peertube/server/middlewares/validators/users.ts

import * as express from 'express'
import 'express-validator'
import { body, param } from 'express-validator/check'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
  isUserVideoQuotaValid
} from '../../helpers/custom-validators/users'
import { isVideoExist } from '../../helpers/custom-validators/videos'
import { logger } from '../../helpers/logger'
import { isSignupAllowed } from '../../helpers/utils'
import { CONSTRAINTS_FIELDS } from '../../initializers'
import { UserModel } from '../../models/account/user'
import { areValidationErrors } from './utils'

const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRegisterValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').isEmail().withMessage('Should have a valid email'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRegister parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return

    return next()
  }
]

const usersRemoveValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    const user = res.locals.user
    if (user.username === 'root') {
      return res.status(400)
                .send({ error: 'Cannot remove the root user' })
                .end()
    }

    return next()
  }
]

const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersUpdateMeValidator = [
  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    // TODO: Add old password verification
    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const usersUpdateMyAvatarValidator = [
  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
    'This file is not supported. Please, make sure it is of the following type : '
    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
  ),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })

    if (areValidationErrors(req, res)) return

    const imageFile = req.files['avatarfile'][0] as Express.Multer.File
    if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {
      res.status(400)
        .send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
        .end()
      return
    }

    return next()
  }
]

const usersGetValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersGet parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await checkUserIdExist(req.params.id, res)) return

    return next()
  }
]

const usersVideoRatingValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const ensureUserRegistrationAllowed = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = await isSignupAllowed()
    if (allowed === false) {
      return res.status(403)
                .send({ error: 'User registration is not enabled or user limit is reached.' })
                .end()
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  usersAddValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
  usersVideoRatingValidator,
  ensureUserRegistrationAllowed,
  usersGetValidator,
  usersUpdateMyAvatarValidator
}

// ---------------------------------------------------------------------------

async function checkUserIdExist (id: number, res: express.Response) {
  const user = await UserModel.loadById(id)

  if (!user) {
    res.status(404)
              .send({ error: 'User not found' })
              .end()

    return false
  }

  res.locals.user = user
  return true
}

async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)

  if (user) {
    res.status(409)
              .send({ error: 'User with this username of email already exists.' })
              .end()
    return false
  }

  return true
}
Type functions 2017-06-10 16:15:25 -04:00			`import * as express from 'express'`
Refractor validators 2017-11-27 11:30:46 -05:00			`import 'express-validator'`
			`import { body, param } from 'express-validator/check'`
Move models to typescript-sequelize 2017-12-12 11:53:50 -05:00			`import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`import {`
Add ability to disable video comments 2018-01-03 04:12:36 -05:00			`isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,`
Move models to typescript-sequelize 2017-12-12 11:53:50 -05:00			`isUserVideoQuotaValid`
			`} from '../../helpers/custom-validators/users'`
Add ability to disable video comments 2018-01-03 04:12:36 -05:00			`import { isVideoExist } from '../../helpers/custom-validators/videos'`
Propagate old comment on new follow 2017-12-28 05:16:08 -05:00			`import { logger } from '../../helpers/logger'`
			`import { isSignupAllowed } from '../../helpers/utils'`
Begin to add avatar to actors 2017-12-29 13:10:13 -05:00			`import { CONSTRAINTS_FIELDS } from '../../initializers'`
Move models to typescript-sequelize 2017-12-12 11:53:50 -05:00			`import { UserModel } from '../../models/account/user'`
Refractor validators 2017-11-27 11:30:46 -05:00			`import { areValidationErrors } from './utils'`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersAddValidator = [`
Usernames are case insensitive now 2017-11-04 13:32:38 -04:00			`body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').isEmail().withMessage('Should have a valid email'),`
			`body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),`
Support roles with rights and add moderator role 2017-10-27 10:55:03 -04:00			`body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`logger.debug('Checking usersAdd parameters', { parameters: req.body })`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 07:26:25 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersRegisterValidator = [`
			`body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),`
			`body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').isEmail().withMessage('Should have a valid email'),`
Fix tests and user quota 2017-09-06 10:35:40 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`logger.debug('Checking usersRegister parameters', { parameters: req.body })`
Fix tests and user quota 2017-09-06 10:35:40 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersRemoveValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`logger.debug('Checking usersRemove parameters', { parameters: req.params })`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`const user = res.locals.user`
			`if (user.username === 'root') {`
			`return res.status(400)`
			`.send({ error: 'Cannot remove the root user' })`
			`.end()`
			`}`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Add user update for admins 2017-09-05 15:29:39 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersUpdateValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
			`body('email').optional().isEmail().withMessage('Should have a valid email attribute'),`
			`body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),`
Support roles with rights and add moderator role 2017-10-27 10:55:03 -04:00			`body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),`
Add user update for admins 2017-09-05 15:29:39 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`logger.debug('Checking usersUpdate parameters', { parameters: req.body })`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersUpdateMeValidator = [`
			`body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),`
			`body('email').optional().isEmail().withMessage('Should have a valid email attribute'),`
			`body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),`
Enh #106 : Add an autoPlayVideo user attribute (#159) Warning : I was not able to run the tests on my machine. It uses a different approach to handle databse connexion and didn't find where to configure it... - create a migration file to add a boolean column in user table - add autoPlayVideo attribute everywhere it is needed (both on client and server side) - add tests - add a way to configure this attribute in account-settings - use the attribute in video-watch component to actually autoplay or not the video 2017-12-19 04:45:49 -05:00			`body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),`
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`// TODO: Add old password verification`
			`logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })`
Add user update for admins 2017-09-05 15:29:39 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Add user update for admins 2017-09-05 15:29:39 -04:00
Begin to add avatar to actors 2017-12-29 13:10:13 -05:00			`const usersUpdateMyAvatarValidator = [`
			`body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(`
			`'This file is not supported. Please, make sure it is of the following type : '`
Add avatar max size limit 2018-01-03 05:10:40 -05:00			`+ CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')`
Begin to add avatar to actors 2017-12-29 13:10:13 -05:00			`),`

			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
Automatically resize avatars 2018-01-03 05:36:03 -05:00			`logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })`
Begin to add avatar to actors 2017-12-29 13:10:13 -05:00
			`if (areValidationErrors(req, res)) return`

Add avatar max size limit 2018-01-03 05:10:40 -05:00			`const imageFile = req.files['avatarfile'][0] as Express.Multer.File`
			`if (imageFile.size > CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max) {`
			`res.status(400)`
			.send({ error: `The size of the avatar is too big (>${CONSTRAINTS_FIELDS.ACTORS.AVATAR.FILE_SIZE.max}).` })
			`.end()`
			`return`
			`}`

Begin to add avatar to actors 2017-12-29 13:10:13 -05:00			`return next()`
			`}`
			`]`

Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersGetValidator = [`
			`param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),`
Add like/dislike system for videos 2017-03-08 15:35:43 -05:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking usersGet parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
			`if (!await checkUserIdExist(req.params.id, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Add like/dislike system for videos 2017-03-08 15:35:43 -05:00
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`const usersVideoRatingValidator = [`
Add video channels 2017-10-24 13:41:09 -04:00			`param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),`
Use global uuid instead of remoteId for videos 2017-07-11 10:01:56 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`logger.debug('Checking usersVideoRating parameters', { parameters: req.params })`
Use global uuid instead of remoteId for videos 2017-07-11 10:01:56 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`if (areValidationErrors(req, res)) return`
			`if (!await isVideoExist(req.params.videoId, res)) return`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`

			`const ensureUserRegistrationAllowed = [`
Refractor validators 2017-11-27 11:30:46 -05:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`const allowed = await isSignupAllowed()`
			`if (allowed === false) {`
			`return res.status(403)`
			`.send({ error: 'User registration is not enabled or user limit is reached.' })`
			`.end()`
			`}`

			`return next()`
Upgrade express validator to v4 2017-09-15 06:17:08 -04:00			`}`
			`]`
Add ability to limit user registrations 2017-07-25 14:17:28 -04:00
Implement user API (create, update, remove, list) 2016-08-04 16:32:36 -04:00			`// ---------------------------------------------------------------------------`

First typescript iteration 2017-05-15 16:22:03 -04:00			`export {`
			`usersAddValidator,`
Fix tests and user quota 2017-09-06 10:35:40 -04:00			`usersRegisterValidator,`
First typescript iteration 2017-05-15 16:22:03 -04:00			`usersRemoveValidator,`
			`usersUpdateValidator,`
Add user update for admins 2017-09-05 15:29:39 -04:00			`usersUpdateMeValidator,`
Add ability to limit user registrations 2017-07-25 14:17:28 -04:00			`usersVideoRatingValidator,`
Add user update for admins 2017-09-05 15:29:39 -04:00			`ensureUserRegistrationAllowed,`
Begin to add avatar to actors 2017-12-29 13:10:13 -05:00			`usersGetValidator,`
			`usersUpdateMyAvatarValidator`
Add user update for admins 2017-09-05 15:29:39 -04:00			`}`

			`// ---------------------------------------------------------------------------`

Refractor validators 2017-11-27 11:30:46 -05:00			`async function checkUserIdExist (id: number, res: express.Response) {`
Move models to typescript-sequelize 2017-12-12 11:53:50 -05:00			`const user = await UserModel.loadById(id)`
Refractor validators 2017-11-27 11:30:46 -05:00
			`if (!user) {`
			`res.status(404)`
			`.send({ error: 'User not found' })`
			`.end()`

			`return false`
			`}`

			`res.locals.user = user`
			`return true`
First typescript iteration 2017-05-15 16:22:03 -04:00			`}`
Fix tests and user quota 2017-09-06 10:35:40 -04:00
Refractor validators 2017-11-27 11:30:46 -05:00			`async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {`
Move models to typescript-sequelize 2017-12-12 11:53:50 -05:00			`const user = await UserModel.loadByUsernameOrEmail(username, email)`
Refractor validators 2017-11-27 11:30:46 -05:00
			`if (user) {`
			`res.status(409)`
			`.send({ error: 'User with this username of email already exists.' })`
			`.end()`
			`return false`
			`}`

			`return true`
Fix tests and user quota 2017-09-06 10:35:40 -04:00			`}`