2024-08-11 22:15:34 +02:00
|
|
|
const { Request, Response, NextFunction } = require('express')
|
2024-08-04 23:13:40 +02:00
|
|
|
const uuidv4 = require('uuid').v4
|
2021-11-22 03:00:40 +01:00
|
|
|
const Logger = require('../Logger')
|
2022-11-24 22:53:58 +01:00
|
|
|
const SocketAuthority = require('../SocketAuthority')
|
2023-07-05 01:14:44 +02:00
|
|
|
const Database = require('../Database')
|
2022-11-24 22:53:58 +01:00
|
|
|
|
2022-03-16 00:57:15 +01:00
|
|
|
const User = require('../objects/user/User')
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2023-07-05 01:14:44 +02:00
|
|
|
const { toNumber } = require('../utils/index')
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2024-08-04 23:13:40 +02:00
|
|
|
/**
|
2024-08-12 00:01:25 +02:00
|
|
|
* @typedef RequestUserObject
|
2024-08-11 23:07:29 +02:00
|
|
|
* @property {import('../models/User')} user
|
2024-08-11 22:15:34 +02:00
|
|
|
*
|
2024-08-12 00:01:25 +02:00
|
|
|
* @typedef {Request & RequestUserObject} RequestWithUser
|
2024-08-11 22:15:34 +02:00
|
|
|
*
|
2024-08-12 00:01:25 +02:00
|
|
|
* @typedef RequestEntityObject
|
|
|
|
* @property {import('../models/User')} reqUser
|
2024-08-04 23:13:40 +02:00
|
|
|
*
|
2024-08-12 00:01:25 +02:00
|
|
|
* @typedef {RequestWithUser & RequestEntityObject} UserControllerRequest
|
2024-08-04 23:13:40 +02:00
|
|
|
*/
|
|
|
|
|
2021-11-22 03:00:40 +01:00
|
|
|
class UserController {
|
2024-08-04 23:13:40 +02:00
|
|
|
constructor() {}
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2024-08-04 23:13:40 +02:00
|
|
|
/**
|
|
|
|
*
|
2024-08-12 00:01:25 +02:00
|
|
|
* @param {RequestWithUser} req
|
2024-08-11 22:15:34 +02:00
|
|
|
* @param {Response} res
|
2024-08-04 23:13:40 +02:00
|
|
|
*/
|
2023-06-29 00:57:46 +02:00
|
|
|
async findAll(req, res) {
|
2024-08-11 23:07:29 +02:00
|
|
|
if (!req.user.isAdminOrUp) return res.sendStatus(403)
|
|
|
|
const hideRootToken = !req.user.isRoot
|
2023-06-29 00:57:46 +02:00
|
|
|
|
2024-08-04 23:13:40 +02:00
|
|
|
const includes = (req.query.include || '').split(',').map((i) => i.trim())
|
2023-06-29 00:57:46 +02:00
|
|
|
|
|
|
|
// Minimal toJSONForBrowser does not include mediaProgress and bookmarks
|
2024-08-10 22:46:04 +02:00
|
|
|
const allUsers = await Database.userModel.findAll()
|
|
|
|
const users = allUsers.map((u) => u.toOldJSONForBrowser(hideRootToken, true))
|
2023-06-29 00:57:46 +02:00
|
|
|
|
|
|
|
if (includes.includes('latestSession')) {
|
|
|
|
for (const user of users) {
|
2023-07-05 01:14:44 +02:00
|
|
|
const userSessions = await Database.getPlaybackSessions({ userId: user.id })
|
2023-06-29 00:57:46 +02:00
|
|
|
user.latestSession = userSessions.sort((a, b) => b.updatedAt - a.updatedAt).shift() || null
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-29 18:43:39 +01:00
|
|
|
res.json({
|
2023-06-29 00:57:46 +02:00
|
|
|
users
|
2022-11-29 18:43:39 +01:00
|
|
|
})
|
2022-03-18 01:10:47 +01:00
|
|
|
}
|
|
|
|
|
2023-08-18 00:26:12 +02:00
|
|
|
/**
|
|
|
|
* GET: /api/users/:id
|
|
|
|
* Get a single user toJSONForBrowser
|
|
|
|
* Media progress items include: `displayTitle`, `displaySubtitle` (for podcasts), `coverPath` and `mediaUpdatedAt`
