PeerTube/server/models/user.ts

import { values } from 'lodash'

import { getSort } from './utils'
import { USER_ROLES } from '../initializers'
import {
  cryptPassword,
  comparePassword,
  isUserPasswordValid,
  isUserUsernameValid,
  isUserDisplayNSFWValid
} from '../helpers'

// ---------------------------------------------------------------------------

module.exports = function (sequelize, DataTypes) {
  const User = sequelize.define('User',
    {
      password: {
        type: DataTypes.STRING,
        allowNull: false,
        validate: {
          passwordValid: function (value) {
            const res = isUserPasswordValid(value)
            if (res === false) throw new Error('Password not valid.')
          }
        }
      },
      username: {
        type: DataTypes.STRING,
        allowNull: false,
        validate: {
          usernameValid: function (value) {
            const res = isUserUsernameValid(value)
            if (res === false) throw new Error('Username not valid.')
          }
        }
      },
      email: {
        type: DataTypes.STRING(400),
        allowNull: false,
        validate: {
          isEmail: true
        }
      },
      displayNSFW: {
        type: DataTypes.BOOLEAN,
        allowNull: false,
        defaultValue: false,
        validate: {
          nsfwValid: function (value) {
            const res = isUserDisplayNSFWValid(value)
            if (res === false) throw new Error('Display NSFW is not valid.')
          }
        }
      },
      role: {
        type: DataTypes.ENUM(values(USER_ROLES)),
        allowNull: false
      }
    },
    {
      indexes: [
        {
          fields: [ 'username' ],
          unique: true
        },
        {
          fields: [ 'email' ],
          unique: true
        }
      ],
      classMethods: {
        associate,

        countTotal,
        getByUsername,
        list,
        listForApi,
        loadById,
        loadByUsername,
        loadByUsernameOrEmail
      },
      instanceMethods: {
        isPasswordMatch,
        toFormatedJSON,
        isAdmin
      },
      hooks: {
        beforeCreate: beforeCreateOrUpdate,
        beforeUpdate: beforeCreateOrUpdate
      }
    }
  )

  return User
}

function beforeCreateOrUpdate (user, options, next) {
  cryptPassword(user.password, function (err, hash) {
    if (err) return next(err)

    user.password = hash

    return next()
  })
}

// ------------------------------ METHODS ------------------------------

function isPasswordMatch (password, callback) {
  return comparePassword(password, this.password, callback)
}

function toFormatedJSON () {
  return {
    id: this.id,
    username: this.username,
    email: this.email,
    displayNSFW: this.displayNSFW,
    role: this.role,
    createdAt: this.createdAt
  }
}

function isAdmin () {
  return this.role === USER_ROLES.ADMIN
}

// ------------------------------ STATICS ------------------------------

function associate (models) {
  this.hasOne(models.Author, {
    foreignKey: 'userId',
    onDelete: 'cascade'
  })

  this.hasMany(models.OAuthToken, {
    foreignKey: 'userId',
    onDelete: 'cascade'
  })
}

function countTotal (callback) {
  return this.count().asCallback(callback)
}

function getByUsername (username) {
  const query = {
    where: {
      username: username
    }
  }

  return this.findOne(query)
}

function list (callback) {
  return this.find().asCallback(callback)
}

function listForApi (start, count, sort, callback) {
  const query = {
    offset: start,
    limit: count,
    order: [ getSort(sort) ]
  }

  return this.findAndCountAll(query).asCallback(function (err, result) {
    if (err) return callback(err)

    return callback(null, result.rows, result.count)
  })
}

function loadById (id, callback) {
  return this.findById(id).asCallback(callback)
}

function loadByUsername (username, callback) {
  const query = {
    where: {
      username: username
    }
  }

  return this.findOne(query).asCallback(callback)
}

function loadByUsernameOrEmail (username, email, callback) {
  const query = {
    where: {
      $or: [ { username }, { email } ]
    }
  }

  return this.findOne(query).asCallback(callback)
}
First typescript iteration 2017-05-15 22:22:03 +02:00			`import { values } from 'lodash'`

