aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/users.ts46
-rw-r--r--server/middlewares/validators/users.ts41
2 files changed, 80 insertions, 7 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 1b5b7f903..6922661ae 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -9,15 +9,22 @@ import {
9 ensureUserRegistrationAllowed, 9 ensureUserRegistrationAllowed,
10 usersAddValidator, 10 usersAddValidator,
11 usersUpdateValidator, 11 usersUpdateValidator,
12 usersUpdateMeValidator,
12 usersRemoveValidator, 13 usersRemoveValidator,
13 usersVideoRatingValidator, 14 usersVideoRatingValidator,
15 usersGetValidator,
14 paginationValidator, 16 paginationValidator,
15 setPagination, 17 setPagination,
16 usersSortValidator, 18 usersSortValidator,
17 setUsersSort, 19 setUsersSort,
18 token 20 token
19} from '../../middlewares' 21} from '../../middlewares'
20import { UserVideoRate as FormattedUserVideoRate, UserCreate, UserUpdate } from '../../../shared' 22import {
23 UserVideoRate as FormattedUserVideoRate,
24 UserCreate,
25 UserUpdate,
26 UserUpdateMe
27} from '../../../shared'
21 28
22const usersRouter = express.Router() 29const usersRouter = express.Router()
23 30
@@ -40,6 +47,11 @@ usersRouter.get('/',
40 listUsers 47 listUsers
41) 48)
42 49
50usersRouter.get('/:id',
51 usersGetValidator,
52 getUser
53)
54
43usersRouter.post('/', 55usersRouter.post('/',
44 authenticate, 56 authenticate,
45 ensureIsAdmin, 57 ensureIsAdmin,
@@ -53,8 +65,15 @@ usersRouter.post('/register',
53 createUser 65 createUser
54) 66)
55 67
68usersRouter.put('/me',
69 authenticate,
70 usersUpdateMeValidator,
71 updateMe
72)
73
56usersRouter.put('/:id', 74usersRouter.put('/:id',
57 authenticate, 75 authenticate,
76 ensureIsAdmin,
58 usersUpdateValidator, 77 usersUpdateValidator,
59 updateUser 78 updateUser
60) 79)
@@ -105,6 +124,10 @@ function getUserInformation (req: express.Request, res: express.Response, next:
105 .catch(err => next(err)) 124 .catch(err => next(err))
106} 125}
107 126
127function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
128 return res.json(res.locals.user.toFormattedJSON())
129}
130
108function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) { 131function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
109 const videoId = +req.params.videoId 132 const videoId = +req.params.videoId
110 const userId = +res.locals.oauth.token.User.id 133 const userId = +res.locals.oauth.token.User.id
@@ -139,14 +162,15 @@ function removeUser (req: express.Request, res: express.Response, next: express.
139 }) 162 })
140} 163}
141 164
142function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { 165function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
143 const body: UserUpdate = req.body 166 const body: UserUpdateMe = req.body
144 167
168 // FIXME: user is not already a Sequelize instance?
145 db.User.loadByUsername(res.locals.oauth.token.user.username) 169 db.User.loadByUsername(res.locals.oauth.token.user.username)
146 .then(user => { 170 .then(user => {
147 if (body.password) user.password = body.password 171 if (body.password !== undefined) user.password = body.password
172 if (body.email !== undefined) user.email = body.email
148 if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW 173 if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW
149 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
150 174
151 return user.save() 175 return user.save()
152 }) 176 })
@@ -154,6 +178,18 @@ function updateUser (req: express.Request, res: express.Response, next: express.
154 .catch(err => next(err)) 178 .catch(err => next(err))
155} 179}
156 180
181function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
182 const body: UserUpdate = req.body
183 const user = res.locals.user
184
185 if (body.email !== undefined) user.email = body.email
186 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
187
188 return user.save()
189 .then(() => res.sendStatus(204))
190 .catch(err => next(err))
191}
192
157function success (req: express.Request, res: express.Response, next: express.NextFunction) { 193function success (req: express.Request, res: express.Response, next: express.NextFunction) {
158 res.end() 194 res.end()
159} 195}
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index eeb0e3557..ebb343535 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -53,16 +53,35 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next
53 53
54function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 54function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
55 req.checkParams('id', 'Should have a valid id').notEmpty().isInt() 55 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
56 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
57 req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
58
59 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
60
61 checkErrors(req, res, () => {
62 checkUserExists(req.params.id, res, next)
63 })
64}
65
66function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
56 // Add old password verification 67 // Add old password verification
57 req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() 68 req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
69 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
58 req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() 70 req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
59 req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
60 71
61 logger.debug('Checking usersUpdate parameters', { parameters: req.body }) 72 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
62 73
63 checkErrors(req, res, next) 74 checkErrors(req, res, next)
64} 75}
65 76
77function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
78 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
79
80 checkErrors(req, res, () => {
81 checkUserExists(req.params.id, res, next)
82 })
83}
84
66function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 85function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
67 req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid() 86 req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
68 87
@@ -106,6 +125,24 @@ export {
106 usersAddValidator, 125 usersAddValidator,
107 usersRemoveValidator, 126 usersRemoveValidator,
108 usersUpdateValidator, 127 usersUpdateValidator,
128 usersUpdateMeValidator,
109 usersVideoRatingValidator, 129 usersVideoRatingValidator,
110 ensureUserRegistrationAllowed 130 ensureUserRegistrationAllowed,
131 usersGetValidator
132}
133
134// ---------------------------------------------------------------------------
135
136function checkUserExists (id: number, res: express.Response, callback: () => void) {
137 db.User.loadById(id)
138 .then(user => {
139 if (!user) return res.status(404).send('User not found')
140
141 res.locals.user = user
142 callback()
143 })
144 .catch(err => {
145 logger.error('Error in user request validator.', err)
146 return res.sendStatus(500)
147 })
111} 148}