peertube/server/controllers/api/users.js

'use strict'

const express = require('express')
const waterfall = require('async/waterfall')

const constants = require('../../initializers/constants')
const db = require('../../initializers/database')
const logger = require('../../helpers/logger')
const utils = require('../../helpers/utils')
const middlewares = require('../../middlewares')
const admin = middlewares.admin
const oAuth = middlewares.oauth
const pagination = middlewares.pagination
const sort = middlewares.sort
const validatorsPagination = middlewares.validators.pagination
const validatorsSort = middlewares.validators.sort
const validatorsUsers = middlewares.validators.users

const router = express.Router()

router.get('/me',
  oAuth.authenticate,
  getUserInformation
)

router.get('/me/videos/:videoId/rating',
  oAuth.authenticate,
  validatorsUsers.usersVideoRating,
  getUserVideoRating
)

router.get('/',
  validatorsPagination.pagination,
  validatorsSort.usersSort,
  sort.setUsersSort,
  pagination.setPagination,
  listUsers
)

router.post('/',
  oAuth.authenticate,
  admin.ensureIsAdmin,
  validatorsUsers.usersAdd,
  createUser
)

router.post('/register',
  ensureRegistrationEnabled,
  validatorsUsers.usersAdd,
  createUser
)

router.put('/:id',
  oAuth.authenticate,
  validatorsUsers.usersUpdate,
  updateUser
)

router.delete('/:id',
  oAuth.authenticate,
  admin.ensureIsAdmin,
  validatorsUsers.usersRemove,
  removeUser
)

router.post('/token', oAuth.token, success)
// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route

// ---------------------------------------------------------------------------

module.exports = router

// ---------------------------------------------------------------------------

function ensureRegistrationEnabled (req, res, next) {
  const registrationEnabled = constants.CONFIG.SIGNUP.ENABLED

  if (registrationEnabled === true) {
    return next()
  }

  return res.status(400).send('User registration is not enabled.')
}

function createUser (req, res, next) {
  const user = db.User.build({
    username: req.body.username,
    password: req.body.password,
    email: req.body.email,
    displayNSFW: false,
    role: constants.USER_ROLES.USER
  })

  user.save().asCallback(function (err, createdUser) {
    if (err) return next(err)

    return res.type('json').status(204).end()
  })
}

function getUserInformation (req, res, next) {
  db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
    if (err) return next(err)

    return res.json(user.toFormatedJSON())
  })
}

function getUserVideoRating (req, res, next) {
  const videoId = req.params.videoId
  const userId = res.locals.oauth.token.User.id

  db.UserVideoRate.load(userId, videoId, function (err, ratingObj) {
    if (err) return next(err)

    const rating = ratingObj ? ratingObj.type : 'none'

    res.json({
      videoId,
      rating
    })
  })
}

function listUsers (req, res, next) {
  db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
    if (err) return next(err)

    res.json(utils.getFormatedObjects(usersList, usersTotal))
  })
}

function removeUser (req, res, next) {
  waterfall([
    function loadUser (callback) {
      db.User.loadById(req.params.id, callback)
    },

    function deleteUser (user, callback) {
      user.destroy().asCallback(callback)
    }
  ], function andFinally (err) {
    if (err) {
      logger.error('Errors when removed the user.', { error: err })
      return next(err)
    }

    return res.sendStatus(204)
  })
}

function updateUser (req, res, next) {
  db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
    if (err) return next(err)

    if (req.body.password) user.password = req.body.password
    if (req.body.displayNSFW !== undefined) user.displayNSFW = req.body.displayNSFW

    user.save().asCallback(function (err) {
      if (err) return next(err)

      return res.sendStatus(204)
    })
  })
}

function success (req, res, next) {
  res.end()
}
OAuth server: first draft 2016-03-21 10:56:33 +00:00			`'use strict'`

Add authentications for routes that need it and adapts the tests 2016-04-14 20:06:11 +00:00			`const express = require('express')`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`const waterfall = require('async/waterfall')`
reqValidators --> validators 2016-07-01 14:16:40 +00:00
Server: remove v1 directory, we don't really need it 2016-10-21 10:16:28 +00:00			`const constants = require('../../initializers/constants')`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`const db = require('../../initializers/database')`
Server: remove v1 directory, we don't really need it 2016-10-21 10:16:28 +00:00			`const logger = require('../../helpers/logger')`
Server: add video abuse support 2017-01-04 19:59:23 +00:00			`const utils = require('../../helpers/utils')`
Server: remove v1 directory, we don't really need it 2016-10-21 10:16:28 +00:00			`const middlewares = require('../../middlewares')`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`const admin = middlewares.admin`
			`const oAuth = middlewares.oauth`
Server: add user list sort/pagination 2016-08-16 20:31:45 +00:00			`const pagination = middlewares.pagination`
			`const sort = middlewares.sort`
			`const validatorsPagination = middlewares.validators.pagination`
			`const validatorsSort = middlewares.validators.sort`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`const validatorsUsers = middlewares.validators.users`
OAuth server: first draft 2016-03-21 10:56:33 +00:00
			`const router = express.Router()`

Add like/dislike system for videos 2017-03-08 20:35:43 +00:00			`router.get('/me',`
			`oAuth.authenticate,`
			`getUserInformation`
			`)`

