OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity
PeerTube/server/middlewares/validators/users.ts

317 lines
11 KiB
TypeScript
Raw Normal View History

Add ability to reset our password
2018-01-30 13:27:07 +01:00
import * as Bluebird from 'bluebird'
Type functions
2017-06-10 22:15:25 +02:00
import * as express from 'express'
Refractor validators
2017-11-27 17:30:46 +01:00
import 'express-validator'
import { body, param } from 'express-validator/check'
Add ability to reset our password
2018-01-30 13:27:07 +01:00
import { omit } from 'lodash'
Move models to typescript-sequelize
2017-12-12 17:53:50 +01:00
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
import {
Add reason when banning a user
2018-08-08 17:36:10 +02:00
isUserAutoPlayVideoValid, isUserBlockedReasonValid,
API: Add ability to update video channel avatar
2018-06-29 11:29:23 +02:00
isUserDescriptionValid,
isUserDisplayNameValid,
Add ability to choose what policy we have for NSFW videos There is a global instance setting and a per user setting
2018-04-19 11:01:34 +02:00
isUserNSFWPolicyValid,
Add ability to reset our password
2018-01-30 13:27:07 +01:00
isUserPasswordValid,
isUserRoleValid,
isUserUsernameValid,
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo
2018-08-28 09:01:35 +02:00
isUserVideoQuotaValid,
isUserVideoQuotaDailyValid
Move models to typescript-sequelize
2017-12-12 17:53:50 +01:00
} from '../../helpers/custom-validators/users'
Add ability to disable video comments
2018-01-03 10:12:36 +01:00
import { isVideoExist } from '../../helpers/custom-validators/videos'
Propagate old comment on new follow
2017-12-28 11:16:08 +01:00
import { logger } from '../../helpers/logger'
Cleanup utils helper
2018-08-14 15:28:30 +02:00
import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup'
Add ability to reset our password
2018-01-30 13:27:07 +01:00
import { Redis } from '../../lib/redis'
Move models to typescript-sequelize
2017-12-12 17:53:50 +01:00
import { UserModel } from '../../models/account/user'
Refractor validators
2017-11-27 17:30:46 +01:00
import { areValidationErrors } from './utils'
Do not create a user with the same username than another actor name
2018-06-21 11:54:22 +02:00
import { ActorModel } from '../../models/activitypub/actor'
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersAddValidator = [
Usernames are case insensitive now
2017-11-04 18:32:38 +01:00
body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
body('email').isEmail().withMessage('Should have a valid email'),
body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo
2018-08-28 09:01:35 +02:00
body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
Support roles with rights and add moderator role
2017-10-27 16:55:03 +02:00
body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Don't leak passwords in log
2018-01-26 13:55:27 +01:00
logger.debug('Checking usersAdd parameters', { parameters: omit(req.body, 'password') })
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74
2017-07-05 13:26:25 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersRegisterValidator = [
body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
body('email').isEmail().withMessage('Should have a valid email'),
Fix tests and user quota
2017-09-06 16:35:40 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Don't leak passwords in log
2018-01-26 13:55:27 +01:00
logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
Fix tests and user quota
2017-09-06 16:35:40 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersRemoveValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
logger.debug('Checking usersRemove parameters', { parameters: req.params })
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await checkUserIdExist(req.params.id, res)) return
const user = res.locals.user
if (user.username === 'root') {
return res.status(400)
.send({ error: 'Cannot remove the root user' })
.end()
}
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Add user update for admins
2017-09-05 21:29:39 +02:00
Implement user blocking on server side
2018-08-08 14:58:21 +02:00
const usersBlockingValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
Add reason when banning a user
2018-08-08 17:36:10 +02:00
body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),
Implement user blocking on server side
2018-08-08 14:58:21 +02:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Add reason when banning a user
2018-08-08 17:36:10 +02:00
logger.debug('Checking usersBlocking parameters', { parameters: req.params })
