]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/middlewares/validators/blocklist.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'release/4.3.0' into develop
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / blocklist.ts
1 import express from 'express'
2 import { body, param, query } from 'express-validator'
3 import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
4 import { getServerActor } from '@server/models/application/application'
5 import { arrayify } from '@shared/core-utils'
6 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
7 import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
8 import { WEBSERVER } from '../../initializers/constants'
9 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
10 import { ServerModel } from '../../models/server/server'
11 import { ServerBlocklistModel } from '../../models/server/server-blocklist'
12 import { areValidationErrors, doesAccountNameWithHostExist } from './shared'
13
14 const blockAccountValidator = [
15 body('accountName')
16 .exists(),
17
18 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
19 if (areValidationErrors(req, res)) return
20 if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return
21
22 const user = res.locals.oauth.token.User
23 const accountToBlock = res.locals.account
24
25 if (user.Account.id === accountToBlock.id) {
26 res.fail({
27 status: HttpStatusCode.CONFLICT_409,
28 message: 'You cannot block yourself.'
29 })
30 return
31 }
32
33 return next()
34 }
35 ]
36
37 const unblockAccountByAccountValidator = [
38 param('accountName')
39 .exists(),
40
41 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
42 if (areValidationErrors(req, res)) return
43 if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
44
45 const user = res.locals.oauth.token.User
46 const targetAccount = res.locals.account
47 if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return
48
49 return next()
50 }
51 ]
52
53 const unblockAccountByServerValidator = [
54 param('accountName')
55 .exists(),
56
57 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
58 if (areValidationErrors(req, res)) return
59 if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return
60
61 const serverActor = await getServerActor()
62 const targetAccount = res.locals.account
63 if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return
64
65 return next()
66 }
67 ]
68
69 const blockServerValidator = [
70 body('host')
71 .custom(isHostValid),
72
73 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
74 if (areValidationErrors(req, res)) return
75
76 const host: string = req.body.host
77
78 if (host === WEBSERVER.HOST) {
79 return res.fail({
80 status: HttpStatusCode.CONFLICT_409,
81 message: 'You cannot block your own server.'
82 })
83 }
84
85 const server = await ServerModel.loadOrCreateByHost(host)
86
87 res.locals.server = server
88
89 return next()
90 }
91 ]
92
93 const unblockServerByAccountValidator = [
94 param('host')
95 .custom(isHostValid),
96
97 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
98 if (areValidationErrors(req, res)) return
99
100 const user = res.locals.oauth.token.User
101 if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return
102
103 return next()
104 }
105 ]
106
107 const unblockServerByServerValidator = [
108 param('host')
109 .custom(isHostValid),
110
111 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
112 if (areValidationErrors(req, res)) return
113
114 const serverActor = await getServerActor()
115 if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return
116
117 return next()
118 }
119 ]
120
121 const blocklistStatusValidator = [
122 query('hosts')
123 .optional()
124 .customSanitizer(arrayify)
125 .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
126
127 query('accounts')
128 .optional()
129 .customSanitizer(arrayify)
130 .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
131
132 (req: express.Request, res: express.Response, next: express.NextFunction) => {
133 if (areValidationErrors(req, res)) return
134
135 return next()
136 }
137 ]
138
139 // ---------------------------------------------------------------------------
140
141 export {
142 blockServerValidator,
143 blockAccountValidator,
144 unblockAccountByAccountValidator,
145 unblockServerByAccountValidator,
146 unblockAccountByServerValidator,
147 unblockServerByServerValidator,
148 blocklistStatusValidator
149 }
150
151 // ---------------------------------------------------------------------------
152
153 async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
154 const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
155 if (!accountBlock) {
156 res.fail({
157 status: HttpStatusCode.NOT_FOUND_404,
158 message: 'Account block entry not found.'
159 })
160 return false
161 }
162
163 res.locals.accountBlock = accountBlock
164 return true
165 }
166
167 async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
168 const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
169 if (!serverBlock) {
170 res.fail({
171 status: HttpStatusCode.NOT_FOUND_404,
172 message: 'Server block entry not found.'
173 })
174 return false
175 }
176
177 res.locals.serverBlock = serverBlock
178 return true
179 }
ActivityPub-federated video streaming platform using P2P directly in your web browser