X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fmiddlewares%2Faccounts.ts;fp=server%2Fhelpers%2Fmiddlewares%2Faccounts.ts;h=9be80167c9f0c65cf4481d67331a2e0bc3aad4fb;hb=afff310e50f2fa8419bb4242470cbde46ab54463;hp=29b4ed1a6f56c737210f85817f5c6b97575df069;hpb=f619de0e435f7ac3abad2ec772397486358b56e7;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts
index 29b4ed1a6..9be80167c 100644
--- a/server/helpers/middlewares/accounts.ts
+++ b/server/helpers/middlewares/accounts.ts
@@ -2,6 +2,7 @@ import { Response } from 'express'
 import { AccountModel } from '../../models/account/account'
 import * as Bluebird from 'bluebird'
 import { MAccountDefault } from '../../types/models'
+import { UserModel } from '@server/models/account/user'
 
 function doesAccountIdExist (id: number | string, res: Response, sendNotFound = true) {
   const promise = AccountModel.load(parseInt(id + '', 10))
@@ -39,11 +40,28 @@ async function doesAccountExist (p: Bluebird<MAccountDefault>, res: Response, se
   return true
 }
 
+async function doesUserFeedTokenCorrespond (id: number | string, token: string, res: Response) {
+  const user = await UserModel.loadById(parseInt(id + '', 10))
+
+  if (token !== user.feedToken) {
+    res.status(401)
+       .send({ error: 'User and token mismatch' })
+       .end()
+
+    return false
+  }
+
+  res.locals.user = user
+
+  return true
+}
+
 // ---------------------------------------------------------------------------
 
 export {
   doesAccountIdExist,
   doesLocalAccountNameExist,
   doesAccountNameWithHostExist,
-  doesAccountExist
+  doesAccountExist,
+  doesUserFeedTokenCorrespond
 }