Fix search with bad webfinger handles

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / follows.ts

diff --git a/server/middlewares/validators/follows.ts b/server/middlewares/validators/follows.ts
index ddc4c1de15cbf2ee09622eb85e02190f59754f8b..2e5a02307743d16ef3bef12dfadf48f7e4377b1b 100644 (file)
--- a/server/middlewares/validators/follows.ts
+++ b/server/middlewares/validators/follows.ts
@@ -1,56 +1,105 @@
 import * as express from 'express'
 import { body, param } from 'express-validator/check'
 import { isTestInstance } from '../../helpers/core-utils'
-import { isEachUniqueHostValid } from '../../helpers/custom-validators/servers'
+import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
 import { logger } from '../../helpers/logger'
-import { CONFIG, database as db } from '../../initializers'
-import { checkErrors } from './utils'
-import { getServerAccount } from '../../helpers/utils'
-import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
+import { getServerActor } from '../../helpers/utils'
+import { SERVER_ACTOR_NAME, WEBSERVER } from '../../initializers/constants'
+import { ActorFollowModel } from '../../models/activitypub/actor-follow'
+import { areValidationErrors } from './utils'
+import { ActorModel } from '../../models/activitypub/actor'
+import { loadActorUrlOrGetFromWebfinger } from '../../helpers/webfinger'
+import { isValidActorHandle } from '../../helpers/custom-validators/activitypub/actor'
 
 const followValidator = [
   body('hosts').custom(isEachUniqueHostValid).withMessage('Should have an array of unique hosts'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     // Force https if the administrator wants to make friends
-    if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') {
-      return res.status(400)
+    if (isTestInstance() === false && WEBSERVER.SCHEME === 'http') {
+      return res.status(500)
         .json({
-          error: 'Cannot follow non HTTPS web server.'
+          error: 'Cannot follow on a non HTTPS web server.'
         })
         .end()
     }
 
     logger.debug('Checking follow parameters', { parameters: req.body })
 
-    checkErrors(req, res, next)
+    if (areValidationErrors(req, res)) return
+
+    return next()
   }
 ]
 
 const removeFollowingValidator = [
-  param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),
+  param('host').custom(isHostValid).withMessage('Should have a valid host'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking unfollowing parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+
+    const serverActor = await getServerActor()
+    const follow = await ActorFollowModel.loadByActorAndTargetNameAndHostForAPI(serverActor.id, SERVER_ACTOR_NAME, req.params.host)
+
+    if (!follow) {
+      return res
+        .status(404)
+        .json({
+          error: `Following ${req.params.host} not found.`
+        })
+        .end()
+    }
+
+    res.locals.follow = follow
+    return next()
+  }
+]
+
+const getFollowerValidator = [
+  param('nameWithHost').custom(isValidActorHandle).withMessage('Should have a valid nameWithHost'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking get follower parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
 
+    let follow: ActorFollowModel
+    try {
+      const actorUrl = await loadActorUrlOrGetFromWebfinger(req.params.nameWithHost)
+      const actor = await ActorModel.loadByUrl(actorUrl)
+
+      const serverActor = await getServerActor()
+      follow = await ActorFollowModel.loadByActorAndTarget(actor.id, serverActor.id)
+    } catch (err) {
+      logger.warn('Cannot get actor from handle.', { handle: req.params.nameWithHost, err })
+    }
+
+    if (!follow) {
+      return res
+        .status(404)
+        .json({
+          error: `Follower ${req.params.nameWithHost} not found.`
+        })
+        .end()
+    }
+
+    res.locals.follow = follow
+    return next()
+  }
+]
+
+const acceptOrRejectFollowerValidator = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking unfollow parameters', { parameters: req.params })
-
-    checkErrors(req, res, async () => {
-      try {
-        const serverAccount = await getServerAccount()
-        const follow = await db.AccountFollow.loadByAccountAndTarget(serverAccount.id, req.params.accountId)
-
-        if (!follow) {
-          return res.status(404)
-            .end()
-        }
-
-        res.locals.follow = follow
-
-        return next()
-      } catch (err) {
-        logger.error('Error in remove following validator.', err)
-        return res.sendStatus(500)
-      }
-    })
+    logger.debug('Checking accept/reject follower parameters', { parameters: req.params })
+
+    const follow = res.locals.follow
+    if (follow.state !== 'pending') {
+      return res.status(400).json({ error: 'Follow is not in pending state.' }).end()
+    }
+
+    return next()
   }
 ]
 
@@ -58,5 +107,7 @@ const removeFollowingValidator = [
 
 export {
   followValidator,
-  removeFollowingValidator
+  removeFollowingValidator,
+  getFollowerValidator,
+  acceptOrRejectFollowerValidator
 }