mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-21 08:36:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update:Create & update API endpoints to create with new data model

Browse source
This commit is contained in:
advplyr 2024-08-17 17:18:40 -05:00
parent 1b914d5d4f
commit 5308fd8b46
6 changed files with 184 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

196
server/controllers/UserController.js
View file

@ -116,27 +116,79 @@ class UserController {
* @param {Response} res
*/
async create(req, res) {
const account = req.body
const username = account.username
if (!req.body.username || !req.body.password || typeof req.body.username !== 'string' || typeof req.body.password !== 'string') {
return res.status(400).send('Username and password are required')
}
if (req.body.type && !Database.userModel.accountTypes.includes(req.body.type)) {
return res.status(400).send('Invalid account type')
}
const usernameExists = await Database.userModel.checkUserExistsWithUsername(username)
const usernameExists = await Database.userModel.checkUserExistsWithUsername(req.body.username)
if (usernameExists) {
return res.status(400).send('Username already taken')
}
account.id = uuidv4()
account.pash = await this.auth.hashPass(account.password)
delete account.password
account.token = await this.auth.generateAccessToken(account)
account.createdAt = Date.now()
const newUser = new User(account)
const userId = uuidv4()
const pash = await this.auth.hashPass(req.body.password)
const token = await this.auth.generateAccessToken({ id: userId, username: req.body.username })
const userType = req.body.type || 'user'
// TODO: Create with new User model
const success = await Database.createUser(newUser)
if (success) {
SocketAuthority.adminEmitter('user_added', newUser.toJSONForBrowser())
// librariesAccessible and itemTagsSelected can be on req.body or req.body.permissions
// Old model stored them outside of permissions, new model stores them inside permissions
let reqLibrariesAccessible = req.body.librariesAccessible || req.body.permissions?.librariesAccessible
if (reqLibrariesAccessible && (!Array.isArray(reqLibrariesAccessible) || reqLibrariesAccessible.some((libId) => typeof libId !== 'string'))) {
Logger.warn(`[UserController] create: Invalid librariesAccessible value: ${reqLibrariesAccessible}`)
reqLibrariesAccessible = null
}
let reqItemTagsSelected = req.body.itemTagsSelected || req.body.permissions?.itemTagsSelected
if (reqItemTagsSelected && (!Array.isArray(reqItemTagsSelected) || reqItemTagsSelected.some((tagId) => typeof tagId !== 'string'))) {
Logger.warn(`[UserController] create: Invalid itemTagsSelected value: ${reqItemTagsSelected}`)
reqItemTagsSelected = null
}
if (req.body.permissions?.itemTagsSelected || req.body.permissions?.librariesAccessible) {
delete req.body.permissions.itemTagsSelected
delete req.body.permissions.librariesAccessible
}
// Map permissions
const permissions = Database.userModel.getDefaultPermissionsForUserType(userType)
if (req.body.permissions && typeof req.body.permissions === 'object') {
for (const key in req.body.permissions) {
if (permissions[key] !== undefined) {
if (typeof req.body.permissions[key] !== 'boolean') {
Logger.warn(`[UserController] create: Invalid permission value for key ${key}. Should be boolean`)
} else {
permissions[key] = req.body.permissions[key]
}
} else {
Logger.warn(`[UserController] create: Invalid permission key: ${key}`)
}
}
}
permissions.itemTagsSelected = reqItemTagsSelected || []
permissions.librariesAccessible = reqLibrariesAccessible || []
const newUser = {
id: userId,
type: userType,
username: req.body.username,
email: typeof req.body.email === 'string' ? req.body.email : null,
pash,
token,
isActive: !!req.body.isActive,
permissions,
bookmarks: [],
extraData: {
seriesHideFromContinueListening: []
}
}
const user = await Database.userModel.create(newUser)
if (user) {
SocketAuthority.adminEmitter('user_added', user.toOldJSONForBrowser())
res.json({
user: newUser.toJSONForBrowser()
user: user.toOldJSONForBrowser()
})
} else {
return res.status(500).send('Failed to save new user')
@ -161,37 +213,125 @@ class UserController {
}
const updatePayload = req.body
let shouldUpdateToken = false
// Validate payload
const keysThatCannotBeUpdated = ['id', 'pash', 'token', 'extraData', 'bookmarks']
for (const key of keysThatCannotBeUpdated) {
if (updatePayload[key] !== undefined) {
return res.status(400).send(`Key "${key}" cannot be updated`)
}
}
if (updatePayload.email && typeof updatePayload.email !== 'string') {
return res.status(400).send('Invalid email')
}
if (updatePayload.username && typeof updatePayload.username !== 'string') {