			`import { getSort } from './utils'`
			`import { USER_ROLES } from '../initializers'`
			`import {`
			`cryptPassword,`
			`comparePassword,`
			`isUserPasswordValid,`
			`isUserUsernameValid,`
			`isUserDisplayNSFWValid`
			`} from '../helpers'`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00			`// ---------------------------------------------------------------------------`

First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`module.exports = function (sequelize, DataTypes) {`
			`const User = sequelize.define('User',`
			`{`
			`password: {`
Server: add database field validations 2016-12-28 15:49:23 +01:00			`type: DataTypes.STRING,`
			`allowNull: false,`
			`validate: {`
			`passwordValid: function (value) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const res = isUserPasswordValid(value)`
Server: add database field validations 2016-12-28 15:49:23 +01:00			`if (res === false) throw new Error('Password not valid.')`
			`}`
			`}`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`},`
			`username: {`
Server: add database field validations 2016-12-28 15:49:23 +01:00			`type: DataTypes.STRING,`
			`allowNull: false,`
			`validate: {`
			`usernameValid: function (value) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const res = isUserUsernameValid(value)`
Server: add database field validations 2016-12-28 15:49:23 +01:00			`if (res === false) throw new Error('Username not valid.')`
			`}`
			`}`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`},`
Add email to users 2017-02-18 09:29:59 +01:00			`email: {`
Server: fix migration scripts 2017-02-18 11:56:28 +01:00			`type: DataTypes.STRING(400),`
Add email to users 2017-02-18 09:29:59 +01:00			`allowNull: false,`
			`validate: {`
			`isEmail: true`
			`}`
			`},`
Server: Add NSFW in user profile 2017-04-03 21:24:36 +02:00			`displayNSFW: {`
			`type: DataTypes.BOOLEAN,`
			`allowNull: false,`
			`defaultValue: false,`
			`validate: {`
			`nsfwValid: function (value) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const res = isUserDisplayNSFWValid(value)`
Server: Add NSFW in user profile 2017-04-03 21:24:36 +02:00			`if (res === false) throw new Error('Display NSFW is not valid.')`
			`}`
			`}`
			`},`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`role: {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`type: DataTypes.ENUM(values(USER_ROLES)),`
Server: add database field validations 2016-12-28 15:49:23 +01:00			`allowNull: false`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`
			`},`
			`{`
Server: Add postgresql indexes 2016-12-29 09:33:28 +01:00			`indexes: [`
			`{`
Server: add unique to unique indexes 2017-02-16 19:24:34 +01:00			`fields: [ 'username' ],`
			`unique: true`
Add email to users 2017-02-18 09:29:59 +01:00			`},`
			`{`
			`fields: [ 'email' ],`
			`unique: true`
Server: Add postgresql indexes 2016-12-29 09:33:28 +01:00			`}`
			`],`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`classMethods: {`
			`associate,`

			`countTotal,`
			`getByUsername,`
			`list,`
			`listForApi,`
			`loadById,`
Add email to users 2017-02-18 09:29:59 +01:00			`loadByUsername,`
			`loadByUsernameOrEmail`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`},`
			`instanceMethods: {`
			`isPasswordMatch,`
Add ability for an administrator to remove any video (#61) * Add ability for an admin to remove every video on the pod. * Server: add BlacklistedVideos relation. * Server: Insert in BlacklistedVideos relation upon deletion of a video. * Server: Modify BlacklistedVideos schema to add Pod id information. * Server: Moving insertion of a blacklisted video from the `afterDestroy` hook into the process of deletion of a video. To avoid inserting a video when it is removed on its origin pod. When a video is removed on its origin pod, the `afterDestroy` hook is fire, but no request is made on the delete('/:videoId') interface. Hence, we insert into `BlacklistedVideos` only on request on delete('/:videoId') (if requirements for insertion are met). * Server: Add removeVideoFromBlacklist hook on deletion of a video. We are going to proceed in another way :). We will add a new route : /:videoId/blacklist to blacklist a video. We do not blacklist a video upon its deletion now (to distinguish a video blacklist from a regular video delete) When we blacklist a video, the video remains in the DB, so we don't have any concern about its update. It just doesn't appear in the video list. When we remove a video, we then have to remove it from the blacklist too. We could also remove a video from the blacklist to 'unremove' it and make it appear again in the video list (will be another feature). * Server: Add handler for new route post(/:videoId/blacklist) * Client: Add isBlacklistable method * Client: Update isRemovableBy method. * Client: Move 'Delete video' feature from the video-list to the video-watch module. * Server: Exclude blacklisted videos from the video list * Server: Use findAll() in BlacklistedVideos.list() method * Server: Fix addVideoToBlacklist function. * Client: Add blacklist feature. * Server: Use JavaScript Standard Style. * Server: In checkUserCanDeleteVideo, move the callback call inside the db callback function * Server: Modify BlacklistVideo relation * Server: Modifiy Videos methods. * Server: Add checkVideoIsBlacklistable method * Server: Rewrite addVideoToBlacklist method * Server: Fix checkVideoIsBlacklistable method * Server: Add return to addVideoToBlacklist method 2017-04-26 21:22:10 +02:00			`toFormatedJSON,`
			`isAdmin`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`},`
			`hooks: {`
			`beforeCreate: beforeCreateOrUpdate,`
			`beforeUpdate: beforeCreateOrUpdate`
			`}`
			`}`
			`)`

