X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fmiddlewares%2Faccounts.ts;h=13ae6cdf4dad02cc0b7375f50ea315554622a113;hb=1fa23d6f5e487f3c149e1f0001beadd919ee82fc;hp=f5aa0badad321601f5e8f10579e2008a1add64fb;hpb=282e61e6c11f79e919c543871783fe1a00298d18;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts
index f5aa0bada..13ae6cdf4 100644
--- a/server/helpers/middlewares/accounts.ts
+++ b/server/helpers/middlewares/accounts.ts
@@ -1,10 +1,11 @@
 import { Response } from 'express'
+import { UserModel } from '@server/models/account/user'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 import { AccountModel } from '../../models/account/account'
-import * as Bluebird from 'bluebird'
-import { MAccountDefault } from '../../typings/models'
+import { MAccountDefault } from '../../types/models'
 
-function doesAccountIdExist (id: number, res: Response, sendNotFound = true) {
-  const promise = AccountModel.load(id)
+function doesAccountIdExist (id: number | string, res: Response, sendNotFound = true) {
+  const promise = AccountModel.load(parseInt(id + '', 10))
 
   return doesAccountExist(promise, res, sendNotFound)
 }
@@ -21,14 +22,13 @@ function doesAccountNameWithHostExist (nameWithDomain: string, res: Response, se
   return doesAccountExist(promise, res, sendNotFound)
 }
 
-async function doesAccountExist (p: Bluebird<MAccountDefault>, res: Response, sendNotFound: boolean) {
+async function doesAccountExist (p: Promise<MAccountDefault>, res: Response, sendNotFound: boolean) {
   const account = await p
 
   if (!account) {
     if (sendNotFound === true) {
-      res.status(404)
-         .send({ error: 'Account not found' })
-         .end()
+      res.status(HttpStatusCode.NOT_FOUND_404)
+         .json({ error: 'Account not found' })
     }
 
     return false
@@ -39,11 +39,27 @@ async function doesAccountExist (p: Bluebird<MAccountDefault>, res: Response, se
   return true
 }
 
+async function doesUserFeedTokenCorrespond (id: number, token: string, res: Response) {
+  const user = await UserModel.loadByIdWithChannels(parseInt(id + '', 10))
+
+  if (token !== user.feedToken) {
+    res.status(HttpStatusCode.FORBIDDEN_403)
+       .json({ error: 'User and token mismatch' })
+
+    return false
+  }
+
+  res.locals.user = user
+
+  return true
+}
+
 // ---------------------------------------------------------------------------
 
 export {
   doesAccountIdExist,
   doesLocalAccountNameExist,
   doesAccountNameWithHostExist,
-  doesAccountExist
+  doesAccountExist,
+  doesUserFeedTokenCorrespond
 }