUUIDValid,
10	isSignupAllowed,	6	isSignupAllowed,
11	logger,	7	isUserDisplayNSFWValid,
12	isUserUsernameValid,
13	isUserPasswordValid,	8	isUserPasswordValid,
		9	isUserRoleValid,
		10	isUserUsernameValid,
14	isUserVideoQuotaValid,	11	isUserVideoQuotaValid,
15	isUserDisplayNSFWValid,	12	logger
16	isIdOrUUIDValid,
17	isUserRoleValid
18	} from '../../helpers'	13	} from '../../helpers'
19	import { UserInstance, VideoInstance } from '../../models'	14	import { isVideoExist } from '../../helpers/custom-validators/videos'
		15	import { database as db } from '../../initializers/database'
		16	import { areValidationErrors } from './utils'
20		17
21	const usersAddValidator = [	18	const usersAddValidator = [
22	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),	19	body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -25,12 +22,13 @@ const usersAddValidator = [
25	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),	22	body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
26	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),	23	body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
27		24
28	(req: express.Request, res: express.Response, next: express.NextFunction) => {	25	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
29	logger.debug('Checking usersAdd parameters', { parameters: req.body })	26	logger.debug('Checking usersAdd parameters', { parameters: req.body })
30		27
31	checkErrors(req, res, () => {	28	if (areValidationErrors(req, res)) return
32	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)	29	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
33	})	30
		31	return next()
34	}	32	}
35	]	33	]
36		34
@@ -39,37 +37,33 @@ const usersRegisterValidator = [
39	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),	37	body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
40	body('email').isEmail().withMessage('Should have a valid email'),	38	body('email').isEmail().withMessage('Should have a valid email'),
41		39
42	(req: express.Request, res: express.Response, next: express.NextFunction) => {	40	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
43	logger.debug('Checking usersRegister parameters', { parameters: req.body })	41	logger.debug('Checking usersRegister parameters', { parameters: req.body })
44		42
45	checkErrors(req, res, () => {	43	if (areValidationErrors(req, res)) return
46	checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)	44	if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
47	})	45
		46	return next()
48	}	47	}
49	]	48	]
50		49
51	const usersRemoveValidator = [	50	const usersRemoveValidator = [
52	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),	51	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
53		52
54	(req: express.Request, res: express.Response, next: express.NextFunction) => {	53	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
55	logger.debug('Checking usersRemove parameters', { parameters: req.params })	54	logger.debug('Checking usersRemove parameters', { parameters: req.params })
56		55
57	checkErrors(req, res, () => {	56	if (areValidationErrors(req, res)) return
58	checkUserExists(req.params.id, res, (err, user) => {	57	if (!await checkUserIdExist(req.params.id, res)) return
59	if (err) {	58
60	logger.error('Error in usersRemoveValidator.', err)	59	const user = res.locals.user
61	return res.sendStatus(500)	60	if (user.username === 'root') {
62	}	61	return res.status(400)
63		62	.send({ error: 'Cannot remove the root user' })
64	if (user.username === 'root') {	63	.end()
65	return res.status(400)	64	}
66	.send({ error: 'Cannot remove the root user' })	65
67	.end()	66	return next()
68	}
69
70	return next()
71	})
72	})
73	}	67	}
74	]	68	]
75		69
@@ -79,12 +73,13 @@ const usersUpdateValidator = [
79	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),	73	body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
80	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),	74	body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
81		75
82	(req: express.Request, res: express.Response, next: express.NextFunction) => {	76	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
83	logger.debug('Checking usersUpdate parameters', { parameters: req.body })	77	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
84		78
85	checkErrors(req, res, () => {	79	if (areValidationErrors(req, res)) return
86	checkUserExists(req.params.id, res, next)	80	if (!await checkUserIdExist(req.params.id, res)) return
87	})	81
		82	return next()
88	}	83	}
89	]	84	]
90		85
@@ -97,64 +92,48 @@ const usersUpdateMeValidator = [
