Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-28 01:21:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into admin/users

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-10-13 20:43:48 -04:00
parent a2edb86dfb bfaeb27c11
commit 2d6ea6e505
9 changed files with 265 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

261
public/openapi/write.yaml
View File

@@ -21,262 +21,23 @@ info:
license:
name: GPL-3.0
servers:
- url: /api/v1
- url: /api/v3
tags:
- name: users
description: 'Account related calls (create, modify, delete, etc.)'
- name: categories
description: Administrative calls to manage categories
paths:
'/users/{uid}':
delete:
tags:
- users
summary: delete a single user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to delete
responses:
'200':
description: user account deleted
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
put:
tags:
- users
summary: update a user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
$ref: components/schemas/UserRequest.yaml#/UserRequest
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
$ref: components/schemas/UserObj.yaml#/UserObj
'401':
$ref: components/responses/401.yaml#/401
'403':
$ref: components/responses/403.yaml#/403
'426':
$ref: components/responses/426.yaml#/426
'500':
$ref: components/responses/500.yaml#/500
'/users/{uid}/password':
put:
tags:
- users
summary: change a user's password
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
currentPassword:
type: string
description: test
example: oldp455word
newPassword:
type: string
example: s3cre7password
required:
- newPassword
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/follow':
post:
tags:
- users
summary: follow a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to follow
responses:
'200':
description: successfully followed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unfollows a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unfollow
responses:
'200':
description: successfully unfollowed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/ban':
put:
tags:
- users
summary: ban a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to ban
requestBody:
content:
application/json:
schema:
type: object
properties:
until:
type: number
description: UNIX timestamp of the ban expiry
example: 1585775608076
reason:
type: string
example: the reason for the ban
responses:
'200':
description: successfully banned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unbans a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unban
responses:
'200':
description: successfully unbanned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/tokens':
post:
tags:
- users
summary: generate a user token
description: This route can only be used to generate tokens for the same user. In other words, you cannot use this route to generate a token for a different user than the one you are authenticated as.
responses:
'200':
description: successfully generated a user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: delete user token
parameters:
- in: path
name: token
schema:
type: string
required: true
description: a valid API token
responses:
'200':
description: successfully deleted user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
/users/{uid}:
$ref: 'write/users/uid.yaml'
/users/{uid}/password:
$ref: 'write/users/uid/password.yaml'
/users/{uid}/follow:
$ref: 'write/users/uid/follow.yaml'
/users/{uid}/ban:
$ref: 'write/users/uid/ban.yaml'
/users/{uid}/tokens:
$ref: 'write/users/uid/tokens.yaml'
/categories/:
$ref: 'write/categories.yaml'
/groups/:

60
public/openapi/write/users/uid.yaml Normal file
View File

@@ -0,0 +1,60 @@
delete:
tags:
- users
summary: delete a single user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to delete
responses:
'200':
description: user account deleted
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../components/schemas/Status.yaml#/Status
response:
type: object
put:
tags:
- users
summary: update a user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
$ref: ../../components/schemas/UserRequest.yaml#/UserRequest
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../components/schemas/Status.yaml#/Status
response:
$ref: ../../components/schemas/UserObj.yaml#/UserObj
'401':
$ref: ../../components/responses/401.yaml#/401
'403':
$ref: ../../components/responses/403.yaml#/403
'426':
$ref: ../../components/responses/426.yaml#/426
'500':
$ref: ../../components/responses/500.yaml#/500

59
public/openapi/write/users/uid/ban.yaml Normal file
View File

@@ -0,0 +1,59 @@
put:
tags:
- users
summary: ban a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to ban
requestBody:
content:
application/json:
schema:
type: object
properties:
until:
type: number
description: UNIX timestamp of the ban expiry
example: 1585775608076
reason:
type: string
example: the reason for the ban
responses:
'200':
description: successfully banned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unbans a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unban
responses:
'200':
description: successfully unbanned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

46
public/openapi/write/users/uid/follow.yaml Normal file
View File

@@ -0,0 +1,46 @@
post:
tags:
- users
summary: follow a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to follow
responses:
'200':
description: successfully followed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unfollows a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unfollow
responses:
'200':
description: successfully unfollowed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

39
public/openapi/write/users/uid/password.yaml Normal file
View File

@@ -0,0 +1,39 @@
put:
tags:
- users
summary: change a user's password
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
currentPassword:
type: string
description: test
example: oldp455word
newPassword:
type: string
example: s3cre7password
required:
- newPassword
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

40
public/openapi/write/users/uid/tokens.yaml Normal file
View File

@@ -0,0 +1,40 @@
post:
tags:
- users
summary: generate a user token
description: This route can only be used to generate tokens for the same user. In other words, you cannot use this route to generate a token for a different user than the one you are authenticated as.
responses:
'200':
description: successfully generated a user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: delete user token
parameters:
- in: path
name: token
schema:
type: string
required: true
description: a valid API token
responses:
'200':
description: successfully deleted user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

6
public/src/modules/api.js
View File

@@ -5,7 +5,11 @@ define('api', () => {
const baseUrl = config.relative_path + '/api/v3';
function call(options, onSuccess, onError) {
$.ajax(options)
$.ajax(Object.assign({
headers: {
'x-csrf-token': config.csrf_token,
},
}, options))
.done((res) => {
if (onSuccess) {
onSuccess(res.response);

1
src/middleware/index.js
View File

@@ -48,6 +48,7 @@ middleware.applyCSRF = function (req, res, next) {
next();
}
};
middleware.applyCSRFasync = util.promisify(middleware.applyCSRF);
middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');

4
src/middleware/user.js
View File

@@ -34,6 +34,10 @@ module.exports = function (middleware) {
const loginAsync = util.promisify(req.login).bind(req);
if (req.loggedIn) {
if (res.locals.isAPI) {
await middleware.applyCSRFasync(req, res);
}
return true;
} else if (req.headers.hasOwnProperty('authorization')) {
const user = await passportAuthenticateAsync(req, res);