diff options
author | Chocobozzz <me@florianbigard.com> | 2020-07-07 10:57:04 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-07-10 14:02:41 +0200 |
commit | 57f6896f67cfc570cf3605dd94b0778101b2d9b9 (patch) | |
tree | b82d879c46868ce75ff76c3e4d4eed590a87f6c4 /server/middlewares/validators/videos | |
parent | d95d15598847c7f020aa056e7e6e0c02d2bbf732 (diff) | |
download | PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.gz PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.zst PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.zip |
Implement abuses check params
Diffstat (limited to 'server/middlewares/validators/videos')
-rw-r--r-- | server/middlewares/validators/videos/video-comments.ts | 70 |
1 files changed, 8 insertions, 62 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ef019fcf9..77f5c6ff3 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts | |||
@@ -3,13 +3,16 @@ import { body, param } from 'express-validator' | |||
3 | import { MUserAccountUrl } from '@server/types/models' | 3 | import { MUserAccountUrl } from '@server/types/models' |
4 | import { UserRight } from '../../../../shared' | 4 | import { UserRight } from '../../../../shared' |
5 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | 5 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' |
6 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' | 6 | import { |
7 | doesVideoCommentExist, | ||
8 | doesVideoCommentThreadExist, | ||
9 | isValidVideoCommentText | ||
10 | } from '../../../helpers/custom-validators/video-comments' | ||
7 | import { logger } from '../../../helpers/logger' | 11 | import { logger } from '../../../helpers/logger' |
8 | import { doesVideoExist } from '../../../helpers/middlewares' | 12 | import { doesVideoExist } from '../../../helpers/middlewares' |
9 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' | 13 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' |
10 | import { Hooks } from '../../../lib/plugins/hooks' | 14 | import { Hooks } from '../../../lib/plugins/hooks' |
11 | import { VideoCommentModel } from '../../../models/video/video-comment' | 15 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' |
12 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video' | ||
13 | import { areValidationErrors } from '../utils' | 16 | import { areValidationErrors } from '../utils' |
14 | 17 | ||
15 | const listVideoCommentThreadsValidator = [ | 18 | const listVideoCommentThreadsValidator = [ |
@@ -120,67 +123,10 @@ export { | |||
120 | 123 | ||
121 | // --------------------------------------------------------------------------- | 124 | // --------------------------------------------------------------------------- |
122 | 125 | ||
123 | async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { | ||
124 | const id = parseInt(idArg + '', 10) | ||
125 | const videoComment = await VideoCommentModel.loadById(id) | ||
126 | |||
127 | if (!videoComment) { | ||
128 | res.status(404) | ||
129 | .json({ error: 'Video comment thread not found' }) | ||
130 | .end() | ||
131 | |||
132 | return false | ||
133 | } | ||
134 | |||
135 | if (videoComment.videoId !== video.id) { | ||
136 | res.status(400) | ||
137 | .json({ error: 'Video comment is not associated to this video.' }) | ||
138 | .end() | ||
139 | |||
140 | return false | ||
141 | } | ||
142 | |||
143 | if (videoComment.inReplyToCommentId !== null) { | ||
144 | res.status(400) | ||
145 | .json({ error: 'Video comment is not a thread.' }) | ||
146 | .end() | ||
147 | |||
148 | return false | ||
149 | } | ||
150 | |||
151 | res.locals.videoCommentThread = videoComment | ||
152 | return true | ||
153 | } | ||
154 | |||
155 | async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { | ||
156 | const id = parseInt(idArg + '', 10) | ||
157 | const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) | ||
158 | |||
159 | if (!videoComment) { | ||
160 | res.status(404) | ||
161 | .json({ error: 'Video comment thread not found' }) | ||
162 | .end() | ||
163 | |||
164 | return false | ||
165 | } | ||
166 | |||
167 | if (videoComment.videoId !== video.id) { | ||
168 | res.status(400) | ||
169 | .json({ error: 'Video comment is not associated to this video.' }) | ||
170 | .end() | ||
171 | |||
172 | return false | ||
173 | } | ||
174 | |||
175 | res.locals.videoCommentFull = videoComment | ||
176 | return true | ||
177 | } | ||
178 | |||
179 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { | 126 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { |
180 | if (video.commentsEnabled !== true) { | 127 | if (video.commentsEnabled !== true) { |
181 | res.status(409) | 128 | res.status(409) |
182 | .json({ error: 'Video comments are disabled for this video.' }) | 129 | .json({ error: 'Video comments are disabled for this video.' }) |
183 | .end() | ||
184 | 130 | ||
185 | return false | 131 | return false |
186 | } | 132 | } |
@@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC | |||
192 | if (videoComment.isDeleted()) { | 138 | if (videoComment.isDeleted()) { |
193 | res.status(409) | 139 | res.status(409) |
194 | .json({ error: 'This comment is already deleted' }) | 140 | .json({ error: 'This comment is already deleted' }) |
195 | .end() | 141 | |
196 | return false | 142 | return false |
197 | } | 143 | } |
198 | 144 | ||
@@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon | |||
240 | if (!acceptedResult || acceptedResult.accepted !== true) { | 186 | if (!acceptedResult || acceptedResult.accepted !== true) { |
241 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | 187 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) |
242 | res.status(403) | 188 | res.status(403) |
243 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | 189 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) |
244 | 190 | ||
245 | return false | 191 | return false |
246 | } | 192 | } |