[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / blocklist.ts

import { body, param } from 'express-validator'
import * as express from 'express'
import { logger } from '../../helpers/logger'
import { areValidationErrors } from './utils'
import { AccountBlocklistModel } from '../../models/account/account-blocklist'
import { isHostValid } from '../../helpers/custom-validators/servers'
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { ServerModel } from '../../models/server/server'
import { WEBSERVER } from '../../initializers/constants'
import { doesAccountNameWithHostExist } from '../../helpers/middlewares'
import { getServerActor } from '@server/models/application/application'
import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'

const blockAccountValidator = [
  body('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return

    const user = res.locals.oauth.token.User
    const accountToBlock = res.locals.account

    if (user.Account.id === accountToBlock.id) {
      res.status(HttpStatusCode.CONFLICT_409)
         .json({ error: 'You cannot block yourself.' })

      return
    }

    return next()
  }
]

const unblockAccountByAccountValidator = [
  param('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const user = res.locals.oauth.token.User
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const unblockAccountByServerValidator = [
  param('accountName').exists().withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const serverActor = await getServerActor()
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const blockServerValidator = [
  body('host').custom(isHostValid).withMessage('Should have a valid host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking serverGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    const host: string = req.body.host

    if (host === WEBSERVER.HOST) {
      return res.status(HttpStatusCode.CONFLICT_409)
        .json({ error: 'You cannot block your own server.' })
    }

    const server = await ServerModel.loadOrCreateByHost(host)

    res.locals.server = server

    return next()
  }
]

const unblockServerByAccountValidator = [
  param('host').custom(isHostValid).withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const user = res.locals.oauth.token.User
    if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return

    return next()
  }
]

const unblockServerByServerValidator = [
  param('host').custom(isHostValid).withMessage('Should have an account name with host'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const serverActor = await getServerActor()
    if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  blockServerValidator,
  blockAccountValidator,
  unblockAccountByAccountValidator,
  unblockServerByAccountValidator,
  unblockAccountByServerValidator,
  unblockServerByServerValidator
}

// ---------------------------------------------------------------------------

async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
  const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
  if (!accountBlock) {
    res.status(HttpStatusCode.NOT_FOUND_404)
       .json({ error: 'Account block entry not found.' })

    return false
  }

  res.locals.accountBlock = accountBlock

  return true
}

async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
  const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
  if (!serverBlock) {
    res.status(HttpStatusCode.NOT_FOUND_404)
       .json({ error: 'Server block entry not found.' })

