X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fplugins.ts;h=c1e9ebefbb25f8aa2af3a9d6bf642426ab2d24a1;hb=ebee0c0427800e74800e21fd0e1d7550f7130270;hp=dc3f1454aecea50982fa8f1d51d32ca1de133c78;hpb=09071200c73f5358e1d0bfb61a274e4f2c4ec52b;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/plugins.ts b/server/middlewares/validators/plugins.ts index dc3f1454a..c1e9ebefb 100644 --- a/server/middlewares/validators/plugins.ts +++ b/server/middlewares/validators/plugins.ts @@ -1,33 +1,93 @@ -import * as express from 'express' -import { body, param, query } from 'express-validator/check' -import { logger } from '../../helpers/logger' -import { areValidationErrors } from './utils' +import express from 'express' +import { body, param, query, ValidationChain } from 'express-validator' +import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' +import { PluginType } from '../../../shared/models/plugins/plugin.type' +import { InstallOrUpdatePlugin } from '../../../shared/models/plugins/server/api/install-plugin.model' +import { exists, isBooleanValid, isSafePath, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' import { isNpmPluginNameValid, isPluginNameValid, isPluginTypeValid, isPluginVersionValid } from '../../helpers/custom-validators/plugins' +import { logger } from '../../helpers/logger' +import { CONFIG } from '../../initializers/config' import { PluginManager } from '../../lib/plugins/plugin-manager' -import { isBooleanValid, isSafePath } from '../../helpers/custom-validators/misc' import { PluginModel } from '../../models/server/plugin' -import { InstallOrUpdatePlugin } from '../../../shared/models/plugins/install-plugin.model' -import { PluginType } from '../../../shared/models/plugins/plugin.type' -import { CONFIG } from '../../initializers/config' +import { areValidationErrors } from './shared' -const servePluginStaticDirectoryValidator = (pluginType: PluginType) => [ - param('pluginName').custom(isPluginNameValid).withMessage('Should have a valid plugin name'), - param('pluginVersion').custom(isPluginVersionValid).withMessage('Should have a valid plugin version'), - param('staticEndpoint').custom(isSafePath).withMessage('Should have a valid static endpoint'), +const getPluginValidator = (pluginType: PluginType, withVersion = true) => { + const validators: (ValidationChain | express.Handler)[] = [ + param('pluginName').custom(isPluginNameValid).withMessage('Should have a valid plugin name') + ] + + if (withVersion) { + validators.push( + param('pluginVersion').custom(isPluginVersionValid).withMessage('Should have a valid plugin version') + ) + } + + return validators.concat([ + (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking getPluginValidator parameters', { parameters: req.params }) + + if (areValidationErrors(req, res)) return + + const npmName = PluginModel.buildNpmName(req.params.pluginName, pluginType) + const plugin = PluginManager.Instance.getRegisteredPluginOrTheme(npmName) + + if (!plugin) { + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'No plugin found named ' + npmName + }) + } + if (withVersion && plugin.version !== req.params.pluginVersion) { + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'No plugin found named ' + npmName + ' with version ' + req.params.pluginVersion + }) + } + + res.locals.registeredPlugin = plugin + + return next() + } + ]) +} + +const getExternalAuthValidator = [ + param('authName').custom(exists).withMessage('Should have a valid auth name'), (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking servePluginStaticDirectory parameters', { parameters: req.params }) + logger.debug('Checking getExternalAuthValidator parameters', { parameters: req.params }) if (areValidationErrors(req, res)) return - const npmName = PluginModel.buildNpmName(req.params.pluginName, pluginType) - const plugin = PluginManager.Instance.getRegisteredPluginOrTheme(npmName) + const plugin = res.locals.registeredPlugin + if (!plugin.registerHelpers) { + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'No registered helpers were found for this plugin' + }) + } - if (!plugin || plugin.version !== req.params.pluginVersion) { - return res.sendStatus(404) + const externalAuth = plugin.registerHelpers.getExternalAuths().find(a => a.authName === req.params.authName) + if (!externalAuth) { + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'No external auths were found for this plugin' + }) } - res.locals.registeredPlugin = plugin + res.locals.externalAuth = externalAuth + + return next() + } +] + +const pluginStaticDirectoryValidator = [ + param('staticEndpoint').custom(isSafePath).withMessage('Should have a valid static endpoint'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking pluginStaticDirectoryValidator parameters', { parameters: req.params }) + + if (areValidationErrors(req, res)) return return next() } @@ -36,10 +96,11 @@ const servePluginStaticDirectoryValidator = (pluginType: PluginType) => [ const listPluginsValidator = [ query('pluginType') .optional() + .customSanitizer(toIntOrNull) .custom(isPluginTypeValid).withMessage('Should have a valid plugin type'), query('uninstalled') .optional() - .toBoolean() + .customSanitizer(toBooleanOrNull) .custom(isBooleanValid).withMessage('Should have a valid uninstalled attribute'), (req: express.Request, res: express.Response, next: express.NextFunction) => { @@ -55,6 +116,9 @@ const installOrUpdatePluginValidator = [ body('npmName') .optional() .custom(isNpmPluginNameValid).withMessage('Should have a valid npm name'), + body('pluginVersion') + .optional() + .custom(isPluginVersionValid).withMessage('Should have a valid plugin version'), body('path') .optional() .custom(isSafePath).withMessage('Should have a valid safe path'), @@ -66,9 +130,10 @@ const installOrUpdatePluginValidator = [ const body: InstallOrUpdatePlugin = req.body if (!body.path && !body.npmName) { - return res.status(400) - .json({ error: 'Should have either a npmName or a path' }) - .end() + return res.fail({ message: 'Should have either a npmName or a path' }) + } + if (body.pluginVersion && !body.npmName) { + return res.fail({ message: 'Should have a npmName when specifying a pluginVersion' }) } return next() @@ -97,13 +162,13 @@ const existingPluginValidator = [ const plugin = await PluginModel.loadByNpmName(req.params.npmName) if (!plugin) { - return res.status(404) - .json({ error: 'Plugin not found' }) - .end() + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Plugin not found' + }) } res.locals.plugin = plugin - return next() } ] @@ -126,6 +191,7 @@ const listAvailablePluginsValidator = [ .exists().withMessage('Should have a valid search'), query('pluginType') .optional() + .customSanitizer(toIntOrNull) .custom(isPluginTypeValid).withMessage('Should have a valid plugin type'), query('currentPeerTubeEngine') .optional() @@ -137,9 +203,7 @@ const listAvailablePluginsValidator = [ if (areValidationErrors(req, res)) return if (CONFIG.PLUGINS.INDEX.ENABLED === false) { - return res.status(400) - .json({ error: 'Plugin index is not enabled' }) - .end() + return res.fail({ message: 'Plugin index is not enabled' }) } return next() @@ -149,11 +213,13 @@ const listAvailablePluginsValidator = [ // --------------------------------------------------------------------------- export { - servePluginStaticDirectoryValidator, + pluginStaticDirectoryValidator, + getPluginValidator, updatePluginSettingsValidator, uninstallPluginValidator, listAvailablePluginsValidator, existingPluginValidator, installOrUpdatePluginValidator, - listPluginsValidator + listPluginsValidator, + getExternalAuthValidator }