diff options
author | Chocobozzz <me@florianbigard.com> | 2020-07-07 10:57:04 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-07-10 14:02:41 +0200 |
commit | 57f6896f67cfc570cf3605dd94b0778101b2d9b9 (patch) | |
tree | b82d879c46868ce75ff76c3e4d4eed590a87f6c4 /server/helpers | |
parent | d95d15598847c7f020aa056e7e6e0c02d2bbf732 (diff) | |
download | PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.gz PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.zst PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.zip |
Implement abuses check params
Diffstat (limited to 'server/helpers')
-rw-r--r-- | server/helpers/custom-validators/abuses.ts | 17 | ||||
-rw-r--r-- | server/helpers/custom-validators/video-comments.ts | 81 | ||||
-rw-r--r-- | server/helpers/middlewares/abuses.ts | 13 | ||||
-rw-r--r-- | server/helpers/middlewares/accounts.ts | 4 |
4 files changed, 104 insertions, 11 deletions
diff --git a/server/helpers/custom-validators/abuses.ts b/server/helpers/custom-validators/abuses.ts index a6a895c65..c21468caa 100644 --- a/server/helpers/custom-validators/abuses.ts +++ b/server/helpers/custom-validators/abuses.ts | |||
@@ -1,6 +1,6 @@ | |||
1 | import validator from 'validator' | 1 | import validator from 'validator' |
2 | import { abusePredefinedReasonsMap, AbusePredefinedReasonsString, AbuseVideoIs } from '@shared/models' | 2 | import { AbuseFilter, abusePredefinedReasonsMap, AbusePredefinedReasonsString, AbuseVideoIs, AbuseCreate } from '@shared/models' |
3 | import { CONSTRAINTS_FIELDS, ABUSE_STATES } from '../../initializers/constants' | 3 | import { ABUSE_STATES, CONSTRAINTS_FIELDS } from '../../initializers/constants' |
4 | import { exists, isArray } from './misc' | 4 | import { exists, isArray } from './misc' |
5 | 5 | ||
6 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.ABUSES | 6 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.ABUSES |
@@ -13,7 +13,11 @@ function isAbusePredefinedReasonValid (value: AbusePredefinedReasonsString) { | |||
13 | return exists(value) && value in abusePredefinedReasonsMap | 13 | return exists(value) && value in abusePredefinedReasonsMap |
14 | } | 14 | } |
15 | 15 | ||
16 | function isAbusePredefinedReasonsValid (value: AbusePredefinedReasonsString[]) { | 16 | function isAbuseFilterValid (value: AbuseFilter) { |
17 | return value === 'video' || value === 'comment' || value === 'account' | ||
18 | } | ||
19 | |||
20 | function areAbusePredefinedReasonsValid (value: AbusePredefinedReasonsString[]) { | ||
17 | return exists(value) && isArray(value) && value.every(v => v in abusePredefinedReasonsMap) | 21 | return exists(value) && isArray(value) && value.every(v => v in abusePredefinedReasonsMap) |
18 | } | 22 | } |
19 | 23 | ||
@@ -22,7 +26,9 @@ function isAbuseTimestampValid (value: number) { | |||
22 | } | 26 | } |
23 | 27 | ||
24 | function isAbuseTimestampCoherent (endAt: number, { req }) { | 28 | function isAbuseTimestampCoherent (endAt: number, { req }) { |
25 | return exists(req.body.startAt) && endAt > req.body.startAt | 29 | const startAt = (req.body as AbuseCreate).video.startAt |
30 | |||
31 | return exists(startAt) && endAt > startAt | ||
26 | } | 32 | } |
27 | 33 | ||
28 | function isAbuseModerationCommentValid (value: string) { | 34 | function isAbuseModerationCommentValid (value: string) { |
@@ -44,8 +50,9 @@ function isAbuseVideoIsValid (value: AbuseVideoIs) { | |||
44 | 50 | ||
45 | export { | 51 | export { |
46 | isAbuseReasonValid, | 52 | isAbuseReasonValid, |
53 | isAbuseFilterValid, | ||
47 | isAbusePredefinedReasonValid, | 54 | isAbusePredefinedReasonValid, |
48 | isAbusePredefinedReasonsValid, | 55 | areAbusePredefinedReasonsValid as isAbusePredefinedReasonsValid, |
49 | isAbuseTimestampValid, | 56 | isAbuseTimestampValid, |
50 | isAbuseTimestampCoherent, | 57 | isAbuseTimestampCoherent, |
51 | isAbuseModerationCommentValid, | 58 | isAbuseModerationCommentValid, |
diff --git a/server/helpers/custom-validators/video-comments.ts b/server/helpers/custom-validators/video-comments.ts index 846f28b17..a01680cbe 100644 --- a/server/helpers/custom-validators/video-comments.ts +++ b/server/helpers/custom-validators/video-comments.ts | |||
@@ -1,6 +1,8 @@ | |||
1 | import 'multer' | 1 | import * as express from 'express' |
2 | import validator from 'validator' | 2 | import validator from 'validator' |
3 | import { VideoCommentModel } from '@server/models/video/video-comment' | ||
3 | import { CONSTRAINTS_FIELDS } from '../../initializers/constants' | 4 | import { CONSTRAINTS_FIELDS } from '../../initializers/constants' |
5 | import { MVideoId } from '@server/types/models' | ||
4 | 6 | ||
5 | const VIDEO_COMMENTS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_COMMENTS | 7 | const VIDEO_COMMENTS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_COMMENTS |
6 | 8 | ||
@@ -8,8 +10,83 @@ function isValidVideoCommentText (value: string) { | |||
8 | return value === null || validator.isLength(value, VIDEO_COMMENTS_CONSTRAINTS_FIELDS.TEXT) | 10 | return value === null || validator.isLength(value, VIDEO_COMMENTS_CONSTRAINTS_FIELDS.TEXT) |
