Code refactoring:

Splitting API code in several files.

server/lib/routers/api/auth.ts

@@ -0,0 +1,110 @@
+import type { RegisterServerOptions } from '@peertube/peertube-types'
+import type { Router, Request, Response, NextFunction } from 'express'
+import { asyncMiddleware } from '../../middlewares/async'
+import { getProsodyDomain } from '../../prosody/config/domain'
+import { prosodyRegisterUser, prosodyCheckUserPassword, prosodyUserRegistered } from '../../prosody/auth'
+import { getUserNickname } from '../../helpers'
+
+/**
+ * Instanciate the authentication API.
+ * This API is used by the frontend to get current user's XMPP credentials.
+ * @param options server register options
+ */
+async function initAuthApiRouter (options: RegisterServerOptions, router: Router): Promise<void> {
+  router.get('/auth', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const user = await options.peertubeHelpers.user.getAuthUser(res)
+      if (!user) {
+        res.sendStatus(403)
+        return
+      }
+      if (user.blocked) {
+        res.sendStatus(403)
+        return
+      }
+      // NB 2021-08-05: Peertube usernames should be lowercase. But it seems that
+      // in some old installation, there can be uppercase letters in usernames.
+      // When Peertube checks username unicity, it does a lowercase search.
+      // So it feels safe to normalize usernames like so:
+      const normalizedUsername = user.username.toLowerCase()
+      const prosodyDomain = await getProsodyDomain(options)
+      const password: string = await prosodyRegisterUser(normalizedUsername)
+      const nickname: string | undefined = await getUserNickname(options, user)
+      res.status(200).json({
+        jid: normalizedUsername + '@' + prosodyDomain,
+        password: password,
+        nickname: nickname
+      })
+    }
+  ))
+}
+
+/**
+ * Instanciates API used by the Prosody module http_auth.
+ * This is used to check user's credentials.
+ * @param options server register options
+ * @returns a router
+ */
+async function initUserAuthApiRouter (options: RegisterServerOptions, router: Router): Promise<void> {
+  const logger = options.peertubeHelpers.logger
+
+  router.post('/user/register', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+
+  router.get('/user/check_password', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const prosodyDomain = await getProsodyDomain(options)
+      const user = req.query.user
+      const server = req.query.server
+      const pass = req.query.pass
+      if (server !== prosodyDomain) {
+        logger.warn(`Cannot call check_password on user on server ${server as string}.`)
+        res.status(200).send('false')
+        return
+      }
+      if (user && pass && await prosodyCheckUserPassword(user as string, pass as string)) {
+        res.status(200).send('true')
+        return
+      }
+      res.status(200).send('false')
+    }
+  ))
+
+  router.get('/user/user_exists', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const prosodyDomain = await getProsodyDomain(options)
+      const user = req.query.user
+      const server = req.query.server
+      if (server !== prosodyDomain) {
+        logger.warn(`Cannot call user_exists on user on server ${server as string}.`)
+        res.status(200).send('false')
+        return
+      }
+      if (user && await prosodyUserRegistered(user as string)) {
+        res.status(200).send('true')
+        return
+      }
+      res.status(200).send('false')
+    }
+  ))
+
+  router.post('/user/set_password', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+
+  router.post('/user/remove_user', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+}
+
+export {
+  initAuthApiRouter,
+  initUserAuthApiRouter
+}