X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Ffeeds.ts;h=0bfe89e6fb35cf13352b07cae4d27703396af45b;hb=8ca52bcc2c37d457e8b19a237c66b8dd1c00b6b9;hp=6a8cfce86d203fc724d9ba980831a2e08d525621;hpb=244e76a552ef05a5067134b1065d26dd89246d8c;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index 6a8cfce86..0bfe89e6f 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts @@ -1,27 +1,120 @@ -import * as express from 'express' -import { param, query } from 'express-validator/check' -import { isAccountIdExist, isAccountNameValid, isLocalAccountNameExist } from '../../helpers/custom-validators/accounts' -import { join } from 'path' -import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' -import { logger } from '../../helpers/logger' -import { areValidationErrors } from './utils' +import express from 'express' +import { param, query } from 'express-validator' +import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' +import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc' +import { + areValidationErrors, + checkCanSeeVideo, + doesAccountIdExist, + doesAccountNameWithHostExist, + doesUserFeedTokenCorrespond, + doesVideoChannelIdExist, + doesVideoChannelNameWithHostExist, + doesVideoExist +} from './shared' -const feedsValidator = [ - param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), - query('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), - query('accountId').optional().custom(isIdOrUUIDValid), - query('accountName').optional().custom(isAccountNameValid), +const feedsFormatValidator = [ + param('format') + .optional() + .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), + query('format') + .optional() + .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + return next() + } +] + +function setFeedFormatContentType (req: express.Request, res: express.Response, next: express.NextFunction) { + const format = req.query.format || req.params.format || 'rss' + + let acceptableContentTypes: string[] + if (format === 'atom' || format === 'atom1') { + acceptableContentTypes = [ 'application/atom+xml', 'application/xml', 'text/xml' ] + } else if (format === 'json' || format === 'json1') { + acceptableContentTypes = [ 'application/json' ] + } else if (format === 'rss' || format === 'rss2') { + acceptableContentTypes = [ 'application/rss+xml', 'application/xml', 'text/xml' ] + } else { + acceptableContentTypes = [ 'application/xml', 'text/xml' ] + } + + if (req.accepts(acceptableContentTypes)) { + res.set('Content-Type', req.accepts(acceptableContentTypes) as string) + } else { + return res.fail({ + status: HttpStatusCode.NOT_ACCEPTABLE_406, + message: `You should accept at least one of the following content-types: ${acceptableContentTypes.join(', ')}` + }) + } + + return next() +} + +const videoFeedsValidator = [ + query('accountId') + .optional() + .custom(isIdValid), + + query('accountName') + .optional(), + + query('videoChannelId') + .optional() + .custom(isIdValid), + + query('videoChannelName') + .optional(), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking feeds parameters', { parameters: req.query }) + if (areValidationErrors(req, res)) return + + if (req.query.accountId && !await doesAccountIdExist(req.query.accountId, res)) return + if (req.query.videoChannelId && !await doesVideoChannelIdExist(req.query.videoChannelId, res)) return + if (req.query.accountName && !await doesAccountNameWithHostExist(req.query.accountName, res)) return + if (req.query.videoChannelName && !await doesVideoChannelNameWithHostExist(req.query.videoChannelName, res)) return + return next() + } +] + +const videoSubscriptionFeedsValidator = [ + query('accountId') + .custom(isIdValid), + + query('token') + .custom(exists), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + if (!await doesAccountIdExist(req.query.accountId, res)) return + if (!await doesUserFeedTokenCorrespond(res.locals.account.userId, req.query.token, res)) return + + return next() + } +] + +const videoCommentsFeedsValidator = [ + query('videoId') + .optional() + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { if (areValidationErrors(req, res)) return - if (req.query.accountId) { - if (!await isAccountIdExist(req.query.accountId, res)) return - } else if (req.query.accountName) { - if (!await isLocalAccountNameExist(req.query.accountName, res)) return + if (req.query.videoId && (req.query.videoChannelId || req.query.videoChannelName)) { + return res.fail({ message: 'videoId cannot be mixed with a channel filter' }) + } + + if (req.query.videoId) { + if (!await doesVideoExist(req.query.videoId, res)) return + if (!await checkCanSeeVideo({ req, res, paramId: req.query.videoId, video: res.locals.videoAll })) return } return next() @@ -31,5 +124,9 @@ const feedsValidator = [ // --------------------------------------------------------------------------- export { - feedsValidator + feedsFormatValidator, + setFeedFormatContentType, + videoFeedsValidator, + videoSubscriptionFeedsValidator, + videoCommentsFeedsValidator }