X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fabuse.ts;h=22f66c8cff0d0ab69eaf822c98cf6aff3b867a00;hb=743dab5517d4501f6b35cfc795de6c8b6f41ebb3;hp=99403ca40933d0a097da40773a5dbcd1cecf5aad;hpb=7a4ea932461f228ae44a173ddcd48ffb088aa023;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 99403ca40..22f66c8cf 100644
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -1,4 +1,4 @@
-import * as express from 'express'
+import express from 'express'
 import { body, param, query } from 'express-validator'
 import {
   areAbusePredefinedReasonsValid,
@@ -12,13 +12,12 @@ import {
   isAbuseTimestampValid,
   isAbuseVideoIsValid
 } from '@server/helpers/custom-validators/abuses'
-import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'
-import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
+import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
 import { logger } from '@server/helpers/logger'
-import { doesAbuseExist, doesAccountIdExist, doesVideoExist } from '@server/helpers/middlewares'
 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
 import { AbuseCreate, UserRight } from '@shared/models'
-import { areValidationErrors } from './utils'
+import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
+import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
 
 const abuseReportValidator = [
   body('account.id')
@@ -28,6 +27,7 @@ const abuseReportValidator = [
 
   body('video.id')
     .optional()
+    .customSanitizer(toCompleteUUID)
     .custom(isIdOrUUIDValid)
     .withMessage('Should have a valid videoId'),
   body('video.startAt')
@@ -70,9 +70,7 @@ const abuseReportValidator = [
     if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
 
     if (!body.video?.id && !body.account?.id && !body.comment?.id) {
-      res.status(400)
-        .json({ error: 'video id or account id or comment id is required.' })
-
+      res.fail({ message: 'video id or account id or comment id is required.' })
       return
     }
 
@@ -194,7 +192,10 @@ const getAbuseValidator = [
       const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
       logger.warn(message)
 
-      return res.status(403).json({ error: message })
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message
+      })
     }
 
     return next()
@@ -207,9 +208,7 @@ const checkAbuseValidForMessagesValidator = [
 
     const abuse = res.locals.abuse
     if (abuse.ReporterAccount.isOwned() === false) {
-      return res.status(400).json({
-        error: 'This abuse was created by a user of your instance.'
-      })
+      return res.fail({ message: 'This abuse was created by a user of your instance.' })
     }
 
     return next()
@@ -243,11 +242,17 @@ const deleteAbuseMessageValidator = [
     const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
 
     if (!abuseMessage) {
-      return res.status(404).json({ error: 'Abuse message not found' })
+      return res.fail({
+        status: HttpStatusCode.NOT_FOUND_404,
+        message: 'Abuse message not found'
+      })
     }
 
     if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
-      return res.status(403).json({ error: 'Cannot delete this abuse message' })
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Cannot delete this abuse message'
+      })
     }
 
     res.locals.abuseMessage = abuseMessage