aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/videos
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-07-07 10:57:04 +0200
committerChocobozzz <chocobozzz@cpy.re>2020-07-10 14:02:41 +0200
commit57f6896f67cfc570cf3605dd94b0778101b2d9b9 (patch)
treeb82d879c46868ce75ff76c3e4d4eed590a87f6c4 /server/middlewares/validators/videos
parentd95d15598847c7f020aa056e7e6e0c02d2bbf732 (diff)
downloadPeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.gz
PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.zst
PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.zip
Implement abuses check params
Diffstat (limited to 'server/middlewares/validators/videos')
-rw-r--r--server/middlewares/validators/videos/video-comments.ts70
1 files changed, 8 insertions, 62 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index ef019fcf9..77f5c6ff3 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -3,13 +3,16 @@ import { body, param } from 'express-validator'
3import { MUserAccountUrl } from '@server/types/models' 3import { MUserAccountUrl } from '@server/types/models'
4import { UserRight } from '../../../../shared' 4import { UserRight } from '../../../../shared'
5import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' 5import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
6import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' 6import {
7 doesVideoCommentExist,
8 doesVideoCommentThreadExist,
9 isValidVideoCommentText
10} from '../../../helpers/custom-validators/video-comments'
7import { logger } from '../../../helpers/logger' 11import { logger } from '../../../helpers/logger'
8import { doesVideoExist } from '../../../helpers/middlewares' 12import { doesVideoExist } from '../../../helpers/middlewares'
9import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' 13import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
10import { Hooks } from '../../../lib/plugins/hooks' 14import { Hooks } from '../../../lib/plugins/hooks'
11import { VideoCommentModel } from '../../../models/video/video-comment' 15import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
12import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video'
13import { areValidationErrors } from '../utils' 16import { areValidationErrors } from '../utils'
14 17
15const listVideoCommentThreadsValidator = [ 18const listVideoCommentThreadsValidator = [
@@ -120,67 +123,10 @@ export {
120 123
121// --------------------------------------------------------------------------- 124// ---------------------------------------------------------------------------
122 125
123async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) {
124 const id = parseInt(idArg + '', 10)
125 const videoComment = await VideoCommentModel.loadById(id)
126
127 if (!videoComment) {
128 res.status(404)
129 .json({ error: 'Video comment thread not found' })
130 .end()
131
132 return false
133 }
134
135 if (videoComment.videoId !== video.id) {
136 res.status(400)
137 .json({ error: 'Video comment is not associated to this video.' })
138 .end()
139
140 return false
141 }
142
143 if (videoComment.inReplyToCommentId !== null) {
144 res.status(400)
145 .json({ error: 'Video comment is not a thread.' })
146 .end()
147
148 return false
149 }
150
151 res.locals.videoCommentThread = videoComment
152 return true
153}
154
155async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) {
156 const id = parseInt(idArg + '', 10)
157 const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
158
159 if (!videoComment) {
160 res.status(404)
161 .json({ error: 'Video comment thread not found' })
162 .end()
163
164 return false
165 }
166
167 if (videoComment.videoId !== video.id) {
168 res.status(400)
169 .json({ error: 'Video comment is not associated to this video.' })
170 .end()
171
172 return false
173 }
174
175 res.locals.videoCommentFull = videoComment
176 return true
177}
178
179function isVideoCommentsEnabled (video: MVideo, res: express.Response) { 126function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
180 if (video.commentsEnabled !== true) { 127 if (video.commentsEnabled !== true) {
181 res.status(409) 128 res.status(409)
182 .json({ error: 'Video comments are disabled for this video.' }) 129 .json({ error: 'Video comments are disabled for this video.' })
183 .end()
184 130
185 return false 131 return false
186 } 132 }
@@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC
192 if (videoComment.isDeleted()) { 138 if (videoComment.isDeleted()) {
193 res.status(409) 139 res.status(409)
194 .json({ error: 'This comment is already deleted' }) 140 .json({ error: 'This comment is already deleted' })
195 .end() 141
196 return false 142 return false
197 } 143 }
198 144
@@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon
240 if (!acceptedResult || acceptedResult.accepted !== true) { 186 if (!acceptedResult || acceptedResult.accepted !== true) {
241 logger.info('Refused local comment.', { acceptedResult, acceptParameters }) 187 logger.info('Refused local comment.', { acceptedResult, acceptParameters })
242 res.status(403) 188 res.status(403)
243 .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) 189 .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
244 190
245 return false 191 return false
246 } 192 }