X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fabuse.ts;h=70bae17758d48a8308529d862e5f9a22e7971036;hb=b302c80dc0d9ba8eabef9ef6576efe36afc57584;hp=f99d850a5b3b7084e9befedcdb491be62b9869b5;hpb=668b7f096ead74d6e7692944a026c936f581dae8;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index f99d850a5..70bae1775 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts @@ -1,10 +1,10 @@ -import * as express from 'express' +import express from 'express' import { body, param, query } from 'express-validator' import { + areAbusePredefinedReasonsValid, isAbuseFilterValid, isAbuseMessageValid, isAbuseModerationCommentValid, - areAbusePredefinedReasonsValid, isAbusePredefinedReasonValid, isAbuseReasonValid, isAbuseStateValid, @@ -12,55 +12,47 @@ import { isAbuseTimestampValid, isAbuseVideoIsValid } from '@server/helpers/custom-validators/abuses' -import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' -import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments' +import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' import { logger } from '@server/helpers/logger' -import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares' import { AbuseMessageModel } from '@server/models/abuse/abuse-message' import { AbuseCreate, UserRight } from '@shared/models' -import { areValidationErrors } from './utils' +import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' +import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared' +import { forceNumber } from '@shared/core-utils' const abuseReportValidator = [ body('account.id') .optional() - .custom(isIdValid) - .withMessage('Should have a valid accountId'), + .custom(isIdValid), body('video.id') .optional() - .custom(isIdOrUUIDValid) - .withMessage('Should have a valid videoId'), + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid), body('video.startAt') .optional() .customSanitizer(toIntOrNull) - .custom(isAbuseTimestampValid) - .withMessage('Should have valid starting time value'), + .custom(isAbuseTimestampValid), body('video.endAt') .optional() .customSanitizer(toIntOrNull) .custom(isAbuseTimestampValid) - .withMessage('Should have valid ending time value') .bail() .custom(isAbuseTimestampCoherent) .withMessage('Should have a startAt timestamp beginning before endAt'), body('comment.id') .optional() - .custom(isIdValid) - .withMessage('Should have a valid commentId'), + .custom(isIdValid), body('reason') - .custom(isAbuseReasonValid) - .withMessage('Should have a valid reason'), + .custom(isAbuseReasonValid), body('predefinedReasons') .optional() - .custom(areAbusePredefinedReasonsValid) - .withMessage('Should have a valid list of predefined reasons'), + .custom(areAbusePredefinedReasonsValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking abuseReport parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return const body: AbuseCreate = req.body @@ -70,9 +62,7 @@ const abuseReportValidator = [ if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return if (!body.video?.id && !body.account?.id && !body.comment?.id) { - res.status(400) - .json({ error: 'video id or account id or comment id is required.' }) - + res.fail({ message: 'video id or account id or comment id is required.' }) return } @@ -81,11 +71,10 @@ const abuseReportValidator = [ ] const abuseGetValidator = [ - param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), + param('id') + .custom(isIdValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking abuseGetValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return if (!await doesAbuseExist(req.params.id, res)) return @@ -94,18 +83,17 @@ const abuseGetValidator = [ ] const abuseUpdateValidator = [ - param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), + param('id') + .custom(isIdValid), body('state') .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), + .custom(isAbuseStateValid), body('moderationComment') .optional() - .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'), + .custom(isAbuseModerationCommentValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return if (!await doesAbuseExist(req.params.id, res)) return @@ -116,40 +104,36 @@ const abuseUpdateValidator = [ const abuseListForAdminsValidator = [ query('id') .optional() - .custom(isIdValid).withMessage('Should have a valid id'), + .custom(isIdValid), query('filter') .optional() - .custom(isAbuseFilterValid) - .withMessage('Should have a valid filter'), + .custom(isAbuseFilterValid), query('predefinedReason') .optional() - .custom(isAbusePredefinedReasonValid) - .withMessage('Should have a valid predefinedReason'), + .custom(isAbusePredefinedReasonValid), query('search') .optional() - .custom(exists).withMessage('Should have a valid search'), + .custom(exists), query('state') .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), + .custom(isAbuseStateValid), query('videoIs') .optional() - .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'), + .custom(isAbuseVideoIsValid), query('searchReporter') .optional() - .custom(exists).withMessage('Should have a valid reporter search'), + .custom(exists), query('searchReportee') .optional() - .custom(exists).withMessage('Should have a valid reportee search'), + .custom(exists), query('searchVideo') .optional() - .custom(exists).withMessage('Should have a valid video search'), + .custom(exists), query('searchVideoChannel') .optional() - .custom(exists).withMessage('Should have a valid video channel search'), + .custom(exists), (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return return next() @@ -159,19 +143,17 @@ const abuseListForAdminsValidator = [ const abuseListForUserValidator = [ query('id') .optional() - .custom(isIdValid).withMessage('Should have a valid id'), + .custom(isIdValid), query('search') .optional() - .custom(exists).withMessage('Should have a valid search'), + .custom(exists), query('state') .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), + .custom(isAbuseStateValid), (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return return next() @@ -179,11 +161,10 @@ const abuseListForUserValidator = [ ] const getAbuseValidator = [ - param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), + param('id') + .custom(isIdValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking getAbuseValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return if (!await doesAbuseExist(req.params.id, res)) return @@ -194,7 +175,10 @@ const getAbuseValidator = [ const message = `User ${user.username} does not have right to get abuse ${abuse.id}` logger.warn(message) - return res.status(403).json({ error: message }) + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message + }) } return next() @@ -203,13 +187,9 @@ const getAbuseValidator = [ const checkAbuseValidForMessagesValidator = [ (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking checkAbuseValidForMessagesValidator parameters', { parameters: req.body }) - const abuse = res.locals.abuse if (abuse.ReporterAccount.isOwned() === false) { - return res.status(400).json({ - error: 'This abuse was created by a user of your instance.' - }) + return res.fail({ message: 'This abuse was created by a user of your instance.' }) } return next() @@ -217,11 +197,10 @@ const checkAbuseValidForMessagesValidator = [ ] const addAbuseMessageValidator = [ - body('message').custom(isAbuseMessageValid).not().isEmpty().withMessage('Should have a valid abuse message'), + body('message') + .custom(isAbuseMessageValid), (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return return next() @@ -229,25 +208,30 @@ const addAbuseMessageValidator = [ ] const deleteAbuseMessageValidator = [ - param('messageId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid message id'), + param('messageId') + .custom(isIdValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return const user = res.locals.oauth.token.user const abuse = res.locals.abuse - const messageId = parseInt(req.params.messageId + '', 10) + const messageId = forceNumber(req.params.messageId) const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) if (!abuseMessage) { - return res.status(404).json({ error: 'Abuse message not found' }) + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Abuse message not found' + }) } if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { - return res.status(403).json({ error: 'Cannot delete this abuse message' }) + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot delete this abuse message' + }) } res.locals.abuseMessage = abuseMessage @@ -256,115 +240,6 @@ const deleteAbuseMessageValidator = [ } ] -// FIXME: deprecated in 2.3. Remove these validators - -const videoAbuseReportValidator = [ - param('videoId') - .custom(isIdOrUUIDValid) - .not() - .isEmpty() - .withMessage('Should have a valid videoId'), - body('reason') - .custom(isAbuseReasonValid) - .withMessage('Should have a valid reason'), - body('predefinedReasons') - .optional() - .custom(areAbusePredefinedReasonsValid) - .withMessage('Should have a valid list of predefined reasons'), - body('startAt') - .optional() - .customSanitizer(toIntOrNull) - .custom(isAbuseTimestampValid) - .withMessage('Should have valid starting time value'), - body('endAt') - .optional() - .customSanitizer(toIntOrNull) - .custom(isAbuseTimestampValid) - .withMessage('Should have valid ending time value'), - - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) - - if (areValidationErrors(req, res)) return - if (!await doesVideoExist(req.params.videoId, res)) return - - return next() - } -] - -const videoAbuseGetValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), - param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), - - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body }) - - if (areValidationErrors(req, res)) return - if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return - - return next() - } -] - -const videoAbuseUpdateValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), - param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), - body('state') - .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'), - body('moderationComment') - .optional() - .custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'), - - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body }) - - if (areValidationErrors(req, res)) return - if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return - - return next() - } -] - -const videoAbuseListValidator = [ - query('id') - .optional() - .custom(isIdValid).withMessage('Should have a valid id'), - query('predefinedReason') - .optional() - .custom(isAbusePredefinedReasonValid) - .withMessage('Should have a valid predefinedReason'), - query('search') - .optional() - .custom(exists).withMessage('Should have a valid search'), - query('state') - .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'), - query('videoIs') - .optional() - .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'), - query('searchReporter') - .optional() - .custom(exists).withMessage('Should have a valid reporter search'), - query('searchReportee') - .optional() - .custom(exists).withMessage('Should have a valid reportee search'), - query('searchVideo') - .optional() - .custom(exists).withMessage('Should have a valid video search'), - query('searchVideoChannel') - .optional() - .custom(exists).withMessage('Should have a valid video channel search'), - - (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body }) - - if (areValidationErrors(req, res)) return - - return next() - } -] - // --------------------------------------------------------------------------- export { @@ -376,9 +251,5 @@ export { abuseUpdateValidator, deleteAbuseMessageValidator, abuseListForUserValidator, - getAbuseValidator, - videoAbuseReportValidator, - videoAbuseGetValidator, - videoAbuseUpdateValidator, - videoAbuseListValidator + getAbuseValidator }