PeerTube/server/controllers/api/users/index.ts

import * as express from 'express'
import * as RateLimit from 'express-rate-limit'
import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects } from '../../../helpers/utils'
import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers'
import { Emailer } from '../../../lib/emailer'
import { Redis } from '../../../lib/redis'
import { createUserAccountAndChannel } from '../../../lib/user'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  ensureUserRegistrationAllowed,
  ensureUserRegistrationAllowedForIP,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  token,
  usersAddValidator,
  usersGetValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersSortValidator,
  usersUpdateValidator
} from '../../../middlewares'
import { usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator } from '../../../middlewares/validators'
import { UserModel } from '../../../models/account/user'
import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
import { meRouter } from './me'

const auditLogger = auditLoggerFactory('users')

const loginRateLimiter = new RateLimit({
  windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
  max: RATES_LIMIT.LOGIN.MAX,
  delayMs: 0
})

const usersRouter = express.Router()
usersRouter.use('/', meRouter)

usersRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  paginationValidator,
  usersSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listUsers)
)

usersRouter.post('/:id/block',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersBlockingValidator),
  asyncMiddleware(blockUser)
)
usersRouter.post('/:id/unblock',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersBlockingValidator),
  asyncMiddleware(unblockUser)
)

usersRouter.get('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersGetValidator),
  getUser
)

usersRouter.post('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersAddValidator),
  asyncRetryTransactionMiddleware(createUser)
)

usersRouter.post('/register',
  asyncMiddleware(ensureUserRegistrationAllowed),
  ensureUserRegistrationAllowedForIP,
  asyncMiddleware(usersRegisterValidator),
  asyncRetryTransactionMiddleware(registerUser)
)

usersRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersUpdateValidator),
  asyncMiddleware(updateUser)
)

usersRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
  asyncMiddleware(usersRemoveValidator),
  asyncMiddleware(removeUser)
)

usersRouter.post('/ask-reset-password',
  asyncMiddleware(usersAskResetPasswordValidator),
  asyncMiddleware(askResetUserPassword)
)

usersRouter.post('/:id/reset-password',
  asyncMiddleware(usersResetPasswordValidator),
  asyncMiddleware(resetUserPassword)
)

usersRouter.post('/token',
  loginRateLimiter,
  token,
  success
)
// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route

// ---------------------------------------------------------------------------

export {
  usersRouter
}

// ---------------------------------------------------------------------------

async function createUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body
  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: body.role,
    videoQuota: body.videoQuota,
    videoQuotaDaily: body.videoQuotaDaily
  })

  const { user, account } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account created.', body.username)

  return res.json({
    user: {
      id: user.id,
      account: {
        id: account.id,
        uuid: account.Actor.uuid
      }
    }
  }).end()
}

async function registerUser (req: express.Request, res: express.Response) {
  const body: UserCreate = req.body

  const userToCreate = new UserModel({
    username: body.username,
    password: body.password,
    email: body.email,
    nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
    autoPlayVideo: true,
    role: UserRole.USER,
    videoQuota: CONFIG.USER.VIDEO_QUOTA,
    videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY
  })

  const { user } = await createUserAccountAndChannel(userToCreate)

  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account registered.', body.username)

  return res.type('json').status(204).end()
}

async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user: UserModel = res.locals.user

  await changeUserBlock(res, user, false)

  return res.status(204).end()
}

async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user: UserModel = res.locals.user
  const reason = req.body.reason

  await changeUserBlock(res, user, true, reason)

  return res.status(204).end()
}

function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  return res.json((res.locals.user as UserModel).toFormattedJSON())
}

async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {
  const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user: UserModel = res.locals.user

  await user.destroy()

  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))

  return res.sendStatus(204)
}

async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  const body: UserUpdate = req.body
  const userToUpdate = res.locals.user as UserModel
  const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
  const roleChanged = body.role !== undefined && body.role !== userToUpdate.role

  if (body.email !== undefined) userToUpdate.email = body.email
  if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
  if (body.videoQuotaDaily !== undefined) userToUpdate.videoQuotaDaily = body.videoQuotaDaily
  if (body.role !== undefined) userToUpdate.role = body.role

  const user = await userToUpdate.save()

  // Destroy user token to refresh rights
  if (roleChanged) {
    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
  }

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )

