aboutsummaryrefslogtreecommitdiffhomepage
path: root/middlewares
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2015-11-07 14:16:26 +0100
committerChocobozzz <florian.bigard@gmail.com>2015-11-07 14:16:26 +0100
commit34ca3b5225479a5da986c86ee4c42a73ae6df5ad (patch)
tree561ba5ae1adccd5729305a8cc17d13d24a0c2ddb /middlewares
parentf5a60a5138135a3412dfbcfd6e564f7aa47a55c2 (diff)
downloadPeerTube-34ca3b5225479a5da986c86ee4c42a73ae6df5ad.tar.gz
PeerTube-34ca3b5225479a5da986c86ee4c42a73ae6df5ad.tar.zst
PeerTube-34ca3b5225479a5da986c86ee4c42a73ae6df5ad.zip
Add requests parameters validations
Diffstat (limited to 'middlewares')
-rw-r--r--middlewares/reqValidators/index.js11
-rw-r--r--middlewares/reqValidators/pods.js19
-rw-r--r--middlewares/reqValidators/remote.js40
-rw-r--r--middlewares/reqValidators/utils.js22
-rw-r--r--middlewares/reqValidators/videos.js67
5 files changed, 159 insertions, 0 deletions
diff --git a/middlewares/reqValidators/index.js b/middlewares/reqValidators/index.js
new file mode 100644
index 000000000..1ea611031
--- /dev/null
+++ b/middlewares/reqValidators/index.js
@@ -0,0 +1,11 @@
1;(function () {
2 'use strict'
3
4 var reqValidator = {
5 videos: require('./videos'),
6 pods: require('./pods'),
7 remote: require('./remote')
8 }
9
10 module.exports = reqValidator
11})()
diff --git a/middlewares/reqValidators/pods.js b/middlewares/reqValidators/pods.js
new file mode 100644
index 000000000..31eaf8449
--- /dev/null
+++ b/middlewares/reqValidators/pods.js
@@ -0,0 +1,19 @@
1;(function () {
2 'use strict'
3
4 var checkErrors = require('./utils').checkErrors
5 var logger = require('../../src/logger')
6
7 var pods = {}
8
9 pods.podsAdd = function (req, res, next) {
10 req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true })
11 req.checkBody('data.publicKey', 'Should have a public key').notEmpty()
12
13 logger.debug('Checking podsAdd parameters', { parameters: req.body })
14
15 checkErrors(req, res, next)
16 }
17
18 module.exports = pods
19})()
diff --git a/middlewares/reqValidators/remote.js b/middlewares/reqValidators/remote.js
new file mode 100644
index 000000000..e851b49a4
--- /dev/null
+++ b/middlewares/reqValidators/remote.js
@@ -0,0 +1,40 @@
1;(function () {
2 'use strict'
3
4 var checkErrors = require('./utils').checkErrors
5 var logger = require('../../src/logger')
6
7 var remote = {}
8
9 remote.secureRequest = function (req, res, next) {
10 req.checkBody('signature.url', 'Should have a signature url').isURL()
11 req.checkBody('signature.signature', 'Should have a signature').notEmpty()
12 req.checkBody('key', 'Should have a key').notEmpty()
13 req.checkBody('data', 'Should have data').notEmpty()
14
15 logger.debug('Checking secureRequest parameters', { parameters: req.body })
16
17 checkErrors(req, res, next)
18 }
19
20 remote.remoteVideosAdd = function (req, res, next) {
21 req.checkBody('data.name', 'Should have a name').isLength(1, 50)
22 req.checkBody('data.description', 'Should have a description').isLength(1, 250)
23 req.checkBody('data.magnetUri', 'Should have a magnetUri').notEmpty()
24 req.checkBody('data.podUrl', 'Should have a podUrl').isURL()
25
26 logger.debug('Checking remoteVideosAdd parameters', { parameters: req.body })
27
28 checkErrors(req, res, next)
29 }
30
31 remote.remoteVideosRemove = function (req, res, next) {
32 req.checkBody('data.magnetUri', 'Should have a magnetUri').notEmpty()
33
34 logger.debug('Checking remoteVideosRemove parameters', { parameters: req.body })
35
36 checkErrors(req, res, next)
37 }
38
39 module.exports = remote
40})()
diff --git a/middlewares/reqValidators/utils.js b/middlewares/reqValidators/utils.js
new file mode 100644
index 000000000..91ead27a5
--- /dev/null
+++ b/middlewares/reqValidators/utils.js
@@ -0,0 +1,22 @@
1;(function () {
2 'use strict'
3
4 var util = require('util')
5 var logger = require('../../src/logger')
6
7 var utils = {}
8
9 utils.checkErrors = function (req, res, next, status_code) {
10 if (status_code === undefined) status_code = 400
11 var errors = req.validationErrors()
12
13 if (errors) {
14 logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors })
15 return res.status(status_code).send('There have been validation errors: ' + util.inspect(errors))
16 }
17
18 return next()
19 }
20
21 module.exports = utils
22})()
diff --git a/middlewares/reqValidators/videos.js b/middlewares/reqValidators/videos.js
new file mode 100644
index 000000000..3763a657c
--- /dev/null
+++ b/middlewares/reqValidators/videos.js
@@ -0,0 +1,67 @@
1;(function () {
2 'use strict'
3
4 var checkErrors = require('./utils').checkErrors
5 var VideosDB = require('../../src/database').VideosDB
6 var logger = require('../../src/logger')
7
8 var videos = {}
9
10 function findVideoById (id, callback) {
11 VideosDB.findById(id, { _id: 1, namePath: 1 }).limit(1).exec(function (err, video) {
12 if (err) throw err
13
14 callback(video)
15 })
16 }
17
18 videos.videosSearch = function (req, res, next) {
19 req.checkParams('name', 'Should have a name').notEmpty()
20
21 logger.debug('Checking videosSearch parameters', { parameters: req.params })
22
23 checkErrors(req, res, next)
24 }
25
26 videos.videosAdd = function (req, res, next) {
27 req.checkFiles('input_video.originalname', 'Should have an input video').notEmpty()
28 req.checkFiles('input_video.mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
29 req.checkBody('name', 'Should have a name').isLength(1, 50)
30 req.checkBody('description', 'Should have a description').isLength(1, 250)
31
32 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
33
34 checkErrors(req, res, next)
35 }
36
37 videos.videosGet = function (req, res, next) {
38 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
39
40 logger.debug('Checking videosGet parameters', { parameters: req.params })
41
42 checkErrors(req, res, function () {
43 findVideoById(req.params.id, function (video) {
44 if (!video) return res.status(404).send('Video not found')
45
46 next()
47 })
48 })
49 }
50
51 videos.videosRemove = function (req, res, next) {
52 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
53
54 logger.debug('Checking videosRemove parameters', { parameters: req.params })
55
56 checkErrors(req, res, function () {
57 findVideoById(req.params.id, function (video) {
58 if (!video) return res.status(404).send('Video not found')
59 else if (video.namePath === null) return res.status(403).send('Cannot remove video of another pod')
60
61 next()
62 })
63 })
64 }
65
66 module.exports = videos
67})()