1 import 'express-validator'
2 import * as express from 'express'
3 import * as Promise from 'bluebird'
4 import * as validator from 'validator'
6 import { database as db } from '../../initializers/database'
7 import { checkErrors } from './utils'
8 import { isSignupAllowed, logger } from '../../helpers'
9 import { UserInstance, VideoInstance } from '../../models'
11 function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
12 req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
13 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
14 req.checkBody('email', 'Should have a valid email').isEmail()
15 req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid()
17 logger.debug('Checking usersAdd parameters', { parameters: req.body })
19 checkErrors(req, res, () => {
20 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
24 function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
25 req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
26 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
27 req.checkBody('email', 'Should have a valid email').isEmail()
29 logger.debug('Checking usersRegister parameters', { parameters: req.body })
31 checkErrors(req, res, () => {
32 checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
36 function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
37 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
39 logger.debug('Checking usersRemove parameters', { parameters: req.params })
41 checkErrors(req, res, () => {
42 checkUserExists(req.params.id, res, (err, user) => {
44 logger.error('Error in usersRemoveValidator.', err)
45 return res.sendStatus(500)
48 if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
55 function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
56 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
57 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
58 req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
60 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
62 checkErrors(req, res, () => {
63 checkUserExists(req.params.id, res, next)
67 function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
68 // Add old password verification
69 req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
70 req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
71 req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
73 logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
75 checkErrors(req, res, next)
78 function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
79 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
81 checkErrors(req, res, () => {
82 checkUserExists(req.params.id, res, next)
86 function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
87 req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
89 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
91 checkErrors(req, res, () => {
92 let videoPromise: Promise<VideoInstance>
94 if (validator.isUUID(req.params.videoId)) {
95 videoPromise = db.Video.loadByUUID(req.params.videoId)
97 videoPromise = db.Video.load(req.params.videoId)
102 if (!video) return res.status(404).send('Video not found')
107 logger.error('Error in user request validator.', err)
108 return res.sendStatus(500)
113 function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
114 isSignupAllowed().then(allowed => {
115 if (allowed === false) {
116 return res.status(403).send('User registration is not enabled or user limit is reached.')
123 // ---------------------------------------------------------------------------
127 usersRegisterValidator,
128 usersRemoveValidator,
129 usersUpdateValidator,
130 usersUpdateMeValidator,
131 usersVideoRatingValidator,
132 ensureUserRegistrationAllowed,
136 // ---------------------------------------------------------------------------
138 function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
141 if (!user) return res.status(404).send('User not found')
143 res.locals.user = user
147 logger.error('Error in user request validator.', err)
148 return res.sendStatus(500)
152 function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
153 db.User.loadByUsernameOrEmail(username, email)
155 if (user) return res.status(409).send('User already exists.')
160 logger.error('Error in usersAdd request validator.', err)
161 return res.sendStatus(500)