  // Don't need to send this update to followers, these attributes are not propagated

  return res.sendStatus(204)
}

async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel

  const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
  const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
  await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)

  return res.status(204).end()
}

async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {
  const user = res.locals.user as UserModel
  user.password = req.body.password

  await user.save()

  return res.status(204).end()
}

function success (req: express.Request, res: express.Response, next: express.NextFunction) {
  res.end()
}

async function changeUserBlock (res: express.Response, user: UserModel, block: boolean, reason?: string) {
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())

  user.blocked = block
  user.blockedReason = reason || null

  await sequelizeTypescript.transaction(async t => {
    await OAuthTokenModel.deleteUserToken(user.id, t)

    await user.save({ transaction: t })
  })

  await Emailer.Instance.addUserBlockJob(user, block, reason)

  auditLogger.update(
    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
    new UserAuditView(user.toFormattedJSON()),
    oldUserAuditView
  )
}
require -> import 2017-06-05 21:53:49 +02:00			`import * as express from 'express'`
Prevent brute force login attack 2018-03-29 10:58:24 +02:00			`import * as RateLimit from 'express-rate-limit'`
Split users controller 2018-08-16 11:26:22 +02:00			`import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'`
			`import { logger } from '../../../helpers/logger'`
			`import { getFormattedObjects } from '../../../helpers/utils'`
			`import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers'`
			`import { Emailer } from '../../../lib/emailer'`
			`import { Redis } from '../../../lib/redis'`
			`import { createUserAccountAndChannel } from '../../../lib/user'`
First typescript iteration 2017-05-15 22:22:03 +02:00			`import {`
Add tests for emails 2018-01-30 15:16:24 +01:00			`asyncMiddleware,`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`asyncRetryTransactionMiddleware,`
Add tests for emails 2018-01-30 15:16:24 +01:00			`authenticate,`
			`ensureUserHasRight,`
			`ensureUserRegistrationAllowed,`
feature: IP filtering on signup page disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config 2018-05-22 19:43:13 +02:00			`ensureUserRegistrationAllowedForIP,`
Add tests for emails 2018-01-30 15:16:24 +01:00			`paginationValidator,`
			`setDefaultPagination,`
			`setDefaultSort,`
			`token,`
			`usersAddValidator,`
			`usersGetValidator,`
			`usersRegisterValidator,`
			`usersRemoveValidator,`
			`usersSortValidator,`
Split users controller 2018-08-16 11:26:22 +02:00			`usersUpdateValidator`
			`} from '../../../middlewares'`
			`import { usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator } from '../../../middlewares/validators'`
			`import { UserModel } from '../../../models/account/user'`
			`import { OAuthTokenModel } from '../../../models/oauth/oauth-token'`
			`import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'`
			`import { meRouter } from './me'`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00
			`const auditLogger = auditLoggerFactory('users')`
First typescript iteration 2017-05-15 22:22:03 +02:00
Prevent brute force login attack 2018-03-29 10:58:24 +02:00			`const loginRateLimiter = new RateLimit({`
			`windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,`
			`max: RATES_LIMIT.LOGIN.MAX,`
			`delayMs: 0`
			`})`
Begin to add avatar to actors 2017-12-29 19:10:13 +01:00
First typescript iteration 2017-05-15 22:22:03 +02:00			`const usersRouter = express.Router()`
Add subscriptions endpoints to REST API 2018-08-16 15:25:20 +02:00			`usersRouter.use('/', meRouter)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRouter.get('/',`
Users list only available when use is authenticated And has a special right 2017-11-29 13:18:05 +01:00			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_USERS),`
First typescript iteration 2017-05-15 22:22:03 +02:00			`paginationValidator,`
			`usersSortValidator,`
Set sort refractoring 2018-01-17 10:50:33 +01:00			`setDefaultSort,`
Don't show videos of remote instance after unfollow 2018-01-18 10:53:54 +01:00			`setDefaultPagination,`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`asyncMiddleware(listUsers)`
Server: add user list sort/pagination 2016-08-16 22:31:45 +02:00			`)`

Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`usersRouter.post('/:id/block',`
			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_USERS),`
			`asyncMiddleware(usersBlockingValidator),`
			`asyncMiddleware(blockUser)`
			`)`
			`usersRouter.post('/:id/unblock',`
			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_USERS),`
			`asyncMiddleware(usersBlockingValidator),`
			`asyncMiddleware(unblockUser)`
			`)`

Add user update for admins 2017-09-05 21:29:39 +02:00			`usersRouter.get('/:id',`
Add auth documentation 2018-04-16 10:48:17 +02:00			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_USERS),`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(usersGetValidator),`
Add user update for admins 2017-09-05 21:29:39 +02:00			`getUser`
			`)`