|
2024-08-04 23:13:40 +02:00
|
|
|
*
|
|
|
|
* @param {UserControllerRequest} req
|
2024-08-11 22:15:34 +02:00
|
|
|
* @param {Response} res
|
2023-08-18 00:26:12 +02:00
|
|
|
*/
|
2023-07-22 22:32:20 +02:00
|
|
|
async findOne(req, res) {
|
2024-08-11 23:07:29 +02:00
|
|
|
if (!req.user.isAdminOrUp) {
|
|
|
|
Logger.error(`Non-admin user "${req.user.username}" attempted to get user`)
|
2022-03-18 01:10:47 +01:00
|
|
|
return res.sendStatus(403)
|
|
|
|
}
|
|
|
|
|
2023-08-18 00:26:12 +02:00
|
|
|
// Get user media progress with associated mediaItem
|
2023-08-20 20:34:03 +02:00
|
|
|
const mediaProgresses = await Database.mediaProgressModel.findAll({
|
2023-08-18 00:26:12 +02:00
|
|
|
where: {
|
|
|
|
userId: req.reqUser.id
|
|
|
|
},
|
|
|
|
include: [
|
|
|
|
{
|
2023-08-20 20:34:03 +02:00
|
|
|
model: Database.bookModel,
|
2023-08-18 00:26:12 +02:00
|
|
|
attributes: ['id', 'title', 'coverPath', 'updatedAt']
|
|
|
|
},
|
|
|
|
{
|
2023-08-20 20:34:03 +02:00
|
|
|
model: Database.podcastEpisodeModel,
|
2023-08-18 00:26:12 +02:00
|
|
|
attributes: ['id', 'title'],
|
|
|
|
include: {
|
2023-08-20 20:34:03 +02:00
|
|
|
model: Database.podcastModel,
|
2023-08-18 00:26:12 +02:00
|
|
|
attributes: ['id', 'title', 'coverPath', 'updatedAt']
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
})
|
|
|
|
|
2024-08-04 23:13:40 +02:00
|
|
|
const oldMediaProgresses = mediaProgresses.map((mp) => {
|
2023-08-18 00:26:12 +02:00
|
|
|
const oldMediaProgress = mp.getOldMediaProgress()
|
|
|
|
oldMediaProgress.displayTitle = mp.mediaItem?.title
|
|
|
|
if (mp.mediaItem?.podcast) {
|
|
|
|
oldMediaProgress.displaySubtitle = mp.mediaItem.podcast?.title
|
|
|
|
oldMediaProgress.coverPath = mp.mediaItem.podcast?.coverPath
|
|
|
|
oldMediaProgress.mediaUpdatedAt = mp.mediaItem.podcast?.updatedAt
|
|
|
|
} else if (mp.mediaItem) {
|
|
|
|
oldMediaProgress.coverPath = mp.mediaItem.coverPath
|
|
|
|
oldMediaProgress.mediaUpdatedAt = mp.mediaItem.updatedAt
|
|
|
|
}
|
|
|
|
return oldMediaProgress
|
|
|
|
})
|
|
|
|
|
2024-08-12 00:01:25 +02:00
|
|
|
const userJson = req.reqUser.toOldJSONForBrowser(!req.user.isRoot)
|
2023-08-18 00:26:12 +02:00
|
|
|
|
|
|
|
userJson.mediaProgress = oldMediaProgresses
|
|
|
|
|
|
|
|
res.json(userJson)
|
2022-03-18 01:10:47 +01:00
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
* POST: /api/users
|
|
|
|
* Create a new user
|
|
|
|
*
|
|
|
|
* @this {import('../routers/ApiRouter')}
|
|
|
|
*
|
|
|
|
* @param {RequestWithUser} req
|
|
|
|
* @param {Response} res
|
|
|
|
*/
|
2021-11-22 03:00:40 +01:00
|
|
|
async create(req, res) {
|
2023-07-22 22:32:20 +02:00
|
|
|
const account = req.body
|
|
|
|
const username = account.username
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2024-08-10 22:46:04 +02:00
|
|
|
const usernameExists = await Database.userModel.checkUserExistsWithUsername(username)
|
2021-11-22 03:00:40 +01:00
|
|
|
if (usernameExists) {
|
2024-08-12 00:01:25 +02:00
|
|
|
return res.status(400).send('Username already taken')
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
|