9 | } | 11 | } |
10 | 12 | ||
13 | async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { | ||
14 | const id = parseInt(idArg + '', 10) | ||
15 | const videoComment = await VideoCommentModel.loadById(id) | ||
16 | |||
17 | if (!videoComment) { | ||
18 | res.status(404) | ||
19 | .json({ error: 'Video comment thread not found' }) | ||
20 | .end() | ||
21 | |||
22 | return false | ||
23 | } | ||
24 | |||
25 | if (videoComment.videoId !== video.id) { | ||
26 | res.status(400) | ||
27 | .json({ error: 'Video comment is not associated to this video.' }) | ||
28 | .end() | ||
29 | |||
30 | return false | ||
31 | } | ||
32 | |||
33 | if (videoComment.inReplyToCommentId !== null) { | ||
34 | res.status(400) | ||
35 | .json({ error: 'Video comment is not a thread.' }) | ||
36 | .end() | ||
37 | |||
38 | return false | ||
39 | } | ||
40 | |||
41 | res.locals.videoCommentThread = videoComment | ||
42 | return true | ||
43 | } | ||
44 | |||
45 | async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { | ||
46 | const id = parseInt(idArg + '', 10) | ||
47 | const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) | ||
48 | |||
49 | if (!videoComment) { | ||
50 | res.status(404) | ||
51 | .json({ error: 'Video comment thread not found' }) | ||
52 | .end() | ||
53 | |||
54 | return false | ||
55 | } | ||
56 | |||
57 | if (videoComment.videoId !== video.id) { | ||
58 | res.status(400) | ||
59 | .json({ error: 'Video comment is not associated to this video.' }) | ||
60 | .end() | ||
61 | |||
62 | return false | ||
63 | } | ||
64 | |||
65 | res.locals.videoCommentFull = videoComment | ||
66 | return true | ||
67 | } | ||
68 | |||
69 | async function doesCommentIdExist (idArg: number | string, res: express.Response) { | ||
70 | const id = parseInt(idArg + '', 10) | ||
71 | const videoComment = await VideoCommentModel.loadById(id) | ||
72 | |||
73 | if (!videoComment) { | ||
74 | res.status(404) | ||
75 | .json({ error: 'Video comment thread not found' }) | ||
76 | |||
77 | return false | ||
78 | } | ||
79 | |||
80 | res.locals.videoComment = videoComment | ||
81 | |||
82 | return true | ||
83 | } | ||
84 | |||
11 | // --------------------------------------------------------------------------- | 85 | // --------------------------------------------------------------------------- |
12 | 86 | ||
13 | export { | 87 | export { |
14 | isValidVideoCommentText | 88 | isValidVideoCommentText, |
89 | doesVideoCommentThreadExist, | ||
90 | doesVideoCommentExist, | ||
91 | doesCommentIdExist | ||
15 | } | 92 | } |
diff --git a/server/helpers/middlewares/abuses.ts b/server/helpers/middlewares/abuses.ts index 3906f6760..b102273a2 100644 --- a/server/helpers/middlewares/abuses.ts +++ b/server/helpers/middlewares/abuses.ts | |||
@@ -17,7 +17,6 @@ async function doesVideoAbuseExist (abuseIdArg: number | string, videoUUID: stri | |||
17 | if (abuse === null) { | 17 | if (abuse === null) { |
18 | res.status(404) | 18 | res.status(404) |
19 | .json({ error: 'Video abuse not found' }) | 19 | .json({ error: 'Video abuse not found' }) |
20 | .end() | ||
21 | 20 | ||
22 | return false | 21 | return false |
23 | } | 22 | } |
@@ -26,8 +25,18 @@ async function doesVideoAbuseExist (abuseIdArg: number | string, videoUUID: stri | |||
26 | return true | 25 | return true |
27 | } | 26 | } |
28 | 27 | ||
29 | async function doesAbuseExist (abuseIdArg: number | string, videoUUID: string, res: Response) { | 28 | async function doesAbuseExist (abuseId: number | string, res: Response) { |
29 | const abuse = await AbuseModel.loadById(parseInt(abuseId + '', 10)) | ||
30 | 30 | ||
31 | if (!abuse) { | ||
32 | res.status(404) | ||
33 | .json({ error: 'Video abuse not found' }) | ||
34 | |||
35 | return false | ||
36 | } | ||
37 | |||
38 | res.locals.abuse = abuse | ||
39 | return true | ||
31 | } | 40 | } |
32 | 41 | ||
33 | // --------------------------------------------------------------------------- | 42 | // --------------------------------------------------------------------------- |
diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts index bddea7eaa..29b4ed1a6 100644 --- a/server/helpers/middlewares/accounts.ts +++ b/server/helpers/middlewares/accounts.ts | |||
@@ -3,8 +3,8 @@ import { AccountModel } from '../../models/account/account' | |||
3 | import * as Bluebird from 'bluebird' | 3 | import * as Bluebird from 'bluebird' |
4 | import { MAccountDefault } from '../../types/models' | 4 | import { MAccountDefault } from '../../types/models' |
5 | 5 | ||
6 | function doesAccountIdExist (id: number, res: Response, sendNotFound = true) { | 6 | function doesAccountIdExist (id: number | string, res: Response, sendNotFound = true) { |
7 | const promise = AccountModel.load(id) | 7 | const promise = AccountModel.load(parseInt(id + '', 10)) |
8 | 8 | ||
9 | return doesAccountExist(promise, res, sendNotFound) | 9 | return doesAccountExist(promise, res, sendNotFound) |
10 | } | 10 | } |