PeerTube/server/middlewares/validators/users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isSignupAllowed, logger } from '../../helpers'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isUserDisplayNSFWValid,
  isUserAutoPlayVideoValid,
  isUserPasswordValid,
  isUserRoleValid,
  isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Type functions 2017-06-10 22:15:25 +02:00			`import * as express from 'express'`
Refractor validators 2017-11-27 17:30:46 +01:00			`import 'express-validator'`
			`import { body, param } from 'express-validator/check'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`import { isSignupAllowed, logger } from '../../helpers'`
			`import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`import {`
Refractor validators 2017-11-27 17:30:46 +01:00			`isUserDisplayNSFWValid,`
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video 2017-12-19 10:45:49 +01:00			`isUserAutoPlayVideoValid,`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`isUserPasswordValid,`
Refractor validators 2017-11-27 17:30:46 +01:00			`isUserRoleValid,`
			`isUserUsernameValid,`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`isUserVideoQuotaValid`
			`} from '../../helpers/custom-validators/users'`
Refractor validators 2017-11-27 17:30:46 +01:00			`import { isVideoExist } from '../../helpers/custom-validators/videos'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`import { UserModel } from '../../models/account/user'`
Refractor validators 2017-11-27 17:30:46 +01:00			`import { areValidationErrors } from './utils'`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersAddValidator = [`
Usernames are case insensitive now 2017-11-04 18:32:38 +01:00			`body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').isEmail().withMessage('Should have a valid email'),`
			`body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`logger.debug('Checking usersAdd parameters', { parameters: req.body })`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersRegisterValidator = [`
			`body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),`
			`body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').isEmail().withMessage('Should have a valid email'),`
Fix tests and user quota 2017-09-06 16:35:40 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`logger.debug('Checking usersRegister parameters', { parameters: req.body })`
Fix tests and user quota 2017-09-06 16:35:40 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersRemoveValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`logger.debug('Checking usersRemove parameters', { parameters: req.params })`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`const user = res.locals.user`
			`if (user.username === 'root') {`
			`return res.status(400)`
			`.send({ error: 'Cannot remove the root user' })`
			`.end()`
			`}`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Add user update for admins 2017-09-05 21:29:39 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersUpdateValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
			`body('email').optional().isEmail().withMessage('Should have a valid email attribute'),`
			`body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),`
Add user update for admins 2017-09-05 21:29:39 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`logger.debug('Checking usersUpdate parameters', { parameters: req.body })`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersUpdateMeValidator = [`
			`body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').optional().isEmail().withMessage('Should have a valid email attribute'),`
			`body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),`
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video 2017-12-19 10:45:49 +01:00			`body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),`
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`// TODO: Add old password verification`
			`logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })`
Add user update for admins 2017-09-05 21:29:39 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Add user update for admins 2017-09-05 21:29:39 +02:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersGetValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
Add like/dislike system for videos 2017-03-08 21:35:43 +01:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking usersGet parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Add like/dislike system for videos 2017-03-08 21:35:43 +01:00
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`const usersVideoRatingValidator = [`
Add video channels 2017-10-24 19:41:09 +02:00			`param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),`
Use global uuid instead of remoteId for videos 2017-07-11 16:01:56 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`logger.debug('Checking usersVideoRating parameters', { parameters: req.params })`
Use global uuid instead of remoteId for videos 2017-07-11 16:01:56 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`if (areValidationErrors(req, res)) return`
			`if (!await isVideoExist(req.params.videoId, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`

			`const ensureUserRegistrationAllowed = [`
Refractor validators 2017-11-27 17:30:46 +01:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`const allowed = await isSignupAllowed()`
			`if (allowed === false) {`
			`return res.status(403)`
			`.send({ error: 'User registration is not enabled or user limit is reached.' })`
			`.end()`
			`}`

			`return next()`
Upgrade express validator to v4 2017-09-15 12:17:08 +02:00			`}`
			`]`
Add ability to limit user registrations 2017-07-25 20:17:28 +02:00
Implement user API (create, update, remove, list) 2016-08-04 22:32:36 +02:00			`// ---------------------------------------------------------------------------`

First typescript iteration 2017-05-15 22:22:03 +02:00			`export {`
			`usersAddValidator,`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`usersRegisterValidator,`
First typescript iteration 2017-05-15 22:22:03 +02:00			`usersRemoveValidator,`
			`usersUpdateValidator,`
Add user update for admins 2017-09-05 21:29:39 +02:00			`usersUpdateMeValidator,`
Add ability to limit user registrations 2017-07-25 20:17:28 +02:00			`usersVideoRatingValidator,`
Add user update for admins 2017-09-05 21:29:39 +02:00			`ensureUserRegistrationAllowed,`
			`usersGetValidator`
			`}`

			`// ---------------------------------------------------------------------------`

Refractor validators 2017-11-27 17:30:46 +01:00			`async function checkUserIdExist (id: number, res: express.Response) {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const user = await UserModel.loadById(id)`
Refractor validators 2017-11-27 17:30:46 +01:00
			`if (!user) {`
			`res.status(404)`
			`.send({ error: 'User not found' })`
			`.end()`

			`return false`
			`}`

			`res.locals.user = user`
			`return true`
First typescript iteration 2017-05-15 22:22:03 +02:00			`}`
Fix tests and user quota 2017-09-06 16:35:40 +02:00
Refractor validators 2017-11-27 17:30:46 +01:00			`async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const user = await UserModel.loadByUsernameOrEmail(username, email)`
Refractor validators 2017-11-27 17:30:46 +01:00
			`if (user) {`
			`res.status(409)`
			`.send({ error: 'User with this username of email already exists.' })`
			`.end()`
			`return false`
			`}`

			`return true`
Fix tests and user quota 2017-09-06 16:35:40 +02:00			`}`