2020-03-30 13:16:29 -04:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-11-10 14:27:31 -05:00
|
|
|
const util = require('util');
|
2020-11-14 19:56:01 -05:00
|
|
|
const nconf = require('nconf');
|
2020-11-10 14:27:31 -05:00
|
|
|
|
|
|
|
|
const db = require('../../database');
|
2020-10-15 15:50:30 -04:00
|
|
|
const api = require('../../api');
|
2020-11-16 22:47:23 +03:00
|
|
|
const groups = require('../../groups');
|
2020-03-31 17:06:13 -04:00
|
|
|
const meta = require('../../meta');
|
2020-10-29 07:56:28 -04:00
|
|
|
const privileges = require('../../privileges');
|
2020-11-16 22:47:23 +03:00
|
|
|
const user = require('../../user');
|
2020-10-07 14:28:58 -04:00
|
|
|
const utils = require('../../utils');
|
2020-04-01 21:15:32 -04:00
|
|
|
|
2020-03-30 13:16:29 -04:00
|
|
|
const helpers = require('../helpers');
|
|
|
|
|
|
|
|
|
|
const Users = module.exports;
|
|
|
|
|
|
2020-10-29 07:56:28 -04:00
|
|
|
const hasAdminPrivilege = async (uid, privilege) => {
|
|
|
|
|
const ok = await privileges.admin.can(`admin:${privilege}`, uid);
|
|
|
|
|
if (!ok) {
|
|
|
|
|
throw new Error('[[error:no-privileges]]');
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-11-06 10:56:18 -05:00
|
|
|
Users.redirectBySlug = async (req, res) => {
|
|
|
|
|
const uid = await user.getUidByUserslug(req.params.userslug);
|
|
|
|
|
|
|
|
|
|
if (uid) {
|
|
|
|
|
const path = req.path.split('/').slice(3).join('/');
|
2020-11-14 19:56:01 -05:00
|
|
|
res.redirect(308, nconf.get('relative_path') + encodeURI(`/api/v3/users/${uid}/${path}`));
|
2020-11-06 10:56:18 -05:00
|
|
|
} else {
|
|
|
|
|
helpers.formatApiResponse(404, res);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-03-30 13:16:29 -04:00
|
|
|
Users.create = async (req, res) => {
|
2020-10-29 07:56:28 -04:00
|
|
|
await hasAdminPrivilege(req.uid, 'users');
|
2020-10-15 15:50:30 -04:00
|
|
|
const userObj = await api.users.create(req, req.body);
|
|
|
|
|
helpers.formatApiResponse(200, res, userObj);
|
2020-03-30 13:16:29 -04:00
|
|
|
};
|
2020-03-31 17:06:13 -04:00
|
|
|
|
2020-11-06 11:54:46 -05:00
|
|
|
Users.exists = async (req, res) => {
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-26 12:35:37 -04:00
|
|
|
Users.get = async (req, res) => {
|
|
|
|
|
helpers.formatApiResponse(200, res, await user.getUserData(req.params.uid));
|
|
|
|
|
};
|
|
|
|
|
|
2020-03-31 17:06:13 -04:00
|
|
|
Users.update = async (req, res) => {
|
2020-10-15 16:49:06 -04:00
|
|
|
const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
|
2020-10-15 15:50:30 -04:00
|
|
|
helpers.formatApiResponse(200, res, userObj);
|
2020-03-31 17:06:13 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.delete = async (req, res) => {
|
2020-11-17 17:29:50 -05:00
|
|
|
await api.users.delete(req, { ...req.params, password: req.body.password });
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.deleteContent = async (req, res) => {
|
|
|
|
|
await api.users.deleteContent(req, { ...req.params, password: req.body.password });
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.deleteAccount = async (req, res) => {
|
|
|
|
|
await api.users.deleteAccount(req, { ...req.params, password: req.body.password });
|
2020-03-31 17:06:13 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.deleteMany = async (req, res) => {
|
2020-10-29 07:56:28 -04:00
|
|
|
await hasAdminPrivilege(req.uid, 'users');
|
2020-10-15 16:49:06 -04:00
|
|
|
await api.users.deleteMany(req, req.body);