return res.status(400).send('Invalid username')
}
if (updatePayload.type && !Database.userModel.accountTypes.includes(updatePayload.type)) {
return res.status(400).send('Invalid account type')
}
if (updatePayload.permissions && typeof updatePayload.permissions !== 'object') {
return res.status(400).send('Invalid permissions')
}
let hasUpdates = false
let shouldUpdateToken = false
// When changing username create a new API token
if (updatePayload.username !== undefined && updatePayload.username !== user.username) {
if (updatePayload.username && updatePayload.username !== user.username) {
const usernameExists = await Database.userModel.checkUserExistsWithUsername(updatePayload.username)
if (usernameExists) {
return res.status(500).send('Username already taken')
return res.status(400).send('Username already taken')
}
user.username = updatePayload.username
shouldUpdateToken = true
hasUpdates = true
}
// Updating password
if (updatePayload.password) {
updatePayload.pash = await this.auth.hashPass(updatePayload.password)
delete updatePayload.password
user.pash = await this.auth.hashPass(updatePayload.password)
hasUpdates = true
}
// TODO: Update with new User model
const oldUser = Database.userModel.getOldUser(user)
if (oldUser.update(updatePayload)) {
if (shouldUpdateToken) {
oldUser.token = await this.auth.generateAccessToken(oldUser)
Logger.info(`[UserController] User ${oldUser.username} has generated a new api token`)
let hasPermissionsUpdates = false
let updateLibrariesAccessible = updatePayload.librariesAccessible || updatePayload.permissions?.librariesAccessible
if (updateLibrariesAccessible && (!Array.isArray(updateLibrariesAccessible) || updateLibrariesAccessible.some((libId) => typeof libId !== 'string'))) {
Logger.warn(`[UserController] update: Invalid librariesAccessible value: ${updateLibrariesAccessible}`)
updateLibrariesAccessible = null
}
let updateItemTagsSelected = updatePayload.itemTagsSelected || updatePayload.permissions?.itemTagsSelected
if (updateItemTagsSelected && (!Array.isArray(updateItemTagsSelected) || updateItemTagsSelected.some((tagId) => typeof tagId !== 'string'))) {
Logger.warn(`[UserController] update: Invalid itemTagsSelected value: ${updateItemTagsSelected}`)
updateItemTagsSelected = null
}
if (updatePayload.permissions?.itemTagsSelected || updatePayload.permissions?.librariesAccessible) {
delete updatePayload.permissions.itemTagsSelected
delete updatePayload.permissions.librariesAccessible
}
if (updatePayload.permissions && typeof updatePayload.permissions === 'object') {
const permissions = {
...user.permissions
}
await Database.updateUser(oldUser)
SocketAuthority.clientEmitter(req.user.id, 'user_updated', oldUser.toJSONForBrowser())
for (const key in updatePayload.permissions) {
if (permissions[key] !== undefined) {
if (typeof updatePayload.permissions[key] !== 'boolean') {
Logger.warn(`[UserController] update: Invalid permission value for key ${key}. Should be boolean`)
} else if (permissions[key] !== updatePayload.permissions[key]) {
permissions[key] = updatePayload.permissions[key]
hasPermissionsUpdates = true
}
} else {
Logger.warn(`[UserController] update: Invalid permission key: ${key}`)
}
}
if (updateItemTagsSelected && updateItemTagsSelected.join(',') !== user.permissions.itemTagsSelected.join(',')) {
permissions.itemTagsSelected = updateItemTagsSelected
hasPermissionsUpdates = true
}
if (updateLibrariesAccessible && updateLibrariesAccessible.join(',') !== user.permissions.librariesAccessible.join(',')) {
permissions.librariesAccessible = updateLibrariesAccessible
hasPermissionsUpdates = true
}
updatePayload.permissions = permissions
}
// Permissions were updated
if (hasPermissionsUpdates) {
user.permissions = updatePayload.permissions
user.changed('permissions', true)
hasUpdates = true
}
if (updatePayload.email && updatePayload.email !== user.email) {
user.email = updatePayload.email
hasUpdates = true
}
if (updatePayload.type && updatePayload.type !== user.type) {
user.type = updatePayload.type
hasUpdates = true
}
if (updatePayload.isActive !== undefined && !!updatePayload.isActive !== user.isActive) {
user.isActive = updatePayload.isActive
hasUpdates = true
}
if (updatePayload.lastSeen && typeof updatePayload.lastSeen === 'number') {
user.lastSeen = updatePayload.lastSeen
hasUpdates = true
}
if (hasUpdates) {
if (shouldUpdateToken) {
user.token = await this.auth.generateAccessToken(user)
Logger.info(`[UserController] User ${user.username} has generated a new api token`)
}
await user.save()
SocketAuthority.clientEmitter(req.user.id, 'user_updated', user.toOldJSONForBrowser())
}
res.json({
success: true,
user: oldUser.toJSONForBrowser()
user: user.toOldJSONForBrowser()
})
}