97	// TODO: Add old password verification	92	// TODO: Add old password verification
98	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })	93	logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
99		94
100	checkErrors(req, res, next)	95	if (areValidationErrors(req, res)) return
		96
		97	return next()
101	}	98	}
102	]	99	]
103		100
104	const usersGetValidator = [	101	const usersGetValidator = [
105	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),	102	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
106		103
107	(req: express.Request, res: express.Response, next: express.NextFunction) => {	104	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
108	checkErrors(req, res, () => {	105	logger.debug('Checking usersGet parameters', { parameters: req.body })
109	checkUserExists(req.params.id, res, next)	106
110	})	107	if (areValidationErrors(req, res)) return
		108	if (!await checkUserIdExist(req.params.id, res)) return
		109
		110	return next()
111	}	111	}
112	]	112	]
113		113
114	const usersVideoRatingValidator = [	114	const usersVideoRatingValidator = [
115	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),	115	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
116		116
117	(req: express.Request, res: express.Response, next: express.NextFunction) => {	117	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
118	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })	118	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
119		119
120	checkErrors(req, res, () => {	120	if (areValidationErrors(req, res)) return
121	let videoPromise: Promise<VideoInstance>	121	if (!await isVideoExist(req.params.videoId, res)) return
122		122
123	if (validator.isUUID(req.params.videoId)) {	123	return next()
124	videoPromise = db.Video.loadByUUID(req.params.videoId)
125	} else {
126	videoPromise = db.Video.load(req.params.videoId)
127	}
128
129	videoPromise
130	.then(video => {
131	if (!video) {
132	return res.status(404)
133	.json({ error: 'Video not found' })
134	.end()
135	}
136
137	return next()
138	})
139	.catch(err => {
140	logger.error('Error in user request validator.', err)
141	return res.sendStatus(500)
142	})
143	})
144	}	124	}
145	]	125	]
146		126
147	const ensureUserRegistrationAllowed = [	127	const ensureUserRegistrationAllowed = [
148	(req: express.Request, res: express.Response, next: express.NextFunction) => {	128	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
149	isSignupAllowed().then(allowed => {	129	const allowed = await isSignupAllowed()
150	if (allowed === false) {	130	if (allowed === false) {
151	return res.status(403)	131	return res.status(403)
152	.send({ error: 'User registration is not enabled or user limit is reached.' })	132	.send({ error: 'User registration is not enabled or user limit is reached.' })
153	.end()	133	.end()
154	}	134	}
155		135
156	return next()	136	return next()
157	})
158	}	137	}
159	]	138	]
160		139
@@ -173,37 +152,30 @@ export {
173		152
174	// ---------------------------------------------------------------------------	153	// ---------------------------------------------------------------------------
175		154
176	function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {	155	async function checkUserIdExist (id: number, res: express.Response) {
177	db.User.loadById(id)	156	const user = await db.User.loadById(id)
178	.then(user => {	157
179	if (!user) {	158	if (!user) {
180	return res.status(404)	159	res.status(404)
181	.send({ error: 'User not found' })	160	.send({ error: 'User not found' })
182	.end()	161	.end()
183	}	162
184		163	return false
185	res.locals.user = user	164	}
186	return callback(null, user)	165
187	})	166	res.locals.user = user
188	.catch(err => {	167	return true
189	logger.error('Error in user request validator.', err)
190	return res.sendStatus(500)
191	})
192	}	168	}
193		169
194	function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {	170	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
195	db.User.loadByUsernameOrEmail(username, email)	171	const user = await db.User.loadByUsernameOrEmail(username, email)
196	.then(user => {	172
197	if (user) {	173	if (user) {
198	return res.status(409)	174	res.status(409)
199	.send({ error: 'User with this username of email already exists.' })	175	.send({ error: 'User with this username of email already exists.' })
200	.end()	176	.end()
201	}	177	return false
202		178	}
203	return callback()	179
204	})	180	return true
205	.catch(err => {
206	logger.error('Error in usersAdd request validator.', err)
207	return res.sendStatus(500)
208	})
209	}	181	}