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
2020-10-22 14:07:45 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.updateSettings = async (req, res) => {
|
|
|
|
|
const settings = await api.users.updateSettings(req, { ...req.body, uid: req.params.uid });
|
|
|
|
|
helpers.formatApiResponse(200, res, settings);
|
|
|
|
|
};
|
|
|
|
|
|
2020-03-31 19:26:03 -04:00
|
|
|
Users.changePassword = async (req, res) => {
|
2020-10-15 17:09:39 -04:00
|
|
|
await api.users.changePassword(req, { ...req.body, uid: req.params.uid });
|
2020-03-31 19:26:03 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
2020-03-31 20:54:10 -04:00
|
|
|
|
|
|
|
|
Users.follow = async (req, res) => {
|
2020-10-15 17:09:39 -04:00
|
|
|
await api.users.follow(req, req.params);
|
2020-03-31 20:54:10 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.unfollow = async (req, res) => {
|
2020-10-15 17:09:39 -04:00
|
|
|
await api.users.unfollow(req, req.params);
|
2020-03-31 20:54:10 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
2020-04-01 21:15:32 -04:00
|
|
|
|
|
|
|
|
Users.ban = async (req, res) => {
|
2020-10-15 19:05:31 -04:00
|
|
|
await api.users.ban(req, { ...req.body, uid: req.params.uid });
|
2020-04-01 21:15:32 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.unban = async (req, res) => {
|
2020-10-15 19:05:31 -04:00
|
|
|
await api.users.unban(req, { ...req.body, uid: req.params.uid });
|
2020-04-01 21:15:32 -04:00
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
2020-10-07 14:28:58 -04:00
|
|
|
|
|
|
|
|
Users.generateToken = async (req, res) => {
|
2020-10-29 07:56:28 -04:00
|
|
|
await hasAdminPrivilege(req.uid, 'settings');
|
|
|
|
|
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
|
2020-10-07 14:28:58 -04:00
|
|
|
return helpers.formatApiResponse(401, res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const settings = await meta.settings.get('core.api');
|
2020-10-26 15:09:15 -04:00
|
|
|
settings.tokens = settings.tokens || [];
|
|
|
|
|
|
2020-10-07 14:28:58 -04:00
|
|
|
const newToken = {
|
|
|
|
|
token: utils.generateUUID(),
|
|
|
|
|
uid: req.user.uid,
|
|
|
|
|
description: req.body.description || '',
|
|
|
|
|
timestamp: Date.now(),
|
|
|
|
|
};
|
|
|
|
|
settings.tokens.push(newToken);
|
|
|
|
|
await meta.settings.set('core.api', settings);
|
|
|
|
|
helpers.formatApiResponse(200, res, newToken);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.deleteToken = async (req, res) => {
|
2020-10-29 07:56:28 -04:00
|
|
|
await hasAdminPrivilege(req.uid, 'settings');
|
|
|
|
|
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
|
2020-10-07 14:28:58 -04:00
|
|
|
return helpers.formatApiResponse(401, res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const settings = await meta.settings.get('core.api');
|
|
|
|
|
const beforeLen = settings.tokens.length;
|
|
|
|
|
settings.tokens = settings.tokens.filter(tokenObj => tokenObj.token !== req.params.token);
|
|
|
|
|
if (beforeLen !== settings.tokens.length) {
|
|
|
|
|
await meta.settings.set('core.api', settings);
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
} else {
|
|
|
|
|
helpers.formatApiResponse(404, res);
|
|
|
|
|
}
|
|
|
|
|
};
|
2020-11-10 14:27:31 -05:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
const getSessionAsync = util.promisify((sid, callback) => {
|
2020-11-10 14:27:31 -05:00
|
|
|
db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null));
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
