server/middlewares/validators/blocklist.ts

   1 import express from 'express'
   2 import { body, param, query } from 'express-validator'
   3 import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
   4 import { toArray } from '@server/helpers/custom-validators/misc'
   5 import { getServerActor } from '@server/models/application/application'
   6 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
   7 import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
   8 import { logger } from '../../helpers/logger'
   9 import { WEBSERVER } from '../../initializers/constants'
  10 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
  11 import { ServerModel } from '../../models/server/server'
  12 import { ServerBlocklistModel } from '../../models/server/server-blocklist'
  13 import { areValidationErrors, doesAccountNameWithHostExist } from './shared'
  14
  15 const blockAccountValidator = [
  16   body('accountName').exists().withMessage('Should have an account name with host'),
  17
  18   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  19     logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })
  20
  21     if (areValidationErrors(req, res)) return
  22     if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
  23
  24     const user = res.locals.oauth.token.User
  25     const accountToBlock = res.locals.account
  26
  27     if (user.Account.id === accountToBlock.id) {
  28       res.fail({
  29         status: HttpStatusCode.CONFLICT_409,
  30         message: 'You cannot block yourself.'
  31       })
  32       return
  33     }
  34
  35     return next()
  36   }
  37 ]
  38
  39 const unblockAccountByAccountValidator = [
  40   param('accountName').exists().withMessage('Should have an account name with host'),
  41
  42   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  43     logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })
  44
  45     if (areValidationErrors(req, res)) return
  46     if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
  47
  48     const user = res.locals.oauth.token.User
  49     const targetAccount = res.locals.account
  50     if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
  51
  52     return next()
  53   }
  54 ]
  55
  56 const unblockAccountByServerValidator = [
  57   param('accountName').exists().withMessage('Should have an account name with host'),
  58
  59   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  60     logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
  61
  62     if (areValidationErrors(req, res)) return
  63     if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
  64
  65     const serverActor = await getServerActor()
  66     const targetAccount = res.locals.account
  67     if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
  68
  69     return next()
  70   }
  71 ]
  72
  73 const blockServerValidator = [
  74   body('host').custom(isHostValid).withMessage('Should have a valid host'),
  75
  76   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  77     logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
  78
  79     if (areValidationErrors(req, res)) return
  80
  81     const host: string = req.body.host
  82
  83     if (host === WEBSERVER.HOST) {
  84       return res.fail({
  85         status: HttpStatusCode.CONFLICT_409,
  86         message: 'You cannot block your own server.'
  87       })
  88     }
  89
  90     const server = await ServerModel.loadOrCreateByHost(host)
  91
  92     res.locals.server = server
  93
  94     return next()
  95   }
  96 ]
  97
  98 const unblockServerByAccountValidator = [
  99   param('host').custom(isHostValid).withMessage('Should have an account name with host'),
 100
 101   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 102     logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })
 103
 104     if (areValidationErrors(req, res)) return
 105
 106     const user = res.locals.oauth.token.User
 107     if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
 108
 109     return next()
 110   }
 111 ]
 112
 113 const unblockServerByServerValidator = [
 114   param('host').custom(isHostValid).withMessage('Should have an account name with host'),
 115
 116   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 117     logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
 118
 119     if (areValidationErrors(req, res)) return
 120
 121     const serverActor = await getServerActor()
 122     if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
 123
 124     return next()
 125   }
 126 ]
 127
 128 const blocklistStatusValidator = [
 129   query('hosts')
 130     .optional()
 131     .customSanitizer(toArray)
 132     .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
 133
 134   query('accounts')
 135     .optional()
 136     .customSanitizer(toArray)
 137     .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
 138
 139   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 140     logger.debug('Checking blocklistStatusValidator parameters', { query: req.query })
 141
 142     if (areValidationErrors(req, res)) return
 143
 144     return next()
 145   }
 146 ]
 147
 148 // ---------------------------------------------------------------------------
 149
 150 export {
 151   blockServerValidator,
 152   blockAccountValidator,
 153   unblockAccountByAccountValidator,
 154   unblockServerByAccountValidator,
 155   unblockAccountByServerValidator,
 156   unblockServerByServerValidator,
 157   blocklistStatusValidator
 158 }
 159
 160 // ---------------------------------------------------------------------------
 161
 162 async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
 163   const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
 164   if (!accountBlock) {
 165     res.fail({
 166       status: HttpStatusCode.NOT_FOUND_404,
 167       message: 'Account block entry not found.'
 168     })
 169     return false
 170   }
 171
 172   res.locals.accountBlock = accountBlock
 173   return true
 174 }
 175
 176 async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
 177   const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
 178   if (!serverBlock) {
 179     res.fail({
 180       status: HttpStatusCode.NOT_FOUND_404,
 181       message: 'Server block entry not found.'
 182     })
 183     return false
 184   }
 185
 186   res.locals.serverBlock = serverBlock
 187   return true
 188 }