X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Ffeeds.ts;h=0bfe89e6fb35cf13352b07cae4d27703396af45b;hb=8ca52bcc2c37d457e8b19a237c66b8dd1c00b6b9;hp=d29bebf6474737d2410b4a650a3c536beab40d98;hpb=421ff4618da64f0849353383f690a014024c40da;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index d29bebf64..0bfe89e6f 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts @@ -1,11 +1,11 @@ -import * as express from 'express' +import express from 'express' import { param, query } from 'express-validator' import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc' -import { logger } from '../../helpers/logger' import { areValidationErrors, + checkCanSeeVideo, doesAccountIdExist, doesAccountNameWithHostExist, doesUserFeedTokenCorrespond, @@ -15,8 +15,18 @@ import { } from './shared' const feedsFormatValidator = [ - param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), - query('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)') + param('format') + .optional() + .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), + query('format') + .optional() + .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + return next() + } ] function setFeedFormatContentType (req: express.Request, res: express.Response, next: express.NextFunction) { @@ -48,23 +58,19 @@ function setFeedFormatContentType (req: express.Request, res: express.Response, const videoFeedsValidator = [ query('accountId') .optional() - .custom(isIdValid) - .withMessage('Should have a valid account id'), + .custom(isIdValid), query('accountName') .optional(), query('videoChannelId') .optional() - .custom(isIdValid) - .withMessage('Should have a valid channel id'), + .custom(isIdValid), query('videoChannelName') .optional(), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking feeds parameters', { parameters: req.query }) - if (areValidationErrors(req, res)) return if (req.query.accountId && !await doesAccountIdExist(req.query.accountId, res)) return @@ -78,16 +84,12 @@ const videoFeedsValidator = [ const videoSubscriptionFeedsValidator = [ query('accountId') - .custom(isIdValid) - .withMessage('Should have a valid account id'), + .custom(isIdValid), query('token') - .custom(exists) - .withMessage('Should have a token'), + .custom(exists), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking subscription feeds parameters', { parameters: req.query }) - if (areValidationErrors(req, res)) return if (!await doesAccountIdExist(req.query.accountId, res)) return @@ -99,20 +101,21 @@ const videoSubscriptionFeedsValidator = [ const videoCommentsFeedsValidator = [ query('videoId') - .customSanitizer(toCompleteUUID) .optional() + .customSanitizer(toCompleteUUID) .custom(isIdOrUUIDValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking feeds parameters', { parameters: req.query }) - if (areValidationErrors(req, res)) return if (req.query.videoId && (req.query.videoChannelId || req.query.videoChannelName)) { return res.fail({ message: 'videoId cannot be mixed with a channel filter' }) } - if (req.query.videoId && !await doesVideoExist(req.query.videoId, res)) return + if (req.query.videoId) { + if (!await doesVideoExist(req.query.videoId, res)) return + if (!await checkCanSeeVideo({ req, res, paramId: req.query.videoId, video: res.locals.videoAll })) return + } return next() }