2023-07-05 01:14:44 +02:00
|
|
|
account.id = uuidv4()
|
2021-11-22 03:00:40 +01:00
|
|
|
account.pash = await this.auth.hashPass(account.password)
|
|
|
|
delete account.password
|
2023-03-24 18:21:25 +01:00
|
|
|
account.token = await this.auth.generateAccessToken(account)
|
2021-11-22 03:00:40 +01:00
|
|
|
account.createdAt = Date.now()
|
2023-07-05 01:14:44 +02:00
|
|
|
const newUser = new User(account)
|
|
|
|
|
2024-08-12 00:01:25 +02:00
|
|
|
// TODO: Create with new User model
|
2023-07-05 01:14:44 +02:00
|
|
|
const success = await Database.createUser(newUser)
|
2021-11-22 03:00:40 +01:00
|
|
|
if (success) {
|
2022-12-22 23:26:11 +01:00
|
|
|
SocketAuthority.adminEmitter('user_added', newUser.toJSONForBrowser())
|
2021-11-22 03:00:40 +01:00
|
|
|
res.json({
|
|
|
|
user: newUser.toJSONForBrowser()
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
return res.status(500).send('Failed to save new user')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-05 00:05:12 +02:00
|
|
|
/**
|
|
|
|
* PATCH: /api/users/:id
|
|
|
|
* Update user
|
2024-08-04 23:13:40 +02:00
|
|
|
*
|
2024-08-12 00:01:25 +02:00
|
|
|
* @this {import('../routers/ApiRouter')}
|
|
|
|
*
|
2024-08-04 23:13:40 +02:00
|
|
|
* @param {UserControllerRequest} req
|
2024-08-11 22:15:34 +02:00
|
|
|
* @param {Response} res
|
2023-10-05 00:05:12 +02:00
|
|
|
*/
|
2021-11-22 03:00:40 +01:00
|
|
|
async update(req, res) {
|
2023-07-22 22:32:20 +02:00
|
|
|
const user = req.reqUser
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2024-08-11 23:07:29 +02:00
|
|
|
if (user.type === 'root' && !req.user.isRoot) {
|
|
|
|
Logger.error(`[UserController] Admin user "${req.user.username}" attempted to update root user`)
|
2022-05-04 02:16:16 +02:00
|
|
|
return res.sendStatus(403)
|
|
|
|
}
|
|
|
|
|
2024-08-12 00:01:25 +02:00
|
|
|
const updatePayload = req.body
|
|
|
|
let shouldUpdateToken = false
|
2021-11-22 03:00:40 +01:00
|
|
|
|
2023-10-05 00:05:12 +02:00
|
|
|
// When changing username create a new API token
|
2024-08-12 00:01:25 +02:00
|
|
|
if (updatePayload.username !== undefined && updatePayload.username !== user.username) {
|
|
|
|
const usernameExists = await Database.userModel.checkUserExistsWithUsername(updatePayload.username)
|
2021-11-22 03:00:40 +01:00
|
|
|
if (usernameExists) {
|
|
|
|
return res.status(500).send('Username already taken')
|
|
|
|
}
|
2022-07-19 00:19:16 +02:00
|
|
|
shouldUpdateToken = true
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Updating password
|
2024-08-12 00:01:25 +02:00
|
|
|
if (updatePayload.password) {
|
|
|
|
updatePayload.pash = await this.auth.hashPass(updatePayload.password)
|
|
|
|
delete updatePayload.password
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
|
2024-08-12 00:01:25 +02:00
|
|
|
// TODO: Update with new User model
|
|
|
|
const oldUser = Database.userModel.getOldUser(user)
|
|
|
|
if (oldUser.update(updatePayload)) {
|
2022-07-19 00:19:16 +02:00
|
|
|
if (shouldUpdateToken) {
|
2024-08-12 00:01:25 +02:00
|
|
|
oldUser.token = await this.auth.generateAccessToken(oldUser)
|
|
|
|
Logger.info(`[UserController] User ${oldUser.username} has generated a new api token`)
