X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fblocklist.ts;h=8ec6cb01d5d66f27bd1150caede84121bcac57c4;hb=9972ace3a3bc65865fb3aaaa865a400386e49252;hp=109276c630ce21acca5de435e3c25debfa629370;hpb=be0f59b4eec3c2c4dcd151e2b174be39dff1568e;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 109276c63..8ec6cb01d 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts @@ -1,33 +1,32 @@ -import { body, param } from 'express-validator/check' -import * as express from 'express' -import { logger } from '../../helpers/logger' -import { areValidationErrors } from './utils' -import { isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts' -import { UserModel } from '../../models/account/user' +import express from 'express' +import { body, param, query } from 'express-validator' +import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor' +import { getServerActor } from '@server/models/application/application' +import { arrayify } from '@shared/core-utils' +import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' +import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers' +import { WEBSERVER } from '../../initializers/constants' import { AccountBlocklistModel } from '../../models/account/account-blocklist' -import { isHostValid } from '../../helpers/custom-validators/servers' -import { ServerBlocklistModel } from '../../models/server/server-blocklist' import { ServerModel } from '../../models/server/server' -import { CONFIG } from '../../initializers' -import { getServerActor } from '../../helpers/utils' +import { ServerBlocklistModel } from '../../models/server/server-blocklist' +import { areValidationErrors, doesAccountNameWithHostExist } from './shared' const blockAccountValidator = [ - body('accountName').exists().withMessage('Should have an account name with host'), + body('accountName') + .exists(), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking blockAccountByAccountValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return - if (!await isAccountNameWithHostExist(req.body.accountName, res)) return + if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return - const user = res.locals.oauth.token.User as UserModel + const user = res.locals.oauth.token.User const accountToBlock = res.locals.account if (user.Account.id === accountToBlock.id) { - res.status(409) - .send({ error: 'You cannot block yourself.' }) - .end() - + res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'You cannot block yourself.' + }) return } @@ -36,61 +35,54 @@ const blockAccountValidator = [ ] const unblockAccountByAccountValidator = [ - param('accountName').exists().withMessage('Should have an account name with host'), + param('accountName') + .exists(), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking unblockAccountByAccountValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isAccountNameWithHostExist(req.params.accountName, res)) return + if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return - const user = res.locals.oauth.token.User as UserModel + const user = res.locals.oauth.token.User const targetAccount = res.locals.account - if (!await isUnblockAccountExists(user.Account.id, targetAccount.id, res)) return + if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return return next() } ] const unblockAccountByServerValidator = [ - param('accountName').exists().withMessage('Should have an account name with host'), + param('accountName') + .exists(), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isAccountNameWithHostExist(req.params.accountName, res)) return + if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return const serverActor = await getServerActor() const targetAccount = res.locals.account - if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return + if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return return next() } ] const blockServerValidator = [ - body('host').custom(isHostValid).withMessage('Should have a valid host'), + body('host') + .custom(isHostValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking serverGetValidator parameters', { parameters: req.body }) - if (areValidationErrors(req, res)) return const host: string = req.body.host - if (host === CONFIG.WEBSERVER.HOST) { - return res.status(409) - .send({ error: 'You cannot block your own server.' }) - .end() + if (host === WEBSERVER.HOST) { + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'You cannot block your own server.' + }) } - const server = await ServerModel.loadByHost(host) - if (!server) { - return res.status(404) - .send({ error: 'Server host not found.' }) - .end() - } + const server = await ServerModel.loadOrCreateByHost(host) res.locals.server = server @@ -99,30 +91,46 @@ const blockServerValidator = [ ] const unblockServerByAccountValidator = [ - param('host').custom(isHostValid).withMessage('Should have an account name with host'), + param('host') + .custom(isHostValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking unblockServerByAccountValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - const user = res.locals.oauth.token.User as UserModel - if (!await isUnblockServerExists(user.Account.id, req.params.host, res)) return + const user = res.locals.oauth.token.User + if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return return next() } ] const unblockServerByServerValidator = [ - param('host').custom(isHostValid).withMessage('Should have an account name with host'), + param('host') + .custom(isHostValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return const serverActor = await getServerActor() - if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return + if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return + + return next() + } +] + +const blocklistStatusValidator = [ + query('hosts') + .optional() + .customSanitizer(arrayify) + .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'), + + query('accounts') + .optional() + .customSanitizer(arrayify) + .custom(areValidActorHandles).withMessage('Should have a valid accounts array'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return return next() } @@ -136,37 +144,36 @@ export { unblockAccountByAccountValidator, unblockServerByAccountValidator, unblockAccountByServerValidator, - unblockServerByServerValidator + unblockServerByServerValidator, + blocklistStatusValidator } // --------------------------------------------------------------------------- -async function isUnblockAccountExists (accountId: number, targetAccountId: number, res: express.Response) { +async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) { const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) if (!accountBlock) { - res.status(404) - .send({ error: 'Account block entry not found.' }) - .end() - + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Account block entry not found.' + }) return false } res.locals.accountBlock = accountBlock - return true } -async function isUnblockServerExists (accountId: number, host: string, res: express.Response) { +async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) { const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) if (!serverBlock) { - res.status(404) - .send({ error: 'Server block entry not found.' }) - .end() - + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Server block entry not found.' + }) return false } res.locals.serverBlock = serverBlock - return true }