src/controllers/write/users.js

'use strict';

const api = require('../../api');
const user = require('../../user');
const plugins = require('../../plugins');
const privileges = require('../../privileges');
const flags = require('../../flags');
const meta = require('../../meta');
const events = require('../../events');
const translator = require('../../translator');
const utils = require('../../utils');

const db = require('../../database');
const helpers = require('../helpers');
const sockets = require('../../socket.io');

const Users = module.exports;

Users.create = async (req, res) => {
	const userObj = await api.users.create(req, req.body);
	helpers.formatApiResponse(200, res, userObj);
};

Users.update = async (req, res) => {
	const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
	helpers.formatApiResponse(200, res, userObj);
};

Users.delete = async (req, res) => {
	await api.users.delete(req, req.params);
	helpers.formatApiResponse(200, res);
};

Users.deleteMany = async (req, res) => {
	await api.users.deleteMany(req, req.body);
	helpers.formatApiResponse(200, res);
};

Users.changePassword = async (req, res) => {
	await api.users.changePassword(req, { ...req.body, uid: req.params.uid });
	helpers.formatApiResponse(200, res);
};

Users.follow = async (req, res) => {
	await api.users.follow(req, req.params);
	helpers.formatApiResponse(200, res);
};

Users.unfollow = async (req, res) => {
	await api.users.unfollow(req, req.params);
	helpers.formatApiResponse(200, res);
};

Users.ban = async (req, res) => {
	if (!await privileges.users.hasBanPrivilege(req.user.uid)) {
		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
	} else if (await user.isAdministrator(req.params.uid)) {
		return helpers.formatApiResponse(403, res, new Error('[[error:cant-ban-other-admins]]'));
	}

	const banData = await user.bans.ban(req.params.uid, req.body.until, req.body.reason);
	await db.setObjectField('uid:' + req.params.uid + ':ban:' + banData.timestamp, 'fromUid', req.user.uid);

	if (!req.body.reason) {
		req.body.reason = await translator.translate('[[user:info.banned-no-reason]]');
	}

	sockets.in('uid_' + req.params.uid).emit('event:banned', {
		until: req.body.until,
		reason: req.body.reason,
	});

	await flags.resolveFlag('user', req.params.uid, req.user.uid);
	await events.log({
		type: 'user-ban',
		uid: req.user.uid,
		targetUid: req.params.uid,
		ip: req.ip,
		reason: req.body.reason || undefined,
	});
	plugins.fireHook('action:user.banned', {
		callerUid: req.user.uid,
		ip: req.ip,
		uid: req.params.uid,
		until: req.body.until > 0 ? req.body.until : undefined,
		reason: req.body.reason || undefined,
	});
	await user.auth.revokeAllSessions(req.params.uid);

	helpers.formatApiResponse(200, res);
};

Users.unban = async (req, res) => {
	if (!await privileges.users.hasBanPrivilege(req.user.uid)) {
		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
	}

	await user.bans.unban(req.params.uid);
	await events.log({
		type: 'user-unban',
		uid: req.user.uid,
		targetUid: req.params.uid,
		ip: req.ip,
	});
	plugins.fireHook('action:user.unbanned', {
		callerUid: req.user.uid,
		ip: req.ip,
		uid: req.params.uid,
	});

	helpers.formatApiResponse(200, res);
};

Users.generateToken = async (req, res) => {
	if (!res.locals.privileges['admin:settings']) {
		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
	} else if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
		return helpers.formatApiResponse(401, res);
	}

	const settings = await meta.settings.get('core.api');
	const newToken = {
		token: utils.generateUUID(),
		uid: req.user.uid,
		description: req.body.description || '',
		timestamp: Date.now(),
	};
	settings.tokens.push(newToken);
	await meta.settings.set('core.api', settings);
	helpers.formatApiResponse(200, res, newToken);
};