|
2022-07-19 00:19:16 +02:00
|
|
|
}
|
2024-08-12 00:01:25 +02:00
|
|
|
await Database.updateUser(oldUser)
|
|
|
|
SocketAuthority.clientEmitter(req.user.id, 'user_updated', oldUser.toJSONForBrowser())
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
res.json({
|
|
|
|
success: true,
|
2024-08-12 00:01:25 +02:00
|
|
|
user: oldUser.toJSONForBrowser()
|
2021-11-22 03:00:40 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
* DELETE: /api/users/:id
|
|
|
|
* Delete a user
|
|
|
|
*
|
|
|
|
* @param {UserControllerRequest} req
|
|
|
|
* @param {Response} res
|
|
|
|
*/
|
2021-11-22 03:00:40 +01:00
|
|
|
async delete(req, res) {
|
|
|
|
if (req.params.id === 'root') {
|
2022-09-26 00:11:39 +02:00
|
|
|
Logger.error('[UserController] Attempt to delete root user. Root user cannot be deleted')
|
2024-08-11 22:15:34 +02:00
|
|
|
return res.sendStatus(400)
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
2024-08-11 23:07:29 +02:00
|
|
|
if (req.user.id === req.params.id) {
|
|
|
|
Logger.error(`[UserController] User ${req.user.username} is attempting to delete self`)
|
2024-08-11 22:15:34 +02:00
|
|
|
return res.sendStatus(400)
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
2022-11-27 21:54:17 +01:00
|
|
|
const user = req.reqUser
|
2021-11-22 03:00:40 +01:00
|
|
|
|
|
|
|
// Todo: check if user is logged in and cancel streams
|
|
|
|
|
2022-11-27 21:54:17 +01:00
|
|
|
// Remove user playlists
|
2023-08-20 20:34:03 +02:00
|
|
|
const userPlaylists = await Database.playlistModel.findAll({
|
2023-08-13 18:22:38 +02:00
|
|
|
where: {
|
|
|
|
userId: user.id
|
|
|
|
}
|
|
|
|
})
|
2022-11-27 21:54:17 +01:00
|
|
|
for (const playlist of userPlaylists) {
|
2023-08-13 18:22:38 +02:00
|
|
|
await playlist.destroy()
|
2022-11-27 21:54:17 +01:00
|
|
|
}
|
|
|
|
|
2024-08-12 00:01:25 +02:00
|
|
|
const userJson = user.toOldJSONForBrowser()
|
|
|
|
await user.destroy()
|
2022-11-27 21:54:17 +01:00
|
|
|
SocketAuthority.adminEmitter('user_removed', userJson)
|
2021-11-22 03:00:40 +01:00
|
|
|
res.json({
|
|
|
|
success: true
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-02-18 22:38:45 +01:00
|
|
|
/**
|
|
|
|
* PATCH: /api/users/:id/openid-unlink
|
2024-08-04 23:13:40 +02:00
|
|
|
*
|
|
|
|
* @param {UserControllerRequest} req
|
2024-08-11 22:15:34 +02:00
|
|
|
* @param {Response} res
|
2024-02-18 22:38:45 +01:00
|
|
|
*/
|
|
|
|
async unlinkFromOpenID(req, res) {
|
|
|
|
Logger.debug(`[UserController] Unlinking user "${req.reqUser.username}" from OpenID with sub "${req.reqUser.authOpenIDSub}"`)
|
2024-08-12 00:01:25 +02:00
|
|
|
|
|
|
|
if (!req.reqUser.authOpenIDSub) {
|
|
|
|
return res.sendStatus(200)
|
2024-02-18 22:38:45 +01:00
|
|
|
}
|
2024-08-12 00:01:25 +02:00
|
|
|
|
|
|
|
req.reqUser.extraData.authOpenIDSub = null
|
|
|
|
req.reqUser.changed('extraData', true)
|
|
|
|
await req.reqUser.save()
|
|
|
|
SocketAuthority.clientEmitter(req.user.id, 'user_updated', req.reqUser.toOldJSONForBrowser())
|
|
|
|
res.sendStatus(200)
|
2024-02-18 22:38:45 +01:00
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