Implement user blocking on server side
2018-08-08 14:58:21 +02:00
if (areValidationErrors(req, res)) return
if (!await checkUserIdExist(req.params.id, res)) return
const user = res.locals.user
if (user.username === 'root') {
return res.status(400)
.send({ error: 'Cannot block the root user' })
.end()
}
return next()
}
]
Add ability to delete our account
2018-08-08 10:55:27 +02:00
const deleteMeValidator = [
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
const user: UserModel = res.locals.oauth.token.User
if (user.username === 'root') {
return res.status(400)
.send({ error: 'You cannot delete your root account.' })
.end()
}
return next()
}
]
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersUpdateValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
Implement daily upload limit (#956) * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo
2018-08-28 09:01:35 +02:00
body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
Support roles with rights and add moderator role
2017-10-27 16:55:03 +02:00
body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
Add user update for admins
2017-09-05 21:29:39 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
logger.debug('Checking usersUpdate parameters', { parameters: req.body })
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await checkUserIdExist(req.params.id, res)) return
Destroy user token when changing its role
2018-01-23 09:15:36 +01:00
const user = res.locals.user
if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
return res.status(400)
.send({ error: 'Cannot change root role.' })
.end()
}
Refractor validators
2017-11-27 17:30:46 +01:00
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersUpdateMeValidator = [
Add ability to update the user display name/description
2018-04-26 10:03:40 +02:00
body('displayName').optional().custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
Implement support field in video and video channel
2018-02-15 14:46:26 +01:00
body('description').optional().custom(isUserDescriptionValid).withMessage('Should have a valid description'),
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
Add ability to choose what policy we have for NSFW videos There is a global instance setting and a per user setting
2018-04-19 11:01:34 +02:00
body('nsfwPolicy').optional().custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video
2017-12-19 10:45:49 +01:00
body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
(req: express.Request, res: express.Response, next: express.NextFunction) => {
// TODO: Add old password verification
Don't leak passwords in log
2018-01-26 13:55:27 +01:00
logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
Add user update for admins
2017-09-05 21:29:39 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Add user update for admins
2017-09-05 21:29:39 +02:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersGetValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
Add like/dislike system for videos
2017-03-08 21:35:43 +01:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Don't leak passwords in log
2018-01-26 13:55:27 +01:00
logger.debug('Checking usersGet parameters', { parameters: req.params })
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await checkUserIdExist(req.params.id, res)) return
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Add like/dislike system for videos
2017-03-08 21:35:43 +01:00
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
const usersVideoRatingValidator = [
Add video channels
2017-10-24 19:41:09 +02:00
param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
Use global uuid instead of remoteId for videos
2017-07-11 16:01:56 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
Use global uuid instead of remoteId for videos
2017-07-11 16:01:56 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
if (areValidationErrors(req, res)) return
if (!await isVideoExist(req.params.videoId, res)) return
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
const ensureUserRegistrationAllowed = [
Refractor validators
2017-11-27 17:30:46 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
const allowed = await isSignupAllowed()
if (allowed === false) {
return res.status(403)
.send({ error: 'User registration is not enabled or user limit is reached.' })
.end()
}
return next()
Upgrade express validator to v4
2017-09-15 12:17:08 +02:00
}
]
Add ability to limit user registrations
2017-07-25 20:17:28 +02:00
feature: IP filtering on signup page disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config
