Don't inject untrusted input

[github/Chocobozzz/PeerTube.git] / server / models / server / plugin.ts

diff --git a/server/models/server/plugin.ts b/server/models/server/plugin.ts
index 84f7a14e47b22451f42847ad027653195362996a..6a5d801823f42b0768c38357f168f620c10bebcd 100644 (file)
--- a/server/models/server/plugin.ts
+++ b/server/models/server/plugin.ts
@@ -2,13 +2,14 @@ import { FindAndCountOptions, json, QueryTypes } from 'sequelize'
 import { AllowNull, Column, CreatedAt, DataType, DefaultScope, Is, Model, Table, UpdatedAt } from 'sequelize-typescript'
 import { MPlugin, MPluginFormattable } from '@server/types/models'
 import { AttributesOnly } from '@shared/typescript-utils'
-import { PeerTubePlugin, PluginType, RegisterServerSettingOptions } from '../../../shared/models'
+import { PeerTubePlugin, PluginType, RegisterServerSettingOptions, SettingEntries, SettingValue } from '../../../shared/models'
 import {
   isPluginDescriptionValid,
   isPluginHomepage,
   isPluginNameValid,
-  isPluginTypeValid,
-  isPluginVersionValid
+  isPluginStableOrUnstableVersionValid,
+  isPluginStableVersionValid,
+  isPluginTypeValid
 } from '../../helpers/custom-validators/plugins'
 import { getSort, throwIfNotValid } from '../utils'
 
@@ -40,12 +41,12 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
   type: number
 
   @AllowNull(false)
-  @Is('PluginVersion', value => throwIfNotValid(value, isPluginVersionValid, 'version'))
+  @Is('PluginVersion', value => throwIfNotValid(value, isPluginStableOrUnstableVersionValid, 'version'))
   @Column
   version: string
 
   @AllowNull(true)
-  @Is('PluginLatestVersion', value => throwIfNotValid(value, isPluginVersionValid, 'version'))
+  @Is('PluginLatestVersion', value => throwIfNotValid(value, isPluginStableVersionValid, 'version'))
   @Column
   latestVersion: string
 
@@ -148,7 +149,7 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
 
     return PluginModel.findOne(query)
       .then(p => {
-        const result: { [settingName: string ]: string | boolean } = {}
+        const result: SettingEntries = {}
 
         for (const name of settingNames) {
           if (!p || !p.settings || p.settings[name] === undefined) {
@@ -166,7 +167,7 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
       })
   }
 
-  static setSetting (pluginName: string, pluginType: PluginType, settingName: string, settingValue: string) {
+  static setSetting (pluginName: string, pluginType: PluginType, settingName: string, settingValue: SettingValue) {
     const query = {
       where: {
         name: pluginName,
@@ -239,11 +240,10 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
 
     if (options.pluginType) query.where['type'] = options.pluginType
 
-    return PluginModel
-      .findAndCountAll<MPlugin>(query)
-      .then(({ rows, count }) => {
-        return { total: count, data: rows }
-      })
+    return Promise.all([
+      PluginModel.count(query),
+      PluginModel.findAll<MPlugin>(query)
+    ]).then(([ total, data ]) => ({ total, data }))
   }
 
   static listInstalled (): Promise<MPlugin[]> {
@@ -273,7 +273,7 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
   }
 
   getPublicSettings (registeredSettings: RegisterServerSettingOptions[]) {
-    const result: { [ name: string ]: string } = {}
+    const result: SettingEntries = {}
     const settings = this.settings || {}
 
     for (const r of registeredSettings) {