			`return User`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`}`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`function beforeCreateOrUpdate (user, options, next) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`cryptPassword(user.password, function (err, hash) {`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`if (err) return next(err)`

			`user.password = hash`

			`return next()`
			`})`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`// ------------------------------ METHODS ------------------------------`

			`function isPasswordMatch (password, callback) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`return comparePassword(password, this.password, callback)`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`}`

			`function toFormatedJSON () {`
			`return {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`id: this.id,`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`username: this.username,`
Add email to users 2017-02-18 09:29:59 +01:00			`email: this.email,`
Server: Add NSFW in user profile 2017-04-03 21:24:36 +02:00			`displayNSFW: this.displayNSFW,`
Server: show user created date for the api 2016-09-23 17:19:57 +02:00			`role: this.role,`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`createdAt: this.createdAt`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`}`
			`}`
Add ability for an administrator to remove any video (#61) * Add ability for an admin to remove every video on the pod. * Server: add BlacklistedVideos relation. * Server: Insert in BlacklistedVideos relation upon deletion of a video. * Server: Modify BlacklistedVideos schema to add Pod id information. * Server: Moving insertion of a blacklisted video from the `afterDestroy` hook into the process of deletion of a video. To avoid inserting a video when it is removed on its origin pod. When a video is removed on its origin pod, the `afterDestroy` hook is fire, but no request is made on the delete('/:videoId') interface. Hence, we insert into `BlacklistedVideos` only on request on delete('/:videoId') (if requirements for insertion are met). * Server: Add removeVideoFromBlacklist hook on deletion of a video. We are going to proceed in another way :). We will add a new route : /:videoId/blacklist to blacklist a video. We do not blacklist a video upon its deletion now (to distinguish a video blacklist from a regular video delete) When we blacklist a video, the video remains in the DB, so we don't have any concern about its update. It just doesn't appear in the video list. When we remove a video, we then have to remove it from the blacklist too. We could also remove a video from the blacklist to 'unremove' it and make it appear again in the video list (will be another feature). * Server: Add handler for new route post(/:videoId/blacklist) * Client: Add isBlacklistable method * Client: Update isRemovableBy method. * Client: Move 'Delete video' feature from the video-list to the video-watch module. * Server: Exclude blacklisted videos from the video list * Server: Use findAll() in BlacklistedVideos.list() method * Server: Fix addVideoToBlacklist function. * Client: Add blacklist feature. * Server: Use JavaScript Standard Style. * Server: In checkUserCanDeleteVideo, move the callback call inside the db callback function * Server: Modify BlacklistVideo relation * Server: Modifiy Videos methods. * Server: Add checkVideoIsBlacklistable method * Server: Rewrite addVideoToBlacklist method * Server: Fix checkVideoIsBlacklistable method * Server: Add return to addVideoToBlacklist method 2017-04-26 21:22:10 +02:00
			`function isAdmin () {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`return this.role === USER_ROLES.ADMIN`
Add ability for an administrator to remove any video (#61) * Add ability for an admin to remove every video on the pod. * Server: add BlacklistedVideos relation. * Server: Insert in BlacklistedVideos relation upon deletion of a video. * Server: Modify BlacklistedVideos schema to add Pod id information. * Server: Moving insertion of a blacklisted video from the `afterDestroy` hook into the process of deletion of a video. To avoid inserting a video when it is removed on its origin pod. When a video is removed on its origin pod, the `afterDestroy` hook is fire, but no request is made on the delete('/:videoId') interface. Hence, we insert into `BlacklistedVideos` only on request on delete('/:videoId') (if requirements for insertion are met). * Server: Add removeVideoFromBlacklist hook on deletion of a video. We are going to proceed in another way :). We will add a new route : /:videoId/blacklist to blacklist a video. We do not blacklist a video upon its deletion now (to distinguish a video blacklist from a regular video delete) When we blacklist a video, the video remains in the DB, so we don't have any concern about its update. It just doesn't appear in the video list. When we remove a video, we then have to remove it from the blacklist too. We could also remove a video from the blacklist to 'unremove' it and make it appear again in the video list (will be another feature). * Server: Add handler for new route post(/:videoId/blacklist) * Client: Add isBlacklistable method * Client: Update isRemovableBy method. * Client: Move 'Delete video' feature from the video-list to the video-watch module. * Server: Exclude blacklisted videos from the video list * Server: Use findAll() in BlacklistedVideos.list() method * Server: Fix addVideoToBlacklist function. * Client: Add blacklist feature. * Server: Use JavaScript Standard Style. * Server: In checkUserCanDeleteVideo, move the callback call inside the db callback function * Server: Modify BlacklistVideo relation * Server: Modifiy Videos methods. * Server: Add checkVideoIsBlacklistable method * Server: Rewrite addVideoToBlacklist method * Server: Fix checkVideoIsBlacklistable method * Server: Add return to addVideoToBlacklist method 2017-04-26 21:22:10 +02:00			`}`

Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`// ------------------------------ STATICS ------------------------------`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`function associate (models) {`
Server: add association between author and user 2016-12-29 10:33:36 +01:00			`this.hasOne(models.Author, {`
			`foreignKey: 'userId',`
			`onDelete: 'cascade'`
			`})`

First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`this.hasMany(models.OAuthToken, {`
			`foreignKey: 'userId',`
			`onDelete: 'cascade'`
			`})`
			`}`

Server: add user list sort/pagination 2016-08-16 22:31:45 +02:00			`function countTotal (callback) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`return this.count().asCallback(callback)`
Server: optimize function to see if there are users or not 2016-08-16 21:51:35 +02:00			`}`

Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`function getByUsername (username) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`const query = {`
			`where: {`
			`username: username`
			`}`
			`}`

			`return this.findOne(query)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`}`

Add migration (for db, folders...) mechanism 2016-09-26 22:36:36 +02:00			`function list (callback) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`return this.find().asCallback(callback)`
Add migration (for db, folders...) mechanism 2016-09-26 22:36:36 +02:00			`}`

Server: add user list sort/pagination 2016-08-16 22:31:45 +02:00			`function listForApi (start, count, sort, callback) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`const query = {`
			`offset: start,`
			`limit: count,`
First typescript iteration 2017-05-15 22:22:03 +02:00			`order: [ getSort(sort) ]`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`

			`return this.findAndCountAll(query).asCallback(function (err, result) {`
			`if (err) return callback(err)`

			`return callback(null, result.rows, result.count)`
			`})`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00			`}`

Server: delete user with the id and not the username 2016-08-09 21:44:45 +02:00			`function loadById (id, callback) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`return this.findById(id).asCallback(callback)`
Server: delete user with the id and not the username 2016-08-09 21:44:45 +02:00			`}`

Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`function loadByUsername (username, callback) {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`const query = {`
			`where: {`
			`username: username`
			`}`
			`}`

			`return this.findOne(query).asCallback(callback)`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`}`
Add email to users 2017-02-18 09:29:59 +01:00
			`function loadByUsernameOrEmail (username, email, callback) {`
			`const query = {`
			`where: {`
			`$or: [ { username }, { email } ]`
			`}`
			`}`

			`return this.findOne(query).asCallback(callback)`
			`}`