[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / blocklist.ts

import express from 'express'
import { body, param, query } from 'express-validator'
import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
import { getServerActor } from '@server/models/application/application'
import { arrayify } from '@shared/core-utils'
import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
import { WEBSERVER } from '../../initializers/constants'
import { AccountBlocklistModel } from '../../models/account/account-blocklist'
import { ServerModel } from '../../models/server/server'
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { areValidationErrors, doesAccountNameWithHostExist } from './shared'

const blockAccountValidator = [
  body('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return

    const user = res.locals.oauth.token.User
    const accountToBlock = res.locals.account

    if (user.Account.id === accountToBlock.id) {
      res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block yourself.'
      })
      return
    }

    return next()
  }
]

const unblockAccountByAccountValidator = [
  param('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const user = res.locals.oauth.token.User
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const unblockAccountByServerValidator = [
  param('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const serverActor = await getServerActor()
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const blockServerValidator = [
  body('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const host: string = req.body.host

    if (host === WEBSERVER.HOST) {
      return res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block your own server.'
      })
    }

    const server = await ServerModel.loadOrCreateByHost(host)

    res.locals.server = server

    return next()
  }
]

const unblockServerByAccountValidator = [
  param('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const user = res.locals.oauth.token.User
    if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return

    return next()
  }
]

const unblockServerByServerValidator = [
  param('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const serverActor = await getServerActor()
    if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return

    return next()
  }
]

const blocklistStatusValidator = [
  query('hosts')
    .optional()
    .customSanitizer(arrayify)
    .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),

  query('accounts')
    .optional()
    .customSanitizer(arrayify)
    .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  blockServerValidator,
  blockAccountValidator,
  unblockAccountByAccountValidator,
  unblockServerByAccountValidator,
  unblockAccountByServerValidator,
  unblockServerByServerValidator,
  blocklistStatusValidator
}

// ---------------------------------------------------------------------------

async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
  const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
  if (!accountBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Account block entry not found.'
    })
    return false
  }

  res.locals.accountBlock = accountBlock
  return true
}

async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
  const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
  if (!serverBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Server block entry not found.'
    })
    return false
  }