    return false
  }

  res.locals.serverBlock = serverBlock

  return true
}
Commit	Line	Data
c8861d5d	1	import { body, param } from 'express-validator'
7ad9b984 C	2	import * as express from 'express'
	3	import { logger } from '../../helpers/logger'
	4	import { areValidationErrors } from './utils'
7ad9b984 C	5	import { AccountBlocklistModel } from '../../models/account/account-blocklist'
	6	import { isHostValid } from '../../helpers/custom-validators/servers'
	7	import { ServerBlocklistModel } from '../../models/server/server-blocklist'
af5767ff	8	import { ServerModel } from '../../models/server/server'
6dd9de95	9	import { WEBSERVER } from '../../initializers/constants'
3e753302	10	import { doesAccountNameWithHostExist } from '../../helpers/middlewares'
8dc8a34e	11	import { getServerActor } from '@server/models/application/application'
2d53be02	12	import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
7ad9b984	13
b44164bb	14	const blockAccountValidator = [
7ad9b984 C	15	body('accountName').exists().withMessage('Should have an account name with host'),
	16
	17	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	18	logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })
	19
	20	if (areValidationErrors(req, res)) return
0f6acda1	21	if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
7ad9b984	22
dae86118	23	const user = res.locals.oauth.token.User
af5767ff C	24	const accountToBlock = res.locals.account
	25
	26	if (user.Account.id === accountToBlock.id) {
2d53be02	27	res.status(HttpStatusCode.CONFLICT_409)
444c0a0e	28	.json({ error: 'You cannot block yourself.' })
af5767ff C	29
	30	return
	31	}
	32
7ad9b984 C	33	return next()
	34	}
	35	]
	36
	37	const unblockAccountByAccountValidator = [
	38	param('accountName').exists().withMessage('Should have an account name with host'),
	39
	40	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	41	logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })
	42
	43	if (areValidationErrors(req, res)) return
0f6acda1	44	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
7ad9b984	45
dae86118	46	const user = res.locals.oauth.token.User
7ad9b984	47	const targetAccount = res.locals.account
0f6acda1	48	if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
7ad9b984 C	49
	50	return next()
	51	}
	52	]
	53
b44164bb C	54	const unblockAccountByServerValidator = [
	55	param('accountName').exists().withMessage('Should have an account name with host'),
	56
	57	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	58	logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
	59
	60	if (areValidationErrors(req, res)) return
0f6acda1	61	if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
b44164bb C	62
	63	const serverActor = await getServerActor()
	64	const targetAccount = res.locals.account
0f6acda1	65	if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
b44164bb C	66
	67	return next()
	68	}
	69	]
	70
	71	const blockServerValidator = [
af5767ff C	72	body('host').custom(isHostValid).withMessage('Should have a valid host'),
	73
	74	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	75	logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
	76
	77	if (areValidationErrors(req, res)) return
	78
	79	const host: string = req.body.host
	80
6dd9de95	81	if (host === WEBSERVER.HOST) {
2d53be02	82	return res.status(HttpStatusCode.CONFLICT_409)
444c0a0e	83	.json({ error: 'You cannot block your own server.' })
af5767ff C	84	}
af5767ff C	85
80fdaf06	86	const server = await ServerModel.loadOrCreateByHost(host)
af5767ff C	87
	88	res.locals.server = server
	89
	90	return next()
	91	}
	92	]
	93
7ad9b984 C	94	const unblockServerByAccountValidator = [
	95	param('host').custom(isHostValid).withMessage('Should have an account name with host'),
	96
	97	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	98	logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })
	99
	100	if (areValidationErrors(req, res)) return
	101
dae86118	102	const user = res.locals.oauth.token.User
0f6acda1	103	if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
7ad9b984 C	104
	105	return next()
	106	}
	107	]
	108
b44164bb C	109	const unblockServerByServerValidator = [
	110	param('host').custom(isHostValid).withMessage('Should have an account name with host'),
	111
	112	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	113	logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
	114
	115	if (areValidationErrors(req, res)) return
	116
	117	const serverActor = await getServerActor()
0f6acda1	118	if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
b44164bb C	119
	120	return next()
	121	}
	122	]
	123
7ad9b984 C	124	// ---------------------------------------------------------------------------
	125
	126	export {
b44164bb C	127	blockServerValidator,
b44164bb C	128	blockAccountValidator,
7ad9b984	129	unblockAccountByAccountValidator,
b44164bb C	130	unblockServerByAccountValidator,
	131	unblockAccountByServerValidator,
	132	unblockServerByServerValidator
7ad9b984 C	133	}
	134
	135	// ---------------------------------------------------------------------------
	136
0f6acda1	137	async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
7ad9b984 C	138	const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
7ad9b984 C	139	if (!accountBlock) {
2d53be02	140	res.status(HttpStatusCode.NOT_FOUND_404)
444c0a0e	141	.json({ error: 'Account block entry not found.' })
7ad9b984 C	142
	143	return false
	144	}
	145
	146	res.locals.accountBlock = accountBlock
	147
	148	return true
	149	}
	150
0f6acda1	151	async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
7ad9b984 C	152	const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
7ad9b984 C	153	if (!serverBlock) {
2d53be02	154	res.status(HttpStatusCode.NOT_FOUND_404)
444c0a0e	155	.json({ error: 'Server block entry not found.' })
7ad9b984 C	156
	157	return false
	158	}
	159
	160	res.locals.serverBlock = serverBlock
	161
	162	return true
	163	}