Users.deleteToken = async (req, res) => {
	if (!res.locals.privileges['admin:settings']) {
		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
	} else if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
		return helpers.formatApiResponse(401, res);
	}

	const settings = await meta.settings.get('core.api');
	const beforeLen = settings.tokens.length;
	settings.tokens = settings.tokens.filter(tokenObj => tokenObj.token !== req.params.token);
	if (beforeLen !== settings.tokens.length) {
		await meta.settings.set('core.api', settings);
		helpers.formatApiResponse(200, res);
	} else {
		helpers.formatApiResponse(404, res);
	}
};
fix(refactor): patching helpers.tryRoute for API routes, some re-org Thanks @barisusakli for the tip 2020-03-30 13:16:29 -04:00			`'use strict';`

refactor: user create and profile update to use api lib 2020-10-15 15:50:30 -04:00			`const api = require('../../api');`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`const user = require('../../user');`
feat: added POST and DELETE /api/v1/users/:uid/follow routes 2020-03-31 20:54:10 -04:00			`const plugins = require('../../plugins');`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`const privileges = require('../../privileges');`
refactor: user create and profile update to use api lib 2020-10-15 15:50:30 -04:00			`const flags = require('../../flags');`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`const meta = require('../../meta');`
			`const events = require('../../events');`
feat: added PUT/DELETE /api/v1/users/:uid/ban routes 2020-04-01 21:15:32 -04:00			`const translator = require('../../translator');`
feat(writeapi): token generation/delete routes, ACP updates 2020-10-07 14:28:58 -04:00			`const utils = require('../../utils');`
feat: added PUT/DELETE /api/v1/users/:uid/ban routes 2020-04-01 21:15:32 -04:00
			`const db = require('../../database');`
fix(refactor): patching helpers.tryRoute for API routes, some re-org Thanks @barisusakli for the tip 2020-03-30 13:16:29 -04:00			`const helpers = require('../helpers');`
feat: added PUT/DELETE /api/v1/users/:uid/ban routes 2020-04-01 21:15:32 -04:00			`const sockets = require('../../socket.io');`
fix(refactor): patching helpers.tryRoute for API routes, some re-org Thanks @barisusakli for the tip 2020-03-30 13:16:29 -04:00
			`const Users = module.exports;`

			`Users.create = async (req, res) => {`
refactor: user create and profile update to use api lib 2020-10-15 15:50:30 -04:00			`const userObj = await api.users.create(req, req.body);`
			`helpers.formatApiResponse(200, res, userObj);`
fix(refactor): patching helpers.tryRoute for API routes, some re-org Thanks @barisusakli for the tip 2020-03-30 13:16:29 -04:00			`};`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00
			`Users.update = async (req, res) => {`
refactor: user deletion to use api lib 2020-10-15 16:49:06 -04:00			`const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });`
refactor: user create and profile update to use api lib 2020-10-15 15:50:30 -04:00			`helpers.formatApiResponse(200, res, userObj);`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`};`

			`Users.delete = async (req, res) => {`
refactor: user deletion to use api lib 2020-10-15 16:49:06 -04:00			`await api.users.delete(req, req.params);`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Users.deleteMany = async (req, res) => {`
refactor: user deletion to use api lib 2020-10-15 16:49:06 -04:00			`await api.users.deleteMany(req, req.body);`
			`helpers.formatApiResponse(200, res);`
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users 2020-03-31 17:06:13 -04:00			`};`

feat: added PUT /api/v1/users/:uid/password route 2020-03-31 19:26:03 -04:00			`Users.changePassword = async (req, res) => {`
refactor: change password/user follow to use api lib 2020-10-15 17:09:39 -04:00			`await api.users.changePassword(req, { ...req.body, uid: req.params.uid });`
feat: added PUT /api/v1/users/:uid/password route 2020-03-31 19:26:03 -04:00			`helpers.formatApiResponse(200, res);`
			`};`
feat: added POST and DELETE /api/v1/users/:uid/follow routes 2020-03-31 20:54:10 -04:00
			`Users.follow = async (req, res) => {`
refactor: change password/user follow to use api lib 2020-10-15 17:09:39 -04:00			`await api.users.follow(req, req.params);`
feat: added POST and DELETE /api/v1/users/:uid/follow routes 2020-03-31 20:54:10 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Users.unfollow = async (req, res) => {`
refactor: change password/user follow to use api lib 2020-10-15 17:09:39 -04:00			`await api.users.unfollow(req, req.params);`
feat: added POST and DELETE /api/v1/users/:uid/follow routes 2020-03-31 20:54:10 -04:00			`helpers.formatApiResponse(200, res);`
			`};`
feat: added PUT/DELETE /api/v1/users/:uid/ban routes 2020-04-01 21:15:32 -04:00
			`Users.ban = async (req, res) => {`
			`if (!await privileges.users.hasBanPrivilege(req.user.uid)) {`
			`return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));`
			`} else if (await user.isAdministrator(req.params.uid)) {`
			`return helpers.formatApiResponse(403, res, new Error('[[error:cant-ban-other-admins]]'));`
			`}`

