server/middlewares/validators/blocklist.ts

   1 import express from 'express'
   2 import { body, param, query } from 'express-validator'
   3 import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
   4 import { toArray } from '@server/helpers/custom-validators/misc'
   5 import { getServerActor } from '@server/models/application/application'
   6 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
   7 import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
   8 import { logger } from '../../helpers/logger'
   9 import { WEBSERVER } from '../../initializers/constants'
  10 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
  11 import { ServerModel } from '../../models/server/server'
  12 import { ServerBlocklistModel } from '../../models/server/server-blocklist'
  13 import { areValidationErrors, doesAccountNameWithHostExist } from './shared'
  14
  15 const blockAccountValidator = [
  16   body('accountName')
  17     .exists(),
  18
  19   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  20     logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body })
  21
  22     if (areValidationErrors(req, res)) return
  23     if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
  24
  25     const user = res.locals.oauth.token.User
  26     const accountToBlock = res.locals.account
  27
  28     if (user.Account.id === accountToBlock.id) {
  29       res.fail({
  30         status: HttpStatusCode.CONFLICT_409,
  31         message: 'You cannot block yourself.'
  32       })
  33       return
  34     }
  35
  36     return next()
  37   }
  38 ]
  39
  40 const unblockAccountByAccountValidator = [
  41   param('accountName')
  42     .exists(),
  43
  44   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  45     logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params })
  46
  47     if (areValidationErrors(req, res)) return
  48     if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
  49
  50     const user = res.locals.oauth.token.User
  51     const targetAccount = res.locals.account
  52     if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
  53
  54     return next()
  55   }
  56 ]
  57
  58 const unblockAccountByServerValidator = [
  59   param('accountName')
  60     .exists(),
  61
  62   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  63     logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
  64
  65     if (areValidationErrors(req, res)) return
  66     if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
  67
  68     const serverActor = await getServerActor()
  69     const targetAccount = res.locals.account
  70     if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
  71
  72     return next()
  73   }
  74 ]
  75
  76 const blockServerValidator = [
  77   body('host')
  78     .custom(isHostValid),
  79
  80   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  81     logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
  82
  83     if (areValidationErrors(req, res)) return
  84
  85     const host: string = req.body.host
  86
  87     if (host === WEBSERVER.HOST) {
  88       return res.fail({
  89         status: HttpStatusCode.CONFLICT_409,
  90         message: 'You cannot block your own server.'
  91       })
  92     }
  93
  94     const server = await ServerModel.loadOrCreateByHost(host)
  95
  96     res.locals.server = server
  97
  98     return next()
  99   }
 100 ]
 101
 102 const unblockServerByAccountValidator = [
 103   param('host')
 104     .custom(isHostValid),
 105
 106   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 107     logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params })
 108
 109     if (areValidationErrors(req, res)) return
 110
 111     const user = res.locals.oauth.token.User
 112     if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
 113
 114     return next()
 115   }
 116 ]
 117
 118 const unblockServerByServerValidator = [
 119   param('host')
 120     .custom(isHostValid),
 121
 122   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 123     logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
 124
 125     if (areValidationErrors(req, res)) return
 126
 127     const serverActor = await getServerActor()
 128     if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
 129
 130     return next()
 131   }
 132 ]
 133
 134 const blocklistStatusValidator = [
 135   query('hosts')
 136     .optional()
 137     .customSanitizer(toArray)
 138     .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
 139
 140   query('accounts')
 141     .optional()
 142     .customSanitizer(toArray)
 143     .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
 144
 145   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 146     logger.debug('Checking blocklistStatusValidator parameters', { query: req.query })
 147
 148     if (areValidationErrors(req, res)) return
 149
 150     return next()
 151   }
 152 ]
 153
 154 // ---------------------------------------------------------------------------
 155
 156 export {
 157   blockServerValidator,
 158   blockAccountValidator,
 159   unblockAccountByAccountValidator,
 160   unblockServerByAccountValidator,
 161   unblockAccountByServerValidator,
 162   unblockServerByServerValidator,
 163   blocklistStatusValidator
 164 }
 165
 166 // ---------------------------------------------------------------------------
 167
 168 async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
 169   const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
 170   if (!accountBlock) {
 171     res.fail({
 172       status: HttpStatusCode.NOT_FOUND_404,
 173       message: 'Account block entry not found.'
 174     })
 175     return false
 176   }
 177
 178   res.locals.accountBlock = accountBlock
 179   return true
 180 }
 181
 182 async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
 183   const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
 184   if (!serverBlock) {
 185     res.fail({
 186       status: HttpStatusCode.NOT_FOUND_404,
 187       message: 'Server block entry not found.'
 188     })
 189     return false
 190   }
 191
 192   res.locals.serverBlock = serverBlock
 193   return true
 194 }