[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / blocklist.ts

import express from 'express'
import { body, param, query } from 'express-validator'
import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
import { toArray } from '@server/helpers/custom-validators/misc'
import { getServerActor } from '@server/models/application/application'
import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
import { logger } from '../../helpers/logger'
import { WEBSERVER } from '../../initializers/constants'
import { AccountBlocklistModel } from '../../models/account/account-blocklist'
import { ServerModel } from '../../models/server/server'
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { areValidationErrors, doesAccountNameWithHostExist } from './shared'

const blockAccountValidator = [
  body('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return

    const user = res.locals.oauth.token.User
    const accountToBlock = res.locals.account

    if (user.Account.id === accountToBlock.id) {
      res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block yourself.'
      })
      return
    }

    return next()
  }
]

const unblockAccountByAccountValidator = [
  param('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const user = res.locals.oauth.token.User
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const unblockAccountByServerValidator = [
  param('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const serverActor = await getServerActor()
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const blockServerValidator = [
  body('host').custom(isHostValid).withMessage('Should have a valid host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking serverGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    const host: string = req.body.host

    if (host === WEBSERVER.HOST) {
      return res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block your own server.'
      })
    }

    const server = await ServerModel.loadOrCreateByHost(host)

    res.locals.server = server

    return next()
  }
]

const unblockServerByAccountValidator = [
  param('host').custom(isHostValid).withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const user = res.locals.oauth.token.User
    if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return

    return next()
  }
]

const unblockServerByServerValidator = [
  param('host').custom(isHostValid).withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const serverActor = await getServerActor()
    if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return

    return next()
  }
]

const blocklistStatusValidator = [
  query('hosts')
    .optional()
    .customSanitizer(toArray)
    .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),

  query('accounts')
    .optional()
    .customSanitizer(toArray)
    .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking blocklistStatusValidator parameters', { query: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  blockServerValidator,
  blockAccountValidator,
  unblockAccountByAccountValidator,
  unblockServerByAccountValidator,
  unblockAccountByServerValidator,
  unblockServerByServerValidator,
  blocklistStatusValidator
}

// ---------------------------------------------------------------------------

async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
  const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
  if (!accountBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Account block entry not found.'
    })
    return false
  }

  res.locals.accountBlock = accountBlock
  return true
}

async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
  const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
  if (!serverBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Server block entry not found.'
    })
    return false
  }