Users.revokeSession = async (req, res) => {
|
|
|
|
|
// Only admins or global mods (besides the user themselves) can revoke sessions
|
|
|
|
|
if (parseInt(req.params.uid, 10) !== req.uid && !await user.isAdminOrGlobalMod(req.uid)) {
|
|
|
|
|
return helpers.formatApiResponse(404, res);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-03 23:59:08 -07:00
|
|
|
const sids = await db.getSortedSetRange(`uid:${req.params.uid}:sessions`, 0, -1);
|
2020-11-10 14:27:31 -05:00
|
|
|
let _id;
|
|
|
|
|
for (const sid of sids) {
|
|
|
|
|
/* eslint-disable no-await-in-loop */
|
|
|
|
|
const sessionObj = await getSessionAsync(sid);
|
|
|
|
|
if (sessionObj && sessionObj.meta && sessionObj.meta.uuid === req.params.uuid) {
|
|
|
|
|
_id = sid;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!_id) {
|
|
|
|
|
throw new Error('[[error:no-session-found]]');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await user.auth.revokeSession(_id, req.params.uid);
|
|
|
|
|
helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
2020-11-16 22:47:23 +03:00
|
|
|
|
|
|
|
|
Users.invite = async (req, res) => {
|
|
|
|
|
const { emails, groupsToJoin = [] } = req.body;
|
|
|
|
|
|
|
|
|
|
if (!emails || !Array.isArray(groupsToJoin)) {
|
|
|
|
|
return helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// For simplicity, this API route is restricted to self-use only. This can change if needed.
|
|
|
|
|
if (parseInt(req.user.uid, 10) !== parseInt(req.params.uid, 10)) {
|
|
|
|
|
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const canInvite = await privileges.users.hasInvitePrivilege(req.uid);
|
|
|
|
|
if (!canInvite) {
|
|
|
|
|
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-06 14:10:15 -07:00
|
|
|
const { registrationType } = meta.config;
|
2020-11-16 22:47:23 +03:00
|
|
|
const isAdmin = await user.isAdministrator(req.uid);
|
|
|
|
|
if (registrationType === 'admin-invite-only' && !isAdmin) {
|
|
|
|
|
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const inviteGroups = await groups.getUserInviteGroups(req.uid);
|
|
|
|
|
const cannotInvite = groupsToJoin.some(group => !inviteGroups.includes(group));
|
|
|
|
|
if (groupsToJoin.length > 0 && cannotInvite) {
|
|
|
|
|
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const max = meta.config.maximumInvites;
|
|
|
|
|
const emailsArr = emails.split(',').map(email => email.trim()).filter(Boolean);
|
|
|
|
|
|
|
|
|
|
for (const email of emailsArr) {
|
|
|
|
|
/* eslint-disable no-await-in-loop */
|
|
|
|
|
let invites = 0;
|
|
|
|
|
if (max) {
|
|
|
|
|
invites = await user.getInvitesNumber(req.uid);
|
|
|
|
|
}
|
|
|
|
|
if (!isAdmin && max && invites >= max) {
|
2021-02-03 23:59:08 -07:00
|
|
|
return helpers.formatApiResponse(403, res, new Error(`[[error:invite-maximum-met, ${invites}, ${max}]]`));
|
2020-11-16 22:47:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await user.sendInvitationEmail(req.uid, email, groupsToJoin);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return helpers.formatApiResponse(200, res);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Users.getInviteGroups = async function (req, res) {
|
|
|
|
|
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
|
|
|
|
|
return helpers.formatApiResponse(401, res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const userInviteGroups = await groups.getUserInviteGroups(req.params.uid);
|
|
|
|
|
return helpers.formatApiResponse(200, res, userInviteGroups);
|
|
|
|
|
};
|