Merge branch 'release/v1.0.0' into develop

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / blocklist.ts

diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts
index 9dbd5e51275cd609d215c578d7e63ef589e3c352..109276c630ce21acca5de435e3c25debfa629370 100644 (file)
--- a/server/middlewares/validators/blocklist.ts
+++ b/server/middlewares/validators/blocklist.ts
@@ -1,4 +1,4 @@
-import { param, body } from 'express-validator/check'
+import { body, param } from 'express-validator/check'
 import * as express from 'express'
 import { logger } from '../../helpers/logger'
 import { areValidationErrors } from './utils'
@@ -7,8 +7,11 @@ import { UserModel } from '../../models/account/user'
 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
 import { isHostValid } from '../../helpers/custom-validators/servers'
 import { ServerBlocklistModel } from '../../models/server/server-blocklist'
+import { ServerModel } from '../../models/server/server'
+import { CONFIG } from '../../initializers'
+import { getServerActor } from '../../helpers/utils'
 
-const blockAccountByAccountValidator = [
+const blockAccountValidator = [
   body('accountName').exists().withMessage('Should have an account name with host'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -17,6 +20,17 @@ const blockAccountByAccountValidator = [
     if (areValidationErrors(req, res)) return
     if (!await isAccountNameWithHostExist(req.body.accountName, res)) return
 
+    const user = res.locals.oauth.token.User as UserModel
+    const accountToBlock = res.locals.account
+
+    if (user.Account.id === accountToBlock.id) {
+      res.status(409)
+         .send({ error: 'You cannot block yourself.' })
+         .end()
+
+      return
+    }
+
     return next()
   }
 ]
@@ -38,6 +52,52 @@ const unblockAccountByAccountValidator = [
   }
 ]
 
+const unblockAccountByServerValidator = [
+  param('accountName').exists().withMessage('Should have an account name with host'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
+
+    const serverActor = await getServerActor()
+    const targetAccount = res.locals.account
+    if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return
+
+    return next()
+  }
+]
+
+const blockServerValidator = [
+  body('host').custom(isHostValid).withMessage('Should have a valid host'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+
+    const host: string = req.body.host
+
+    if (host === CONFIG.WEBSERVER.HOST) {
+      return res.status(409)
+        .send({ error: 'You cannot block your own server.' })
+        .end()
+    }
+
+    const server = await ServerModel.loadByHost(host)
+    if (!server) {
+      return res.status(404)
+                .send({ error: 'Server host not found.' })
+                .end()
+    }
+
+    res.locals.server = server
+
+    return next()
+  }
+]
+
 const unblockServerByAccountValidator = [
   param('host').custom(isHostValid).withMessage('Should have an account name with host'),
 
@@ -53,12 +113,30 @@ const unblockServerByAccountValidator = [
   }
 ]
 
+const unblockServerByServerValidator = [
+  param('host').custom(isHostValid).withMessage('Should have an account name with host'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+
+    const serverActor = await getServerActor()
+    if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
-  blockAccountByAccountValidator,
+  blockServerValidator,
+  blockAccountValidator,
   unblockAccountByAccountValidator,
-  unblockServerByAccountValidator
+  unblockServerByAccountValidator,
+  unblockAccountByServerValidator,
+  unblockServerByServerValidator
 }
 
 // ---------------------------------------------------------------------------