  res.locals.serverBlock = serverBlock
  return true
}
Commit	Line	Data
41fb13c3	1	import express from 'express'
80badf49 C	2	import { body, param, query } from 'express-validator'
80badf49 C	3	import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
10363c74	4	import { getServerActor } from '@server/models/application/application'
86347717	5	import { arrayify } from '@shared/core-utils'
c0e8b12e	6	import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
80badf49	7	import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
10363c74	8	import { WEBSERVER } from '../../initializers/constants'
7ad9b984	9	import { AccountBlocklistModel } from '../../models/account/account-blocklist'
af5767ff	10	import { ServerModel } from '../../models/server/server'
10363c74 C	11	import { ServerBlocklistModel } from '../../models/server/server-blocklist'
10363c74 C	12	import { areValidationErrors, doesAccountNameWithHostExist } from './shared'
7ad9b984	13
b44164bb	14	const blockAccountValidator = [
396f6f01 C	15	body('accountName')
396f6f01 C	16	.exists(),
7ad9b984 C	17
7ad9b984 C	18	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
7ad9b984	19	if (areValidationErrors(req, res)) return
0f6acda1	20	if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
7ad9b984	21
dae86118	22	const user = res.locals.oauth.token.User
af5767ff C	23	const accountToBlock = res.locals.account
	24
	25	if (user.Account.id === accountToBlock.id) {
76148b27 RK	26	res.fail({
	27	status: HttpStatusCode.CONFLICT_409,
	28	message: 'You cannot block yourself.'
	29	})
af5767ff C	30	return
	31	}
	32
7ad9b984 C	33	return next()
	34	}
	35	]
	36
	37	const unblockAccountByAccountValidator = [
396f6f01 C	38	param('accountName')
396f6f01 C	39	.exists(),
7ad9b984 C	40
7ad9b984 C	41	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
7ad9b984	42	if (areValidationErrors(req, res)) return
0f6acda1	43	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
7ad9b984	44
dae86118	45	const user = res.locals.oauth.token.User
7ad9b984	46	const targetAccount = res.locals.account
0f6acda1	47	if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
7ad9b984 C	48
	49	return next()
	50	}
	51	]
	52
b44164bb	53	const unblockAccountByServerValidator = [
396f6f01 C	54	param('accountName')
396f6f01 C	55	.exists(),
b44164bb C	56
b44164bb C	57	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b44164bb	58	if (areValidationErrors(req, res)) return
0f6acda1	59	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
b44164bb C	60
	61	const serverActor = await getServerActor()
	62	const targetAccount = res.locals.account
0f6acda1	63	if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
b44164bb C	64
	65	return next()
	66	}
	67	]
	68
	69	const blockServerValidator = [
396f6f01 C	70	body('host')
396f6f01 C	71	.custom(isHostValid),
af5767ff C	72
af5767ff C	73	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
af5767ff C	74	if (areValidationErrors(req, res)) return
	75
	76	const host: string = req.body.host
	77
6dd9de95	78	if (host === WEBSERVER.HOST) {
76148b27 RK	79	return res.fail({
	80	status: HttpStatusCode.CONFLICT_409,
	81	message: 'You cannot block your own server.'
	82	})
af5767ff C	83	}
af5767ff C	84
80fdaf06	85	const server = await ServerModel.loadOrCreateByHost(host)
af5767ff C	86
	87	res.locals.server = server
	88
	89	return next()
	90	}
	91	]
	92
7ad9b984	93	const unblockServerByAccountValidator = [
396f6f01 C	94	param('host')
396f6f01 C	95	.custom(isHostValid),
7ad9b984 C	96
7ad9b984 C	97	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
7ad9b984 C	98	if (areValidationErrors(req, res)) return
7ad9b984 C	99
dae86118	100	const user = res.locals.oauth.token.User
0f6acda1	101	if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
7ad9b984 C	102
	103	return next()
	104	}
	105	]
	106
b44164bb	107	const unblockServerByServerValidator = [
396f6f01 C	108	param('host')
396f6f01 C	109	.custom(isHostValid),
b44164bb C	110
b44164bb C	111	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
b44164bb C	112	if (areValidationErrors(req, res)) return
	113
	114	const serverActor = await getServerActor()
0f6acda1	115	if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
b44164bb C	116
	117	return next()
	118	}
	119	]
	120
80badf49 C	121	const blocklistStatusValidator = [
	122	query('hosts')
	123	.optional()
86347717	124	.customSanitizer(arrayify)
80badf49 C	125	.custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
	126
	127	query('accounts')
	128	.optional()
86347717	129	.customSanitizer(arrayify)
80badf49 C	130	.custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
	131
	132	(req: express.Request, res: express.Response, next: express.NextFunction) => {
80badf49 C	133	if (areValidationErrors(req, res)) return
	134
	135	return next()
	136	}
	137	]
	138
7ad9b984 C	139	// ---------------------------------------------------------------------------
	140
	141	export {
b44164bb C	142	blockServerValidator,
b44164bb C	143	blockAccountValidator,
7ad9b984	144	unblockAccountByAccountValidator,
b44164bb C	145	unblockServerByAccountValidator,
b44164bb C	146	unblockAccountByServerValidator,
80badf49 C	147	unblockServerByServerValidator,
80badf49 C	148	blocklistStatusValidator
7ad9b984 C	149	}
	150
	151	// ---------------------------------------------------------------------------
	152
0f6acda1	153	async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
7ad9b984 C	154	const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
7ad9b984 C	155	if (!accountBlock) {
76148b27 RK	156	res.fail({
	157	status: HttpStatusCode.NOT_FOUND_404,
	158	message: 'Account block entry not found.'
	159	})
7ad9b984 C	160	return false
	161	}
	162
	163	res.locals.accountBlock = accountBlock
7ad9b984 C	164	return true
	165	}
	166
0f6acda1	167	async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
7ad9b984 C	168	const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
7ad9b984 C	169	if (!serverBlock) {
76148b27 RK	170	res.fail({
	171	status: HttpStatusCode.NOT_FOUND_404,
	172	message: 'Server block entry not found.'
	173	})
7ad9b984 C	174	return false
	175	}
	176
	177	res.locals.serverBlock = serverBlock
7ad9b984 C	178	return true
7ad9b984 C	179	}