* GET: /api/users/:id/listening-sessions
|
|
|
|
*
|
|
|
|
* @param {UserControllerRequest} req
|
|
|
|
* @param {Response} res
|
|
|
|
*/
|
2021-11-22 03:00:40 +01:00
|
|
|
async getListeningSessions(req, res) {
|
|
|
|
var listeningSessions = await this.getUserListeningSessionsHelper(req.params.id)
|
2022-06-04 17:52:37 +02:00
|
|
|
|
|
|
|
const itemsPerPage = toNumber(req.query.itemsPerPage, 10) || 10
|
|
|
|
const page = toNumber(req.query.page, 0)
|
|
|
|
|
|
|
|
const start = page * itemsPerPage
|
|
|
|
const sessions = listeningSessions.slice(start, start + itemsPerPage)
|
|
|
|
|
|
|
|
const payload = {
|
|
|
|
total: listeningSessions.length,
|
|
|
|
numPages: Math.ceil(listeningSessions.length / itemsPerPage),
|
|
|
|
page,
|
|
|
|
itemsPerPage,
|
|
|
|
sessions
|
|
|
|
}
|
|
|
|
|
|
|
|
res.json(payload)
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
* GET: /api/users/:id/listening-stats
|
|
|
|
*
|
|
|
|
* @this {import('../routers/ApiRouter')}
|
|
|
|
*
|
|
|
|
* @param {UserControllerRequest} req
|
|
|
|
* @param {Response} res
|
|
|
|
*/
|
2021-11-22 03:00:40 +01:00
|
|
|
async getListeningStats(req, res) {
|
2022-09-26 00:11:39 +02:00
|
|
|
var listeningStats = await this.getUserListeningStatsHelpers(req.params.id)
|
|
|
|
res.json(listeningStats)
|
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
* GET: /api/users/online
|
|
|
|
*
|
|
|
|
* @this {import('../routers/ApiRouter')}
|
|
|
|
*
|
|
|
|
* @param {RequestWithUser} req
|
|
|
|
* @param {Response} res
|
|
|
|
*/
|
2022-11-11 00:42:20 +01:00
|
|
|
async getOnlineUsers(req, res) {
|
2024-08-11 23:07:29 +02:00
|
|
|
if (!req.user.isAdminOrUp) {
|
2022-11-13 15:26:32 +01:00
|
|
|
return res.sendStatus(403)
|
2022-11-11 00:42:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
res.json({
|
2022-11-24 22:53:58 +01:00
|
|
|
usersOnline: SocketAuthority.getUsersOnline(),
|
2022-11-11 00:42:20 +01:00
|
|
|
openSessions: this.playbackSessionManager.sessions
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-08-11 22:15:34 +02:00
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @param {RequestWithUser} req
|
|
|
|
* @param {Response} res
|
|
|
|
* @param {NextFunction} next
|
|
|
|
*/
|
2023-07-22 22:32:20 +02:00
|
|
|
async middleware(req, res, next) {
|
2024-08-11 23:07:29 +02:00
|
|
|
if (!req.user.isAdminOrUp && req.user.id !== req.params.id) {
|
2021-11-22 03:00:40 +01:00
|
|
|
return res.sendStatus(403)
|
2024-08-11 23:07:29 +02:00
|
|
|
} else if ((req.method == 'PATCH' || req.method == 'POST' || req.method == 'DELETE') && !req.user.isAdminOrUp) {
|
2022-09-26 00:11:39 +02:00
|
|
|
return res.sendStatus(403)
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
2022-09-26 00:11:39 +02:00
|
|
|
|
|
|
|
if (req.params.id) {
|
2024-08-12 00:01:25 +02:00
|
|
|
req.reqUser = await Database.userModel.getUserById(req.params.id)
|
2022-09-26 00:11:39 +02:00
|
|
|
if (!req.reqUser) {
|
|
|
|
return res.sendStatus(404)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
next()
|
2021-11-22 03:00:40 +01:00
|
|
|
}
|
|
|
|
}
|
2024-08-04 23:13:40 +02:00
|
|
|
module.exports = new UserController()
|