Add state and moderationComment for abuses on server side

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 55a08a64800dd822cc7ced26d42c6b336b059b5d..771c414a023d10e8b5403938e751247e72d497db 100644 (file)
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -5,9 +5,9 @@ import { body, param } from 'express-validator/check'
 import { omit } from 'lodash'
 import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
 import {
-  isAvatarFile,
-  isUserAutoPlayVideoValid,
-  isUserDescriptionValid, isUserDisplayNameValid,
+  isUserAutoPlayVideoValid, isUserBlockedReasonValid,
+  isUserDescriptionValid,
+  isUserDisplayNameValid,
   isUserNSFWPolicyValid,
   isUserPasswordValid,
   isUserRoleValid,
@@ -17,7 +17,6 @@ import {
 import { isVideoExist } from '../../helpers/custom-validators/videos'
 import { logger } from '../../helpers/logger'
 import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/utils'
-import { CONFIG, CONSTRAINTS_FIELDS } from '../../initializers'
 import { Redis } from '../../lib/redis'
 import { UserModel } from '../../models/account/user'
 import { areValidationErrors } from './utils'
@@ -75,6 +74,40 @@ const usersRemoveValidator = [
   }
 ]
 
+const usersBlockingValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersBlocking parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+
+    const user = res.locals.user
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'Cannot block the root user' })
+                .end()
+    }
+
+    return next()
+  }
+]
+
+const deleteMeValidator = [
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const user: UserModel = res.locals.oauth.token.User
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'You cannot delete your root account.' })
+                .end()
+    }
+
+    return next()
+  }
+]
+
 const usersUpdateValidator = [
   param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
   body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
@@ -116,21 +149,6 @@ const usersUpdateMeValidator = [
   }
 ]
 
-const usersUpdateMyAvatarValidator = [
-  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
-    'This file is not supported or too large. Please, make sure it is of the following type : '
-    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
-  ),
-
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersUpdateMyAvatarValidator parameters', { files: req.files })
-
-    if (areValidationErrors(req, res)) return
-
-    return next()
-  }
-]
-
 const usersGetValidator = [
   param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
 
@@ -231,7 +249,9 @@ const usersResetPasswordValidator = [
 
 export {
   usersAddValidator,
+  deleteMeValidator,
   usersRegisterValidator,
+  usersBlockingValidator,
   usersRemoveValidator,
   usersUpdateValidator,
   usersUpdateMeValidator,
@@ -239,7 +259,6 @@ export {
   ensureUserRegistrationAllowed,
   ensureUserRegistrationAllowedForIP,
   usersGetValidator,
-  usersUpdateMyAvatarValidator,
   usersAskResetPasswordValidator,
   usersResetPasswordValidator
 }