First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRouter.post('/',`
			`authenticate,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`ensureUserHasRight(UserRight.MANAGE_USERS),`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(usersAddValidator),`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`asyncRetryTransactionMiddleware(createUser)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`)`

First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRouter.post('/register',`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(ensureUserRegistrationAllowed),`
feature: IP filtering on signup page disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config 2018-05-22 19:43:13 +02:00			`ensureUserRegistrationAllowedForIP,`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(usersRegisterValidator),`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`asyncRetryTransactionMiddleware(registerUser)`
Server: add ability to register new user 2017-04-09 12:08:36 +02:00			`)`

First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRouter.put('/:id',`
			`authenticate,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`ensureUserHasRight(UserRight.MANAGE_USERS),`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(usersUpdateValidator),`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`asyncMiddleware(updateUser)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`)`

First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRouter.delete('/:id',`
			`authenticate,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`ensureUserHasRight(UserRight.MANAGE_USERS),`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(usersRemoveValidator),`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`asyncMiddleware(removeUser)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`)`
Server: move clients in its own file 2016-08-05 16:09:39 +02:00
Add ability to reset our password 2018-01-30 13:27:07 +01:00			`usersRouter.post('/ask-reset-password',`
			`asyncMiddleware(usersAskResetPasswordValidator),`
			`asyncMiddleware(askResetUserPassword)`
			`)`

			`usersRouter.post('/:id/reset-password',`
			`asyncMiddleware(usersResetPasswordValidator),`
			`asyncMiddleware(resetUserPassword)`
			`)`

Prevent brute force login attack 2018-03-29 10:58:24 +02:00			`usersRouter.post('/token',`
			`loginRateLimiter,`
			`token,`
			`success`
			`)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route`
OAuth server: first draft 2016-03-21 11:56:33 +01:00
			`// ---------------------------------------------------------------------------`

First typescript iteration 2017-05-15 22:22:03 +02:00			`export {`
			`usersRouter`
			`}`
OAuth server: first draft 2016-03-21 11:56:33 +01:00
			`// ---------------------------------------------------------------------------`

Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`async function createUser (req: express.Request, res: express.Response) {`
Better typescript typing for a better world 2017-07-10 19:43:21 +02:00			`const body: UserCreate = req.body`
Don't show videos of remote instance after unfollow 2018-01-18 10:53:54 +01:00			`const userToCreate = new UserModel({`
Better typescript typing for a better world 2017-07-10 19:43:21 +02:00			`username: body.username,`
			`password: body.password,`
			`email: body.email,`
Add ability to choose what policy we have for NSFW videos There is a global instance setting and a per user setting 2018-04-19 11:01:34 +02:00			`nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,`
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video 2017-12-19 10:45:49 +01:00			`autoPlayVideo: true,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`role: body.role,`
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo 2018-08-28 09:01:35 +02:00			`videoQuota: body.videoQuota,`
			`videoQuotaDaily: body.videoQuotaDaily`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`})`

Don't show videos of remote instance after unfollow 2018-01-18 10:53:54 +01:00			`const { user, account } = await createUserAccountAndChannel(userToCreate)`
Use async/await in controllers 2017-10-25 11:55:06 +02:00
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))`
Remove references to author 2017-11-10 14:48:08 +01:00			`logger.info('User %s with its channel and account created.', body.username)`
Don't show videos of remote instance after unfollow 2018-01-18 10:53:54 +01:00
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`return res.json({`
			`user: {`
			`id: user.id,`
			`account: {`
			`id: account.id,`
			`uuid: account.Actor.uuid`
			`}`
			`}`
			`}).end()`
Optimize account creation 2017-11-16 18:40:50 +01:00			`}`

Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`async function registerUser (req: express.Request, res: express.Response) {`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`const body: UserCreate = req.body`

Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`const userToCreate = new UserModel({`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`username: body.username,`
			`password: body.password,`
			`email: body.email,`
Add ability to choose what policy we have for NSFW videos There is a global instance setting and a per user setting 2018-04-19 11:01:34 +02:00			`nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,`
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video 2017-12-19 10:45:49 +01:00			`autoPlayVideo: true,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`role: UserRole.USER,`
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo 2018-08-28 09:01:35 +02:00			`videoQuota: CONFIG.USER.VIDEO_QUOTA,`
			`videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`})`

Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`const { user } = await createUserAccountAndChannel(userToCreate)`
Optimize account creation 2017-11-16 18:40:50 +01:00
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))`
Optimize account creation 2017-11-16 18:40:50 +01:00			`logger.info('User %s with its channel and account registered.', body.username)`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00
			`return res.type('json').status(204).end()`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`}`

Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {`
			`const user: UserModel = res.locals.user`

			`await changeUserBlock(res, user, false)`

			`return res.status(204).end()`
			`}`

			`async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {`
			`const user: UserModel = res.locals.user`
Add reason when banning a user 2018-08-08 17:36:10 +02:00			`const reason = req.body.reason`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00
Add reason when banning a user 2018-08-08 17:36:10 +02:00			`await changeUserBlock(res, user, true, reason)`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00
			`return res.status(204).end()`
			`}`

Add user update for admins 2017-09-05 21:29:39 +02:00			`function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {`
Support video quota on client 2018-01-08 12:53:09 +01:00			`return res.json((res.locals.user as UserModel).toFormattedJSON())`
Add user update for admins 2017-09-05 21:29:39 +02:00			`}`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort)`
Use async/await in controllers 2017-10-25 11:55:06 +02:00
			`return res.json(getFormattedObjects(resultList.data, resultList.total))`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`}`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {`
Add ability to delete our account 2018-08-08 10:55:27 +02:00			`const user: UserModel = res.locals.user`
Use async/await in controllers 2017-10-25 11:55:06 +02:00
			`await user.destroy()`

Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`return res.sendStatus(204)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`}`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {`
Add user update for admins 2017-09-05 21:29:39 +02:00			`const body: UserUpdate = req.body`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`const userToUpdate = res.locals.user as UserModel`
			`const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())`
			`const roleChanged = body.role !== undefined && body.role !== userToUpdate.role`
Add user update for admins 2017-09-05 21:29:39 +02:00
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`if (body.email !== undefined) userToUpdate.email = body.email`
			`if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota`
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo 2018-08-28 09:01:35 +02:00			`if (body.videoQuotaDaily !== undefined) userToUpdate.videoQuotaDaily = body.videoQuotaDaily`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`if (body.role !== undefined) userToUpdate.role = body.role`
Add user update for admins 2017-09-05 21:29:39 +02:00
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`const user = await userToUpdate.save()`
Use async/await in controllers 2017-10-25 11:55:06 +02:00
Destroy user token when changing its role 2018-01-23 09:15:36 +01:00			`// Destroy user token to refresh rights`
			`if (roleChanged) {`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`await OAuthTokenModel.deleteUserToken(userToUpdate.id)`
Destroy user token when changing its role 2018-01-23 09:15:36 +01:00			`}`

Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`auditLogger.update(`
			`res.locals.oauth.token.User.Account.Actor.getIdentifier(),`
			`new UserAuditView(user.toFormattedJSON()),`
			`oldUserAuditView`
			`)`

Send account activitypub update events 2018-01-03 16:38:50 +01:00			`// Don't need to send this update to followers, these attributes are not propagated`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`return res.sendStatus(204)`
Add user update for admins 2017-09-05 21:29:39 +02:00			`}`

Add ability to reset our password 2018-01-30 13:27:07 +01:00			`async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {`
			`const user = res.locals.user as UserModel`

			`const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)`
			`const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString`
			`await Emailer.Instance.addForgetPasswordEmailJob(user.email, url)`

			`return res.status(204).end()`
			`}`

			`async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) {`
			`const user = res.locals.user as UserModel`
			`user.password = req.body.password`

			`await user.save()`

			`return res.status(204).end()`
			`}`

Type functions 2017-06-10 22:15:25 +02:00			`function success (req: express.Request, res: express.Response, next: express.NextFunction) {`
OAuth server: first draft 2016-03-21 11:56:33 +01:00			`res.end()`
			`}`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00
Add reason when banning a user 2018-08-08 17:36:10 +02:00			`async function changeUserBlock (res: express.Response, user: UserModel, block: boolean, reason?: string) {`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`const oldUserAuditView = new UserAuditView(user.toFormattedJSON())`

			`user.blocked = block`
Add reason when banning a user 2018-08-08 17:36:10 +02:00			`user.blockedReason = reason \|\| null`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00
			`await sequelizeTypescript.transaction(async t => {`
			`await OAuthTokenModel.deleteUserToken(user.id, t)`

			`await user.save({ transaction: t })`
			`})`

Add reason when banning a user 2018-08-08 17:36:10 +02:00			`await Emailer.Instance.addUserBlockJob(user, block, reason)`

Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`auditLogger.update(`
			`res.locals.oauth.token.User.Account.Actor.getIdentifier(),`
			`new UserAuditView(user.toFormattedJSON()),`
			`oldUserAuditView`
			`)`
			`}`