2018-05-22 19:43:13 +02:00
const ensureUserRegistrationAllowedForIP = [
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
const allowed = isSignupAllowedForCurrentIP(req.ip)
if (allowed === false) {
return res.status(403)
.send({ error: 'You are not on a network authorized for registration.' })
.end()
}
return next()
}
]
Add ability to reset our password
2018-01-30 13:27:07 +01:00
const usersAskResetPasswordValidator = [
body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })
if (areValidationErrors(req, res)) return
const exists = await checkUserEmailExist(req.body.email, res, false)
if (!exists) {
logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
// Do not leak our emails
return res.status(204).end()
}
return next()
}
]
const usersResetPasswordValidator = [
param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking usersResetPassword parameters', { parameters: req.params })
if (areValidationErrors(req, res)) return
if (!await checkUserIdExist(req.params.id, res)) return
const user = res.locals.user as UserModel
const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)
if (redisVerificationString !== req.body.verificationString) {
return res
.status(403)
.send({ error: 'Invalid verification string.' })
Add tests for emails
2018-01-30 15:16:24 +01:00
.end()
Add ability to reset our password
2018-01-30 13:27:07 +01:00
}
return next()
}
]
Implement user API (create, update, remove, list)
2016-08-04 22:32:36 +02:00
// ---------------------------------------------------------------------------
First typescript iteration
2017-05-15 22:22:03 +02:00
export {
usersAddValidator,
Add ability to delete our account
2018-08-08 10:55:27 +02:00
deleteMeValidator,
Fix tests and user quota
2017-09-06 16:35:40 +02:00
usersRegisterValidator,
Implement user blocking on server side
2018-08-08 14:58:21 +02:00
usersBlockingValidator,
First typescript iteration
2017-05-15 22:22:03 +02:00
usersRemoveValidator,
usersUpdateValidator,
Add user update for admins
2017-09-05 21:29:39 +02:00
usersUpdateMeValidator,
Add ability to limit user registrations
2017-07-25 20:17:28 +02:00
usersVideoRatingValidator,
Add user update for admins
2017-09-05 21:29:39 +02:00
ensureUserRegistrationAllowed,
feature: IP filtering on signup page disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config
2018-05-22 19:43:13 +02:00
ensureUserRegistrationAllowedForIP,
Begin to add avatar to actors
2017-12-29 19:10:13 +01:00
usersGetValidator,
Add ability to reset our password
2018-01-30 13:27:07 +01:00
usersAskResetPasswordValidator,
usersResetPasswordValidator
Add user update for admins
2017-09-05 21:29:39 +02:00
}
// ---------------------------------------------------------------------------
Add ability to reset our password
2018-01-30 13:27:07 +01:00
function checkUserIdExist (id: number, res: express.Response) {
return checkUserExist(() => UserModel.loadById(id), res)
}
Refractor validators
2017-11-27 17:30:46 +01:00
Add ability to reset our password
2018-01-30 13:27:07 +01:00
function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
First typescript iteration
2017-05-15 22:22:03 +02:00
}
Fix tests and user quota
2017-09-06 16:35:40 +02:00
Refractor validators
2017-11-27 17:30:46 +01:00
async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
Move models to typescript-sequelize
2017-12-12 17:53:50 +01:00
const user = await UserModel.loadByUsernameOrEmail(username, email)
Refractor validators
2017-11-27 17:30:46 +01:00
if (user) {
res.status(409)
Fix typo in "already exist" error message
2018-03-11 16:14:35 +01:00
.send({ error: 'User with this username or email already exists.' })
Refractor validators
2017-11-27 17:30:46 +01:00
.end()
return false
}
Do not create a user with the same username than another actor name
2018-06-21 11:54:22 +02:00
const actor = await ActorModel.loadLocalByName(username)
if (actor) {
res.status(409)
Improve error message on actor name conflict
2018-08-27 16:42:27 +02:00
.send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' })
Do not create a user with the same username than another actor name
2018-06-21 11:54:22 +02:00
.end()
return false
}
Refractor validators
2017-11-27 17:30:46 +01:00
return true
Fix tests and user quota
2017-09-06 16:35:40 +02:00
}
Add ability to reset our password
2018-01-30 13:27:07 +01:00
async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
const user = await finder()
if (!user) {
if (abortResponse === true) {
res.status(404)
.send({ error: 'User not found' })
.end()
}
return false
}
res.locals.user = user
return true
}