  res.locals.serverBlock = serverBlock
  return true
}
Commit	Line	Data
41fb13c3	1	import express from 'express'
80badf49 C	2	import { body, param, query } from 'express-validator'
	3	import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
	4	import { toArray } from '@server/helpers/custom-validators/misc'
10363c74	5	import { getServerActor } from '@server/models/application/application'
c0e8b12e	6	import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
80badf49	7	import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
7ad9b984	8	import { logger } from '../../helpers/logger'
10363c74	9	import { WEBSERVER } from '../../initializers/constants'
7ad9b984	10	import { AccountBlocklistModel } from '../../models/account/account-blocklist'
af5767ff	11	import { ServerModel } from '../../models/server/server'
10363c74 C	12	import { ServerBlocklistModel } from '../../models/server/server-blocklist'
10363c74 C	13	import { areValidationErrors, doesAccountNameWithHostExist } from './shared'
7ad9b984	14
b44164bb	15	const blockAccountValidator = [
7ad9b984 C	16	body('accountName').exists().withMessage('Should have an account name with host'),
	17
	18	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	19	logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })
	20
	21	if (areValidationErrors(req, res)) return
0f6acda1	22	if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
7ad9b984	23
dae86118	24	const user = res.locals.oauth.token.User
af5767ff C	25	const accountToBlock = res.locals.account
	26
	27	if (user.Account.id === accountToBlock.id) {
76148b27 RK	28	res.fail({
	29	status: HttpStatusCode.CONFLICT_409,
	30	message: 'You cannot block yourself.'
	31	})
af5767ff C	32	return
	33	}
	34
7ad9b984 C	35	return next()
	36	}
	37	]
	38
	39	const unblockAccountByAccountValidator = [
	40	param('accountName').exists().withMessage('Should have an account name with host'),
	41
	42	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	43	logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })
	44
	45	if (areValidationErrors(req, res)) return
0f6acda1	46	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
7ad9b984	47
dae86118	48	const user = res.locals.oauth.token.User
7ad9b984	49	const targetAccount = res.locals.account
0f6acda1	50	if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
7ad9b984 C	51
	52	return next()
	53	}
	54	]
	55
b44164bb C	56	const unblockAccountByServerValidator = [
	57	param('accountName').exists().withMessage('Should have an account name with host'),
	58
	59	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	60	logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
	61
	62	if (areValidationErrors(req, res)) return
0f6acda1	63	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
b44164bb C	64
	65	const serverActor = await getServerActor()
	66	const targetAccount = res.locals.account
0f6acda1	67	if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
b44164bb C	68
	69	return next()
	70	}
	71	]
	72
	73	const blockServerValidator = [
af5767ff C	74	body('host').custom(isHostValid).withMessage('Should have a valid host'),
	75
	76	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	77	logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
	78
	79	if (areValidationErrors(req, res)) return
	80
	81	const host: string = req.body.host
	82
6dd9de95	83	if (host === WEBSERVER.HOST) {
76148b27 RK	84	return res.fail({
	85	status: HttpStatusCode.CONFLICT_409,
	86	message: 'You cannot block your own server.'
	87	})
af5767ff C	88	}
af5767ff C	89
80fdaf06	90	const server = await ServerModel.loadOrCreateByHost(host)
af5767ff C	91
	92	res.locals.server = server
	93
	94	return next()
	95	}
	96	]
	97
7ad9b984 C	98	const unblockServerByAccountValidator = [
	99	param('host').custom(isHostValid).withMessage('Should have an account name with host'),
	100
	101	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	102	logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })
	103
	104	if (areValidationErrors(req, res)) return
	105
dae86118	106	const user = res.locals.oauth.token.User
0f6acda1	107	if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
7ad9b984 C	108
	109	return next()
	110	}
	111	]
	112
b44164bb C	113	const unblockServerByServerValidator = [
	114	param('host').custom(isHostValid).withMessage('Should have an account name with host'),
	115
	116	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	117	logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
	118
	119	if (areValidationErrors(req, res)) return
	120
	121	const serverActor = await getServerActor()
0f6acda1	122	if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
b44164bb C	123
	124	return next()
	125	}
	126	]
	127
80badf49 C	128	const blocklistStatusValidator = [
	129	query('hosts')
	130	.optional()
	131	.customSanitizer(toArray)
	132	.custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
	133
	134	query('accounts')
	135	.optional()
	136	.customSanitizer(toArray)
	137	.custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
	138
	139	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	140	logger.debug('Checking blocklistStatusValidator parameters', { query: req.query })
	141
	142	if (areValidationErrors(req, res)) return
	143
	144	return next()
	145	}
	146	]
	147
7ad9b984 C	148	// ---------------------------------------------------------------------------
	149
	150	export {
b44164bb C	151	blockServerValidator,
b44164bb C	152	blockAccountValidator,
7ad9b984	153	unblockAccountByAccountValidator,
b44164bb C	154	unblockServerByAccountValidator,
b44164bb C	155	unblockAccountByServerValidator,
80badf49 C	156	unblockServerByServerValidator,
80badf49 C	157	blocklistStatusValidator
7ad9b984 C	158	}
	159
	160	// ---------------------------------------------------------------------------
	161
0f6acda1	162	async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
7ad9b984 C	163	const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
7ad9b984 C	164	if (!accountBlock) {
76148b27 RK	165	res.fail({
	166	status: HttpStatusCode.NOT_FOUND_404,
	167	message: 'Account block entry not found.'
	168	})
7ad9b984 C	169	return false
	170	}
	171
	172	res.locals.accountBlock = accountBlock
7ad9b984 C	173	return true
	174	}
	175
0f6acda1	176	async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
7ad9b984 C	177	const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
7ad9b984 C	178	if (!serverBlock) {
76148b27 RK	179	res.fail({
	180	status: HttpStatusCode.NOT_FOUND_404,
	181	message: 'Server block entry not found.'
	182	})
7ad9b984 C	183	return false
	184	}
	185
	186	res.locals.serverBlock = serverBlock
7ad9b984 C	187	return true
7ad9b984 C	188	}