hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into admin/users

Browse Source
v1.18.x
Barış Soner Uşaklı 4 years ago
parent a2edb86dfb bfaeb27c11
commit 2d6ea6e505
9 changed files with 265 additions and 251 deletions
Show Stats Download Patch File Download Diff File

261
public/openapi/write.yaml
Unescape Escape View File

@ -21,262 +21,23 @@ info:
license: license:
name: GPL-3.0 name: GPL-3.0
servers: servers:
- url: /api/v1 - url: /api/v3
tags: tags:
- name: users - name: users
description: 'Account related calls (create, modify, delete, etc.)' description: 'Account related calls (create, modify, delete, etc.)'
- name: categories - name: categories
description: Administrative calls to manage categories description: Administrative calls to manage categories
paths: paths:
'/users/{uid}': /users/{uid}:
delete: $ref: 'write/users/uid.yaml'
tags: /users/{uid}/password:
- users $ref: 'write/users/uid/password.yaml'
summary: delete a single user account /users/{uid}/follow:
parameters: $ref: 'write/users/uid/follow.yaml'
- in: path /users/{uid}/ban:
name: uid $ref: 'write/users/uid/ban.yaml'
schema: /users/{uid}/tokens:
type: integer $ref: 'write/users/uid/tokens.yaml'
required: true
description: uid of the user to delete
responses:
'200':
description: user account deleted
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
put:
tags:
- users
summary: update a user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
$ref: components/schemas/UserRequest.yaml#/UserRequest
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
$ref: components/schemas/UserObj.yaml#/UserObj
'401':
$ref: components/responses/401.yaml#/401
'403':
$ref: components/responses/403.yaml#/403
'426':
$ref: components/responses/426.yaml#/426
'500':
$ref: components/responses/500.yaml#/500
'/users/{uid}/password':
put:
tags:
- users
summary: change a user's password
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
currentPassword:
type: string
description: test
example: oldp455word
newPassword:
type: string
example: s3cre7password
required:
- newPassword
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/follow':
post:
tags:
- users
summary: follow a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to follow
responses:
'200':
description: successfully followed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unfollows a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unfollow
responses:
'200':
description: successfully unfollowed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/ban':
put:
tags:
- users
summary: ban a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to ban
requestBody:
content:
application/json:
schema:
type: object
properties:
until:
type: number
description: UNIX timestamp of the ban expiry
example: 1585775608076
reason:
type: string
example: the reason for the ban
responses:
'200':
description: successfully banned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unbans a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unban
responses:
'200':
description: successfully unbanned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
'/users/{uid}/tokens':
post:
tags:
- users
summary: generate a user token
description: This route can only be used to generate tokens for the same user. In other words, you cannot use this route to generate a token for a different user than the one you are authenticated as.
responses:
'200':
description: successfully generated a user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: delete user token
parameters:
- in: path
name: token
schema:
type: string
required: true
description: a valid API token
responses:
'200':
description: successfully deleted user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: components/schemas/Status.yaml#/Status
response:
type: object
/categories/: /categories/:
$ref: 'write/categories.yaml' $ref: 'write/categories.yaml'
/groups/: /groups/:

60
public/openapi/write/users/uid.yaml
Unescape Escape View File

@ -0,0 +1,60 @@
delete:
tags:
- users
summary: delete a single user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to delete
responses:
'200':
description: user account deleted
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../components/schemas/Status.yaml#/Status
response:
type: object
put:
tags:
- users
summary: update a user account
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
$ref: ../../components/schemas/UserRequest.yaml#/UserRequest
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../components/schemas/Status.yaml#/Status
response:
$ref: ../../components/schemas/UserObj.yaml#/UserObj
'401':
$ref: ../../components/responses/401.yaml#/401
'403':
$ref: ../../components/responses/403.yaml#/403
'426':
$ref: ../../components/responses/426.yaml#/426
'500':
$ref: ../../components/responses/500.yaml#/500

59
public/openapi/write/users/uid/ban.yaml
Unescape Escape View File

@ -0,0 +1,59 @@
put:
tags:
- users
summary: ban a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to ban
requestBody:
content:
application/json:
schema:
type: object
properties:
until:
type: number
description: UNIX timestamp of the ban expiry
example: 1585775608076
reason:
type: string
example: the reason for the ban
responses:
'200':
description: successfully banned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unbans a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unban
responses:
'200':
description: successfully unbanned user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

46
public/openapi/write/users/uid/follow.yaml
Unescape Escape View File

@ -0,0 +1,46 @@
post:
tags:
- users
summary: follow a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to follow
responses:
'200':
description: successfully followed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: unfollows a user
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to unfollow
responses:
'200':
description: successfully unfollowed user
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

39
public/openapi/write/users/uid/password.yaml
Unescape Escape View File

@ -0,0 +1,39 @@
put:
tags:
- users
summary: change a user's password
parameters:
- in: path
name: uid
schema:
type: integer
required: true
description: uid of the user to update
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
currentPassword:
type: string
description: test
example: oldp455word
newPassword:
type: string
example: s3cre7password
required:
- newPassword
responses:
'200':
description: user profile updated
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

40
public/openapi/write/users/uid/tokens.yaml
Unescape Escape View File

@ -0,0 +1,40 @@
post:
tags:
- users
summary: generate a user token
description: This route can only be used to generate tokens for the same user. In other words, you cannot use this route to generate a token for a different user than the one you are authenticated as.
responses:
'200':
description: successfully generated a user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object
delete:
tags:
- users
summary: delete user token
parameters:
- in: path
name: token
schema:
type: string
required: true
description: a valid API token
responses:
'200':
description: successfully deleted user token
content:
application/json:
schema:
type: object
properties:
status:
$ref: ../../../components/schemas/Status.yaml#/Status
response:
type: object

6
public/src/modules/api.js
Unescape Escape View File

@ -5,7 +5,11 @@ define('api', () => {
const baseUrl = config.relative_path + '/api/v3'; const baseUrl = config.relative_path + '/api/v3';
function call(options, onSuccess, onError) { function call(options, onSuccess, onError) {
$.ajax(options) $.ajax(Object.assign({
headers: {
'x-csrf-token': config.csrf_token,
},
}, options))
.done((res) => { .done((res) => {
if (onSuccess) { if (onSuccess) {
onSuccess(res.response); onSuccess(res.response);

1
src/middleware/index.js
Unescape Escape View File

@ -48,6 +48,7 @@ middleware.applyCSRF = function (req, res, next) {
next(); next();
} }
}; };
middleware.applyCSRFasync = util.promisify(middleware.applyCSRF);
middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login'); middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');

4
src/middleware/user.js
Unescape Escape View File

@ -34,6 +34,10 @@ module.exports = function (middleware) {
const loginAsync = util.promisify(req.login).bind(req); const loginAsync = util.promisify(req.login).bind(req);
if (req.loggedIn) { if (req.loggedIn) {
if (res.locals.isAPI) {
await middleware.applyCSRFasync(req, res);
}
return true; return true;
} else if (req.headers.hasOwnProperty('authorization')) { } else if (req.headers.hasOwnProperty('authorization')) {
const user = await passportAuthenticateAsync(req, res); const user = await passportAuthenticateAsync(req, res);

Write Preview
Loading…
Cancel
Save