server/middlewares/validators/blocklist.ts

   1 import { body, param } from 'express-validator/check'
   2 import * as express from 'express'
   3 import { logger } from '../../helpers/logger'
   4 import { areValidationErrors } from './utils'
   5 import { isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts'
   6 import { UserModel } from '../../models/account/user'
   7 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
   8 import { isHostValid } from '../../helpers/custom-validators/servers'
   9 import { ServerBlocklistModel } from '../../models/server/server-blocklist'
  10 import { ServerModel } from '../../models/server/server'
  11 import { CONFIG } from '../../initializers'
  12
  13 const blockAccountByAccountValidator = [
  14   body('accountName').exists().withMessage('Should have an account name with host'),
  15
  16   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  17     logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })
  18
  19     if (areValidationErrors(req, res)) return
  20     if (!await isAccountNameWithHostExist(req.body.accountName, res)) return
  21
  22     const user = res.locals.oauth.token.User as UserModel
  23     const accountToBlock = res.locals.account
  24
  25     if (user.Account.id === accountToBlock.id) {
  26       res.status(409)
  27          .send({ error: 'You cannot block yourself.' })
  28          .end()
  29
  30       return
  31     }
  32
  33     return next()
  34   }
  35 ]
  36
  37 const unblockAccountByAccountValidator = [
  38   param('accountName').exists().withMessage('Should have an account name with host'),
  39
  40   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  41     logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })
  42
  43     if (areValidationErrors(req, res)) return
  44     if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
  45
  46     const user = res.locals.oauth.token.User as UserModel
  47     const targetAccount = res.locals.account
  48     if (!await isUnblockAccountExists(user.Account.id, targetAccount.id, res)) return
  49
  50     return next()
  51   }
  52 ]
  53
  54 const blockServerByAccountValidator = [
  55   body('host').custom(isHostValid).withMessage('Should have a valid host'),
  56
  57   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  58     logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
  59
  60     if (areValidationErrors(req, res)) return
  61
  62     const host: string = req.body.host
  63
  64     if (host === CONFIG.WEBSERVER.HOST) {
  65       return res.status(409)
  66         .send({ error: 'You cannot block your own server.' })
  67         .end()
  68     }
  69
  70     const server = await ServerModel.loadByHost(host)
  71     if (!server) {
  72       return res.status(404)
  73                 .send({ error: 'Server host not found.' })
  74                 .end()
  75     }
  76
  77     res.locals.server = server
  78
  79     return next()
  80   }
  81 ]
  82
  83 const unblockServerByAccountValidator = [
  84   param('host').custom(isHostValid).withMessage('Should have an account name with host'),
  85
  86   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  87     logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })
  88
  89     if (areValidationErrors(req, res)) return
  90
  91     const user = res.locals.oauth.token.User as UserModel
  92     if (!await isUnblockServerExists(user.Account.id, req.params.host, res)) return
  93
  94     return next()
  95   }
  96 ]
  97
  98 // ---------------------------------------------------------------------------
  99
 100 export {
 101   blockServerByAccountValidator,
 102   blockAccountByAccountValidator,
 103   unblockAccountByAccountValidator,
 104   unblockServerByAccountValidator
 105 }
 106
 107 // ---------------------------------------------------------------------------
 108
 109 async function isUnblockAccountExists (accountId: number, targetAccountId: number, res: express.Response) {
 110   const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
 111   if (!accountBlock) {
 112     res.status(404)
 113        .send({ error: 'Account block entry not found.' })
 114        .end()
 115
 116     return false
 117   }
 118
 119   res.locals.accountBlock = accountBlock
 120
 121   return true
 122 }
 123
 124 async function isUnblockServerExists (accountId: number, host: string, res: express.Response) {
 125   const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
 126   if (!serverBlock) {
 127     res.status(404)
 128        .send({ error: 'Server block entry not found.' })
 129        .end()
 130
 131     return false
 132   }
 133
 134   res.locals.serverBlock = serverBlock
 135
 136   return true
 137 }