mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2025-06-23 01:09:26 +02:00
Update more API endpoints to use new user model
This commit is contained in:
advplyr
parent
9facf77ff1
commit
afc16358ca
23 changed files with 856 additions and 404 deletions
|
|
@ -1,3 +1,4 @@
|
|||
const { Request, Response, NextFunction } = require('express')
|
||||
const uuidv4 = require('uuid').v4
|
||||
const Logger = require('../Logger')
|
||||
const SocketAuthority = require('../SocketAuthority')
|
||||
|
|
@ -8,12 +9,18 @@ const User = require('../objects/user/User')
|
|||
const { toNumber } = require('../utils/index')
|
||||
|
||||
/**
|
||||
* @typedef RequestUserObjects
|
||||
* @property {import('../models/User')} userNew
|
||||
* @property {import('../objects/user/User')} user
|
||||
*
|
||||
* @typedef {Request & RequestUserObjects} RequestWithUser
|
||||
*
|
||||
* @typedef UserControllerRequestProps
|
||||
* @property {import('../models/User')} userNew
|
||||
* @property {import('../objects/user/User')} user - User that made the request
|
||||
* @property {import('../objects/user/User')} [reqUser] - User for req param id
|
||||
*
|
||||
* @typedef {import('express').Request & UserControllerRequestProps} UserControllerRequest
|
||||
* @typedef {import('express').Response} UserControllerResponse
|
||||
* @typedef {Request & UserControllerRequestProps} UserControllerRequest
|
||||
*/
|
||||
|
||||
class UserController {
|
||||
|
|
@ -22,11 +29,11 @@ class UserController {
|
|||
/**
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {UserControllerResponse} res
|
||||
* @param {Response} res
|
||||
*/
|
||||
async findAll(req, res) {
|
||||
if (!req.user.isAdminOrUp) return res.sendStatus(403)
|
||||
const hideRootToken = !req.user.isRoot
|
||||
if (!req.userNew.isAdminOrUp) return res.sendStatus(403)
|
||||
const hideRootToken = !req.userNew.isRoot
|
||||
|
||||
const includes = (req.query.include || '').split(',').map((i) => i.trim())
|
||||
|
||||
|
|
@ -52,11 +59,11 @@ class UserController {
|
|||
* Media progress items include: `displayTitle`, `displaySubtitle` (for podcasts), `coverPath` and `mediaUpdatedAt`
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {UserControllerResponse} res
|
||||
* @param {Response} res
|
||||
*/
|
||||
async findOne(req, res) {
|
||||
if (!req.user.isAdminOrUp) {
|
||||
Logger.error('User other than admin attempting to get user', req.user)
|
||||
if (!req.userNew.isAdminOrUp) {
|
||||
Logger.error(`Non-admin user "${req.userNew.username}" attempted to get user`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
|
|
@ -95,13 +102,22 @@ class UserController {
|
|||
return oldMediaProgress
|
||||
})
|
||||
|
||||
const userJson = req.reqUser.toJSONForBrowser(!req.user.isRoot)
|
||||
const userJson = req.reqUser.toJSONForBrowser(!req.userNew.isRoot)
|
||||
|
||||
userJson.mediaProgress = oldMediaProgresses
|
||||
|
||||
res.json(userJson)
|
||||
}
|
||||
|
||||
/**
|
||||
* POST: /api/users
|
||||
* Create a new user
|
||||
*
|
||||
* @this {import('../routers/ApiRouter')}
|
||||
*
|
||||
* @param {RequestWithUser} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async create(req, res) {
|
||||
const account = req.body
|
||||
const username = account.username
|
||||
|
|
@ -134,13 +150,13 @@ class UserController {
|
|||
* Update user
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {UserControllerResponse} res
|
||||
* @param {Response} res
|
||||
*/
|
||||
async update(req, res) {
|
||||
const user = req.reqUser
|
||||
|
||||
if (user.type === 'root' && !req.user.isRoot) {
|
||||
Logger.error(`[UserController] Admin user attempted to update root user`, req.user.username)
|
||||
if (user.type === 'root' && !req.userNew.isRoot) {
|
||||
Logger.error(`[UserController] Admin user "${req.userNew.username}" attempted to update root user`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
|
|
@ -168,7 +184,7 @@ class UserController {
|
|||
