X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Ffollows.ts;h=86d2d6228d4c9db1c5ffd837d5b62615d606e661;hb=9452d4fd3321148fb80b64a67bd9983fee6c208e;hp=e22349726e581dd40fb7eaa235949b4573bcadf1;hpb=54141398354e6e7b94aa3065a705a1251390111c;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/follows.ts b/server/middlewares/validators/follows.ts
index e22349726..86d2d6228 100644
--- a/server/middlewares/validators/follows.ts
+++ b/server/middlewares/validators/follows.ts
@@ -1,56 +1,141 @@
-import * as express from 'express'
-import { body } from 'express-validator/check'
-import { isTestInstance } from '../../helpers/core-utils'
-import { isAccountIdValid } from '../../helpers/custom-validators/activitypub/account'
-import { isEachUniqueHostValid } from '../../helpers/custom-validators/servers'
+import express from 'express'
+import { body, param, query } from 'express-validator'
+import { isProdInstance } from '@server/helpers/core-utils'
+import { isEachUniqueHandleValid, isFollowStateValid, isRemoteHandleValid } from '@server/helpers/custom-validators/follows'
+import { loadActorUrlOrGetFromWebfinger } from '@server/lib/activitypub/actors'
+import { getRemoteNameAndHost } from '@server/lib/activitypub/follow'
+import { getServerActor } from '@server/models/application/application'
+import { MActorFollowActorsDefault } from '@server/types/models'
+import { ServerFollowCreate } from '@shared/models'
+import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
+import { isActorTypeValid, isValidActorHandle } from '../../helpers/custom-validators/activitypub/actor'
+import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
 import { logger } from '../../helpers/logger'
-import { CONFIG, database as db } from '../../initializers'
-import { checkErrors } from './utils'
-import { getServerAccount } from '../../helpers/utils'
+import { WEBSERVER } from '../../initializers/constants'
+import { ActorModel } from '../../models/actor/actor'
+import { ActorFollowModel } from '../../models/actor/actor-follow'
+import { areValidationErrors } from './shared'
+
+const listFollowsValidator = [
+  query('state')
+    .optional()
+    .custom(isFollowStateValid).withMessage('Should have a valid follow state'),
+  query('actorType')
+    .optional()
+    .custom(isActorTypeValid).withMessage('Should have a valid actor type'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
 
 const followValidator = [
-  body('hosts').custom(isEachUniqueHostValid).withMessage('Should have an array of unique hosts'),
+  body('hosts')
+    .toArray()
+    .custom(isEachUniqueHostValid).withMessage('Should have an array of unique hosts'),
+
+  body('handles')
+    .toArray()
+    .custom(isEachUniqueHandleValid).withMessage('Should have an array of handles'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    // Force https if the administrator wants to make friends
-    if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') {
-      return res.status(400)
+    // Force https if the administrator wants to follow remote actors
+    if (isProdInstance() && WEBSERVER.SCHEME === 'http') {
+      return res
+        .status(HttpStatusCode.INTERNAL_SERVER_ERROR_500)
         .json({
-          error: 'Cannot follow non HTTPS web server.'
+          error: 'Cannot follow on a non HTTPS web server.'
         })
-        .end()
     }
 
     logger.debug('Checking follow parameters', { parameters: req.body })
 
-    checkErrors(req, res, next)
+    if (areValidationErrors(req, res)) return
+
+    const body: ServerFollowCreate = req.body
+    if (body.hosts.length === 0 && body.handles.length === 0) {
+
+      return res
+        .status(HttpStatusCode.BAD_REQUEST_400)
+        .json({
+          error: 'You must provide at least one handle or one host.'
+        })
+    }
+
+    return next()
   }
 ]
 
 const removeFollowingValidator = [
-  body('accountId').custom(isAccountIdValid).withMessage('Should have a valid account id'),
+  param('hostOrHandle')
+    .custom(value => isHostValid(value) || isRemoteHandleValid(value))
+    .withMessage('Should have a valid host/handle'),
 
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking follow parameters', { parameters: req.body })
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking unfollowing parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
 
-    checkErrors(req, res, async () => {
-      try {
-        const serverAccount = await getServerAccount()
-        const following = await db.AccountFollow.loadByAccountAndTarget(serverAccount.id, req.params.accountId)
+    const serverActor = await getServerActor()
 
-        if (!following) {
-          return res.status(404)
-            .end()
-        }
+    const { name, host } = getRemoteNameAndHost(req.params.hostOrHandle)
+    const follow = await ActorFollowModel.loadByActorAndTargetNameAndHostForAPI(serverActor.id, name, host)
+
+    if (!follow) {
+      return res.fail({
+        status: HttpStatusCode.NOT_FOUND_404,
+        message: `Follow ${req.params.hostOrHandle} not found.`
+      })
+    }
 
-        res.locals.following = following
+    res.locals.follow = follow
+    return next()
+  }
+]
+
+const getFollowerValidator = [
+  param('nameWithHost').custom(isValidActorHandle).withMessage('Should have a valid nameWithHost'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking get follower parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+
+    let follow: MActorFollowActorsDefault
+    try {
+      const actorUrl = await loadActorUrlOrGetFromWebfinger(req.params.nameWithHost)
+      const actor = await ActorModel.loadByUrl(actorUrl)
+
+      const serverActor = await getServerActor()
+      follow = await ActorFollowModel.loadByActorAndTarget(actor.id, serverActor.id)
+    } catch (err) {
+      logger.warn('Cannot get actor from handle.', { handle: req.params.nameWithHost, err })
+    }
+
+    if (!follow) {
+      return res.fail({
+        status: HttpStatusCode.NOT_FOUND_404,
+        message: `Follower ${req.params.nameWithHost} not found.`
+      })
+    }
+
+    res.locals.follow = follow
+    return next()
+  }
+]
+
+const acceptOrRejectFollowerValidator = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking accept/reject follower parameters', { parameters: req.params })
+
+    const follow = res.locals.follow
+    if (follow.state !== 'pending') {
+      return res.fail({ message: 'Follow is not in pending state.' })
+    }
 
-        return next()
-      } catch (err) {
-        logger.error('Error in remove following validator.', err)
-        return res.sendStatus(500)
-      }
-    })
+    return next()
   }
 ]
 
@@ -58,5 +143,8 @@ const removeFollowingValidator = [
 
 export {
   followValidator,
-  removeFollowingValidator
+  removeFollowingValidator,
+  getFollowerValidator,
+  acceptOrRejectFollowerValidator,
+  listFollowsValidator
 }