			`router.get('/me/videos/:videoId/rating',`
			`oAuth.authenticate,`
			`validatorsUsers.usersVideoRating,`
			`getUserVideoRating`
			`)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00
Server: add user list sort/pagination 2016-08-16 20:31:45 +00:00			`router.get('/',`
			`validatorsPagination.pagination,`
			`validatorsSort.usersSort,`
			`sort.setUsersSort,`
			`pagination.setPagination,`
			`listUsers`
			`)`

Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`router.post('/',`
			`oAuth.authenticate,`
			`admin.ensureIsAdmin,`
			`validatorsUsers.usersAdd,`
			`createUser`
			`)`

Server: add ability to register new user 2017-04-09 10:08:36 +00:00			`router.post('/register',`
			`ensureRegistrationEnabled,`
			`validatorsUsers.usersAdd,`
			`createUser`
			`)`

Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`router.put('/:id',`
			`oAuth.authenticate,`
			`validatorsUsers.usersUpdate,`
			`updateUser`
			`)`

Server: delete user with the id and not the username 2016-08-09 19:44:45 +00:00			`router.delete('/:id',`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`oAuth.authenticate,`
			`admin.ensureIsAdmin,`
			`validatorsUsers.usersRemove,`
			`removeUser`
			`)`
Server: move clients in its own file 2016-08-05 14:09:39 +00:00
OAuth/User models refractoring -> use mongoose api 2016-07-01 14:03:53 +00:00			`router.post('/token', oAuth.token, success)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route`
OAuth server: first draft 2016-03-21 10:56:33 +00:00
			`// ---------------------------------------------------------------------------`

			`module.exports = router`

			`// ---------------------------------------------------------------------------`

Server: add ability to register new user 2017-04-09 10:08:36 +00:00			`function ensureRegistrationEnabled (req, res, next) {`
			`const registrationEnabled = constants.CONFIG.SIGNUP.ENABLED`

			`if (registrationEnabled === true) {`
			`return next()`
			`}`

			`return res.status(400).send('User registration is not enabled.')`
			`}`

Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`function createUser (req, res, next) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`const user = db.User.build({`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`username: req.body.username,`
			`password: req.body.password,`
Add email to users 2017-02-18 08:29:59 +00:00			`email: req.body.email,`
Server: Add NSFW in user profile 2017-04-03 19:24:36 +00:00			`displayNSFW: false,`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`role: constants.USER_ROLES.USER`
			`})`

First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`user.save().asCallback(function (err, createdUser) {`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`if (err) return next(err)`

			`return res.type('json').status(204).end()`
			`})`
			`}`

Server: allow user to get its informations (/users/me) 2016-08-05 15:19:08 +00:00			`function getUserInformation (req, res, next) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {`
Server: allow user to get its informations (/users/me) 2016-08-05 15:19:08 +00:00			`if (err) return next(err)`

			`return res.json(user.toFormatedJSON())`
			`})`
			`}`

Add like/dislike system for videos 2017-03-08 20:35:43 +00:00			`function getUserVideoRating (req, res, next) {`
			`const videoId = req.params.videoId`
			`const userId = res.locals.oauth.token.User.id`

			`db.UserVideoRate.load(userId, videoId, function (err, ratingObj) {`
			`if (err) return next(err)`

			`const rating = ratingObj ? ratingObj.type : 'none'`

			`res.json({`
			`videoId,`
			`rating`
			`})`
			`})`
			`}`

Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`function listUsers (req, res, next) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`if (err) return next(err)`

Server: add video abuse support 2017-01-04 19:59:23 +00:00			`res.json(utils.getFormatedObjects(usersList, usersTotal))`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`})`
			`}`

			`function removeUser (req, res, next) {`
			`waterfall([`
Server: use video hook to send information to other pods when a video is deleted 2016-12-29 10:17:11 +00:00			`function loadUser (callback) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`db.User.loadById(req.params.id, callback)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`},`

Server: use video hook to send information to other pods when a video is deleted 2016-12-29 10:17:11 +00:00			`function deleteUser (user, callback) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`user.destroy().asCallback(callback)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`}`
			`], function andFinally (err) {`
			`if (err) {`
			`logger.error('Errors when removed the user.', { error: err })`
			`return next(err)`
			`}`

Server: fix status code when updating/removing a user 2016-08-05 16:08:55 +00:00			`return res.sendStatus(204)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`})`
			`}`

			`function updateUser (req, res, next) {`
First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`if (err) return next(err)`

Server: Add NSFW in user profile 2017-04-03 19:24:36 +00:00			`if (req.body.password) user.password = req.body.password`
			`if (req.body.displayNSFW !== undefined) user.displayNSFW = req.body.displayNSFW`

First version with PostgreSQL 2016-12-11 20:50:51 +00:00			`user.save().asCallback(function (err) {`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`if (err) return next(err)`

Server: fix status code when updating/removing a user 2016-08-05 16:08:55 +00:00			`return res.sendStatus(204)`
Implement user API (create, update, remove, list) 2016-08-04 20:32:36 +00:00			`})`
			`})`
			`}`

OAuth server: first draft 2016-03-21 10:56:33 +00:00			`function success (req, res, next) {`
			`res.end()`
			`}`