Logger.info(`[UserController] User ${user.username} was generated a new api token`)
|
||||
}
|
||||
await Database.updateUser(user)
|
||||
SocketAuthority.clientEmitter(req.user.id, 'user_updated', user.toJSONForBrowser())
|
||||
SocketAuthority.clientEmitter(req.userNew.id, 'user_updated', user.toJSONForBrowser())
|
||||
}
|
||||
|
||||
res.json({
|
||||
|
|
@ -177,14 +193,21 @@ class UserController {
|
|||
})
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE: /api/users/:id
|
||||
* Delete a user
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async delete(req, res) {
|
||||
if (req.params.id === 'root') {
|
||||
Logger.error('[UserController] Attempt to delete root user. Root user cannot be deleted')
|
||||
return res.sendStatus(500)
|
||||
return res.sendStatus(400)
|
||||
}
|
||||
if (req.user.id === req.params.id) {
|
||||
Logger.error(`[UserController] ${req.user.username} is attempting to delete themselves... why? WHY?`)
|
||||
return res.sendStatus(500)
|
||||
if (req.userNew.id === req.params.id) {
|
||||
Logger.error(`[UserController] User ${req.userNew.username} is attempting to delete self`)
|
||||
return res.sendStatus(400)
|
||||
}
|
||||
const user = req.reqUser
|
||||
|
||||
|
|
@ -212,20 +235,25 @@ class UserController {
|
|||
* PATCH: /api/users/:id/openid-unlink
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {UserControllerResponse} res
|
||||
* @param {Response} res
|
||||
*/
|
||||
async unlinkFromOpenID(req, res) {
|
||||
Logger.debug(`[UserController] Unlinking user "${req.reqUser.username}" from OpenID with sub "${req.reqUser.authOpenIDSub}"`)
|
||||
req.reqUser.authOpenIDSub = null
|
||||
if (await Database.userModel.updateFromOld(req.reqUser)) {
|
||||
SocketAuthority.clientEmitter(req.user.id, 'user_updated', req.reqUser.toJSONForBrowser())
|
||||
SocketAuthority.clientEmitter(req.userNew.id, 'user_updated', req.reqUser.toJSONForBrowser())
|
||||
res.sendStatus(200)
|
||||
} else {
|
||||
res.sendStatus(500)
|
||||
}
|
||||
}
|
||||
|
||||
// GET: api/users/:id/listening-sessions
|
||||
/**
|
||||
* GET: /api/users/:id/listening-sessions
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async getListeningSessions(req, res) {
|
||||
var listeningSessions = await this.getUserListeningSessionsHelper(req.params.id)
|
||||
|
||||
|
|
@ -246,15 +274,29 @@ class UserController {
|
|||
res.json(payload)
|
||||
}
|
||||
|
||||
// GET: api/users/:id/listening-stats
|
||||
/**
|
||||
* GET: /api/users/:id/listening-stats
|
||||
*
|
||||
* @this {import('../routers/ApiRouter')}
|
||||
*
|
||||
* @param {UserControllerRequest} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async getListeningStats(req, res) {
|
||||
var listeningStats = await this.getUserListeningStatsHelpers(req.params.id)
|
||||
res.json(listeningStats)
|
||||
}
|
||||
|
||||
// POST: api/users/online (admin)
|
||||
/**
|
||||
* GET: /api/users/online
|
||||
*
|
||||
* @this {import('../routers/ApiRouter')}
|
||||
*
|
||||
* @param {RequestWithUser} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async getOnlineUsers(req, res) {
|
||||
if (!req.user.isAdminOrUp) {
|
||||
if (!req.userNew.isAdminOrUp) {
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
|
|
@ -264,10 +306,16 @@ class UserController {
|
|||
})
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {RequestWithUser} req
|
||||
* @param {Response} res
|
||||
* @param {NextFunction} next
|
||||
*/
|
||||
async middleware(req, res, next) {
|
||||
if (!req.user.isAdminOrUp && req.user.id !== req.params.id) {
|
||||
if (!req.userNew.isAdminOrUp && req.userNew.id !== req.params.id) {
|
||||
return res.sendStatus(403)
|
||||
} else if ((req.method == 'PATCH' || req.method == 'POST' || req.method == 'DELETE') && !req.user.isAdminOrUp) {
|
||||
} else if ((req.method == 'PATCH' || req.method == 'POST' || req.method == 'DELETE') && !req.userNew.isAdminOrUp) {
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue