X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fblocklist.ts;h=12980ced4d722818f7e9344c3cb2e34115a7555a;hb=ebee0c0427800e74800e21fd0e1d7550f7130270;hp=9dbd5e51275cd609d215c578d7e63ef589e3c352;hpb=7ad9b9846c44d198a736183fb186c2039f5236b5;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 9dbd5e512..12980ced4 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts @@ -1,21 +1,36 @@ -import { param, body } from 'express-validator/check' -import * as express from 'express' +import express from 'express' +import { body, param, query } from 'express-validator' +import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor' +import { toArray } from '@server/helpers/custom-validators/misc' +import { getServerActor } from '@server/models/application/application' +import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' +import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers' import { logger } from '../../helpers/logger' -import { areValidationErrors } from './utils' -import { isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts' -import { UserModel } from '../../models/account/user' +import { WEBSERVER } from '../../initializers/constants' import { AccountBlocklistModel } from '../../models/account/account-blocklist' -import { isHostValid } from '../../helpers/custom-validators/servers' +import { ServerModel } from '../../models/server/server' import { ServerBlocklistModel } from '../../models/server/server-blocklist' +import { areValidationErrors, doesAccountNameWithHostExist } from './shared' -const blockAccountByAccountValidator = [ +const blockAccountValidator = [ body('accountName').exists().withMessage('Should have an account name with host'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body }) if (areValidationErrors(req, res)) return - if (!await isAccountNameWithHostExist(req.body.accountName, res)) return + if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return + + const user = res.locals.oauth.token.User + const accountToBlock = res.locals.account + + if (user.Account.id === accountToBlock.id) { + res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'You cannot block yourself.' + }) + return + } return next() } @@ -28,11 +43,53 @@ const unblockAccountByAccountValidator = [ logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params }) if (areValidationErrors(req, res)) return - if (!await isAccountNameWithHostExist(req.params.accountName, res)) return + if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return + + const user = res.locals.oauth.token.User + const targetAccount = res.locals.account + if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return + + return next() + } +] + +const unblockAccountByServerValidator = [ + param('accountName').exists().withMessage('Should have an account name with host'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params }) + + if (areValidationErrors(req, res)) return + if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return - const user = res.locals.oauth.token.User as UserModel + const serverActor = await getServerActor() const targetAccount = res.locals.account - if (!await isUnblockAccountExists(user.Account.id, targetAccount.id, res)) return + if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return + + return next() + } +] + +const blockServerValidator = [ + body('host').custom(isHostValid).withMessage('Should have a valid host'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking serverGetValidator parameters', { parameters: req.body }) + + if (areValidationErrors(req, res)) return + + const host: string = req.body.host + + if (host === WEBSERVER.HOST) { + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'You cannot block your own server.' + }) + } + + const server = await ServerModel.loadOrCreateByHost(host) + + res.locals.server = server return next() } @@ -46,8 +103,43 @@ const unblockServerByAccountValidator = [ if (areValidationErrors(req, res)) return - const user = res.locals.oauth.token.User as UserModel - if (!await isUnblockServerExists(user.Account.id, req.params.host, res)) return + const user = res.locals.oauth.token.User + if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return + + return next() + } +] + +const unblockServerByServerValidator = [ + param('host').custom(isHostValid).withMessage('Should have an account name with host'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params }) + + if (areValidationErrors(req, res)) return + + const serverActor = await getServerActor() + if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return + + return next() + } +] + +const blocklistStatusValidator = [ + query('hosts') + .optional() + .customSanitizer(toArray) + .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'), + + query('accounts') + .optional() + .customSanitizer(toArray) + .custom(areValidActorHandles).withMessage('Should have a valid accounts array'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking blocklistStatusValidator parameters', { query: req.query }) + + if (areValidationErrors(req, res)) return return next() } @@ -56,39 +148,41 @@ const unblockServerByAccountValidator = [ // --------------------------------------------------------------------------- export { - blockAccountByAccountValidator, + blockServerValidator, + blockAccountValidator, unblockAccountByAccountValidator, - unblockServerByAccountValidator + unblockServerByAccountValidator, + unblockAccountByServerValidator, + unblockServerByServerValidator, + blocklistStatusValidator } // --------------------------------------------------------------------------- -async function isUnblockAccountExists (accountId: number, targetAccountId: number, res: express.Response) { +async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) { const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) if (!accountBlock) { - res.status(404) - .send({ error: 'Account block entry not found.' }) - .end() - + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Account block entry not found.' + }) return false } res.locals.accountBlock = accountBlock - return true } -async function isUnblockServerExists (accountId: number, host: string, res: express.Response) { +async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) { const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) if (!serverBlock) { - res.status(404) - .send({ error: 'Server block entry not found.' }) - .end() - + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Server block entry not found.' + }) return false } res.locals.serverBlock = serverBlock - return true }