diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/users.ts | 46 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 41 |
2 files changed, 80 insertions, 7 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 1b5b7f903..6922661ae 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
@@ -9,15 +9,22 @@ import { | |||
9 | ensureUserRegistrationAllowed, | 9 | ensureUserRegistrationAllowed, |
10 | usersAddValidator, | 10 | usersAddValidator, |
11 | usersUpdateValidator, | 11 | usersUpdateValidator, |
12 | usersUpdateMeValidator, | ||
12 | usersRemoveValidator, | 13 | usersRemoveValidator, |
13 | usersVideoRatingValidator, | 14 | usersVideoRatingValidator, |
15 | usersGetValidator, | ||
14 | paginationValidator, | 16 | paginationValidator, |
15 | setPagination, | 17 | setPagination, |
16 | usersSortValidator, | 18 | usersSortValidator, |
17 | setUsersSort, | 19 | setUsersSort, |
18 | token | 20 | token |
19 | } from '../../middlewares' | 21 | } from '../../middlewares' |
20 | import { UserVideoRate as FormattedUserVideoRate, UserCreate, UserUpdate } from '../../../shared' | 22 | import { |
23 | UserVideoRate as FormattedUserVideoRate, | ||
24 | UserCreate, | ||
25 | UserUpdate, | ||
26 | UserUpdateMe | ||
27 | } from '../../../shared' | ||
21 | 28 | ||
22 | const usersRouter = express.Router() | 29 | const usersRouter = express.Router() |
23 | 30 | ||
@@ -40,6 +47,11 @@ usersRouter.get('/', | |||
40 | listUsers | 47 | listUsers |
41 | ) | 48 | ) |
42 | 49 | ||
50 | usersRouter.get('/:id', | ||
51 | usersGetValidator, | ||
52 | getUser | ||
53 | ) | ||
54 | |||
43 | usersRouter.post('/', | 55 | usersRouter.post('/', |
44 | authenticate, | 56 | authenticate, |
45 | ensureIsAdmin, | 57 | ensureIsAdmin, |
@@ -53,8 +65,15 @@ usersRouter.post('/register', | |||
53 | createUser | 65 | createUser |
54 | ) | 66 | ) |
55 | 67 | ||
68 | usersRouter.put('/me', | ||
69 | authenticate, | ||
70 | usersUpdateMeValidator, | ||
71 | updateMe | ||
72 | ) | ||
73 | |||
56 | usersRouter.put('/:id', | 74 | usersRouter.put('/:id', |
57 | authenticate, | 75 | authenticate, |
76 | ensureIsAdmin, | ||
58 | usersUpdateValidator, | 77 | usersUpdateValidator, |
59 | updateUser | 78 | updateUser |
60 | ) | 79 | ) |
@@ -105,6 +124,10 @@ function getUserInformation (req: express.Request, res: express.Response, next: | |||
105 | .catch(err => next(err)) | 124 | .catch(err => next(err)) |
106 | } | 125 | } |
107 | 126 | ||
127 | function getUser (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
128 | return res.json(res.locals.user.toFormattedJSON()) | ||
129 | } | ||
130 | |||
108 | function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) { | 131 | function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) { |
109 | const videoId = +req.params.videoId | 132 | const videoId = +req.params.videoId |
110 | const userId = +res.locals.oauth.token.User.id | 133 | const userId = +res.locals.oauth.token.User.id |
@@ -139,14 +162,15 @@ function removeUser (req: express.Request, res: express.Response, next: express. | |||
139 | }) | 162 | }) |
140 | } | 163 | } |
141 | 164 | ||
142 | function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 165 | function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) { |
143 | const body: UserUpdate = req.body | 166 | const body: UserUpdateMe = req.body |
144 | 167 | ||
168 | // FIXME: user is not already a Sequelize instance? | ||
145 | db.User.loadByUsername(res.locals.oauth.token.user.username) | 169 | db.User.loadByUsername(res.locals.oauth.token.user.username) |
146 | .then(user => { | 170 | .then(user => { |
147 | if (body.password) user.password = body.password | 171 | if (body.password !== undefined) user.password = body.password |
172 | if (body.email !== undefined) user.email = body.email | ||
148 | if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW | 173 | if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW |
149 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | ||
150 | 174 | ||
151 | return user.save() | 175 | return user.save() |
152 | }) | 176 | }) |
@@ -154,6 +178,18 @@ function updateUser (req: express.Request, res: express.Response, next: express. | |||
154 | .catch(err => next(err)) | 178 | .catch(err => next(err)) |
155 | } | 179 | } |
156 | 180 | ||
181 | function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
182 | const body: UserUpdate = req.body | ||
183 | const user = res.locals.user | ||
184 | |||
185 | if (body.email !== undefined) user.email = body.email | ||
186 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | ||
187 | |||
188 | return user.save() | ||
189 | .then(() => res.sendStatus(204)) | ||
190 | .catch(err => next(err)) | ||
191 | } | ||
192 | |||
157 | function success (req: express.Request, res: express.Response, next: express.NextFunction) { | 193 | function success (req: express.Request, res: express.Response, next: express.NextFunction) { |
158 | res.end() | 194 | res.end() |
159 | } | 195 | } |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index eeb0e3557..ebb343535 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -53,16 +53,35 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next | |||
53 | 53 | ||
54 | function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 54 | function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
55 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() | 55 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() |
56 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() | ||
57 | req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid() | ||
58 | |||
59 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | ||
60 | |||
61 | checkErrors(req, res, () => { | ||
62 | checkUserExists(req.params.id, res, next) | ||
63 | }) | ||
64 | } | ||
65 | |||
66 | function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
56 | // Add old password verification | 67 | // Add old password verification |
57 | req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() | 68 | req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() |
69 | req.checkBody('email', 'Should have a valid email attribute').optional().isEmail() | ||
58 | req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() | 70 | req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() |
59 | req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid() | ||
60 | 71 | ||
61 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 72 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) |
62 | 73 | ||
63 | checkErrors(req, res, next) | 74 | checkErrors(req, res, next) |
64 | } | 75 | } |
65 | 76 | ||
77 | function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
78 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() | ||
79 | |||
80 | checkErrors(req, res, () => { | ||
81 | checkUserExists(req.params.id, res, next) | ||
82 | }) | ||
83 | } | ||
84 | |||
66 | function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 85 | function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
67 | req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid() | 86 | req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid() |
68 | 87 | ||
@@ -106,6 +125,24 @@ export { | |||
106 | usersAddValidator, | 125 | usersAddValidator, |
107 | usersRemoveValidator, | 126 | usersRemoveValidator, |
108 | usersUpdateValidator, | 127 | usersUpdateValidator, |
128 | usersUpdateMeValidator, | ||
109 | usersVideoRatingValidator, | 129 | usersVideoRatingValidator, |
110 | ensureUserRegistrationAllowed | 130 | ensureUserRegistrationAllowed, |
131 | usersGetValidator | ||
132 | } | ||
133 | |||
134 | // --------------------------------------------------------------------------- | ||
135 | |||
136 | function checkUserExists (id: number, res: express.Response, callback: () => void) { | ||
137 | db.User.loadById(id) | ||
138 | .then(user => { | ||
139 | if (!user) return res.status(404).send('User not found') | ||
140 | |||
141 | res.locals.user = user | ||
142 | callback() | ||
143 | }) | ||
144 | .catch(err => { | ||
145 | logger.error('Error in user request validator.', err) | ||
146 | return res.sendStatus(500) | ||
147 | }) | ||
111 | } | 148 | } |