			`const banData = await user.bans.ban(req.params.uid, req.body.until, req.body.reason);`
			`await db.setObjectField('uid:' + req.params.uid + ':ban:' + banData.timestamp, 'fromUid', req.user.uid);`

			`if (!req.body.reason) {`
			`req.body.reason = await translator.translate('[[user:info.banned-no-reason]]');`
			`}`

			`sockets.in('uid_' + req.params.uid).emit('event:banned', {`
			`until: req.body.until,`
			`reason: req.body.reason,`
			`});`

refactor: user create and profile update to use api lib 2020-10-15 15:50:30 -04:00			`await flags.resolveFlag('user', req.params.uid, req.user.uid);`
feat: added PUT/DELETE /api/v1/users/:uid/ban routes 2020-04-01 21:15:32 -04:00			`await events.log({`
			`type: 'user-ban',`
			`uid: req.user.uid,`
			`targetUid: req.params.uid,`
			`ip: req.ip,`
			`reason: req.body.reason \|\| undefined,`
			`});`
			`plugins.fireHook('action:user.banned', {`
			`callerUid: req.user.uid,`
			`ip: req.ip,`
			`uid: req.params.uid,`
			`until: req.body.until > 0 ? req.body.until : undefined,`
			`reason: req.body.reason \|\| undefined,`
			`});`
			`await user.auth.revokeAllSessions(req.params.uid);`

			`helpers.formatApiResponse(200, res);`
			`};`

			`Users.unban = async (req, res) => {`
			`if (!await privileges.users.hasBanPrivilege(req.user.uid)) {`
			`return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));`
			`}`

			`await user.bans.unban(req.params.uid);`
			`await events.log({`
			`type: 'user-unban',`
			`uid: req.user.uid,`
			`targetUid: req.params.uid,`
			`ip: req.ip,`
			`});`
			`plugins.fireHook('action:user.unbanned', {`
			`callerUid: req.user.uid,`
			`ip: req.ip,`
			`uid: req.params.uid,`
			`});`

			`helpers.formatApiResponse(200, res);`
			`};`
feat(writeapi): token generation/delete routes, ACP updates 2020-10-07 14:28:58 -04:00
			`Users.generateToken = async (req, res) => {`
			`if (!res.locals.privileges['admin:settings']) {`
			`return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));`
			`} else if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {`
			`return helpers.formatApiResponse(401, res);`
			`}`

			`const settings = await meta.settings.get('core.api');`
			`const newToken = {`
			`token: utils.generateUUID(),`
			`uid: req.user.uid,`
			`description: req.body.description \|\| '',`
			`timestamp: Date.now(),`
			`};`
			`settings.tokens.push(newToken);`
			`await meta.settings.set('core.api', settings);`
			`helpers.formatApiResponse(200, res, newToken);`
			`};`

			`Users.deleteToken = async (req, res) => {`
			`if (!res.locals.privileges['admin:settings']) {`
			`return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));`
			`} else if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {`
			`return helpers.formatApiResponse(401, res);`
			`}`

			`const settings = await meta.settings.get('core.api');`
			`const beforeLen = settings.tokens.length;`
			`settings.tokens = settings.tokens.filter(tokenObj => tokenObj.token !== req.params.token);`
			`if (beforeLen !== settings.tokens.length) {`
			`await meta.settings.set('core.api', settings);`
			`helpers.formatApiResponse(200, res);`
			`} else {`
			`helpers.formatApiResponse(404, res);`
			`}`
			`};`