Implement abuses check params

author: Chocobozzz <me@florianbigard.com> 2020-07-07 10:57:04 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2020-07-10 14:02:41 +0200
commit: 57f6896f67cfc570cf3605dd94b0778101b2d9b9 (patch)
tree: b82d879c46868ce75ff76c3e4d4eed590a87f6c4 /server/middlewares/validators/videos
parent: d95d15598847c7f020aa056e7e6e0c02d2bbf732 (diff)
download: PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.gz
PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.zst
PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.zip
1 files changed, 8 insertions, 62 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index ef019fcf9..77f5c6ff3 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -3,13 +3,16 @@ import { body, param } from 'express-validator'
 import { MUserAccountUrl } from '@server/types/models'
 import { UserRight } from '../../../../shared'
 import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
-import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
+import {
+  doesVideoCommentExist,
+  doesVideoCommentThreadExist,
+  isValidVideoCommentText
+} from '../../../helpers/custom-validators/video-comments'
 import { logger } from '../../../helpers/logger'
 import { doesVideoExist } from '../../../helpers/middlewares'
 import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
 import { Hooks } from '../../../lib/plugins/hooks'
-import { VideoCommentModel } from '../../../models/video/video-comment'
+import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
-import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video'
 import { areValidationErrors } from '../utils'
 const listVideoCommentThreadsValidator = [
@@ -120,67 +123,10 @@ export {
 // ---------------------------------------------------------------------------
-async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) {
-  const id = parseInt(idArg + '', 10)
-  const videoComment = await VideoCommentModel.loadById(id)
-  if (!videoComment) {
-    res.status(404)
-      .json({ error: 'Video comment thread not found' })
-      .end()
-    return false
-  }
-  if (videoComment.videoId !== video.id) {
-    res.status(400)
-      .json({ error: 'Video comment is not associated to this video.' })
-      .end()
-    return false
-  }
-  if (videoComment.inReplyToCommentId !== null) {
-    res.status(400)
-      .json({ error: 'Video comment is not a thread.' })
-      .end()
-    return false
-  }
-  res.locals.videoCommentThread = videoComment
-  return true
-}
-async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) {
-  const id = parseInt(idArg + '', 10)
-  const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
-  if (!videoComment) {
-    res.status(404)
-      .json({ error: 'Video comment thread not found' })
-      .end()
-    return false
-  }
-  if (videoComment.videoId !== video.id) {
-    res.status(400)
-      .json({ error: 'Video comment is not associated to this video.' })
-      .end()
-    return false
-  }
-  res.locals.videoCommentFull = videoComment
-  return true
-}
 function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
  if (video.commentsEnabled !== true) {
    res.status(409)
      .json({ error: 'Video comments are disabled for this video.' })
-      .end()
    return false
  }
@@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC
  if (videoComment.isDeleted()) {
    res.status(409)
      .json({ error: 'This comment is already deleted' })
-      .end()
    return false
  }
@@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon
  if (!acceptedResult || acceptedResult.accepted !== true) {
    logger.info('Refused local comment.', { acceptedResult, acceptParameters })
    res.status(403)
-              .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
+       .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
    return false
  }
author	Chocobozzz <me@florianbigard.com>	2020-07-07 10:57:04 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2020-07-10 14:02:41 +0200
commit	57f6896f67cfc570cf3605dd94b0778101b2d9b9 (patch)
tree	b82d879c46868ce75ff76c3e4d4eed590a87f6c4 /server/middlewares/validators/videos
parent	d95d15598847c7f020aa056e7e6e0c02d2bbf732 (diff)
download	PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.gz PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.tar.zst PeerTube-57f6896f67cfc570cf3605dd94b0778101b2d9b9.zip

diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ef019fcf9..77f5c6ff3 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts
@@ -3,13 +3,16 @@ import { body, param } from 'express-validator'
3	import { MUserAccountUrl } from '@server/types/models'	3	import { MUserAccountUrl } from '@server/types/models'
4	import { UserRight } from '../../../../shared'	4	import { UserRight } from '../../../../shared'
5	import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'	5	import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
6	import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'	6	import {
		7	doesVideoCommentExist,
		8	doesVideoCommentThreadExist,
		9	isValidVideoCommentText
		10	} from '../../../helpers/custom-validators/video-comments'
7	import { logger } from '../../../helpers/logger'	11	import { logger } from '../../../helpers/logger'
8	import { doesVideoExist } from '../../../helpers/middlewares'	12	import { doesVideoExist } from '../../../helpers/middlewares'
9	import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'	13	import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
10	import { Hooks } from '../../../lib/plugins/hooks'	14	import { Hooks } from '../../../lib/plugins/hooks'
11	import { VideoCommentModel } from '../../../models/video/video-comment'	15	import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
12	import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video'
13	import { areValidationErrors } from '../utils'	16	import { areValidationErrors } from '../utils'
14		17
15	const listVideoCommentThreadsValidator = [	18	const listVideoCommentThreadsValidator = [
@@ -120,67 +123,10 @@ export {
120		123
121	// ---------------------------------------------------------------------------	124	// ---------------------------------------------------------------------------
122		125
123	async function doesVideoCommentThreadExist (idArg: number \| string, video: MVideoId, res: express.Response) {
124	const id = parseInt(idArg + '', 10)
125	const videoComment = await VideoCommentModel.loadById(id)
126
127	if (!videoComment) {
128	res.status(404)
129	.json({ error: 'Video comment thread not found' })
130	.end()
131
132	return false
133	}
134
135	if (videoComment.videoId !== video.id) {
136	res.status(400)
137	.json({ error: 'Video comment is not associated to this video.' })
138	.end()
139
140	return false
141	}
142
143	if (videoComment.inReplyToCommentId !== null) {
144	res.status(400)
145	.json({ error: 'Video comment is not a thread.' })
146	.end()
147
148	return false
149	}
150
151	res.locals.videoCommentThread = videoComment
152	return true
153	}
154
155	async function doesVideoCommentExist (idArg: number \| string, video: MVideoId, res: express.Response) {
156	const id = parseInt(idArg + '', 10)
157	const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
158
159	if (!videoComment) {
160	res.status(404)
161	.json({ error: 'Video comment thread not found' })
162	.end()
163
164	return false
165	}
166
167	if (videoComment.videoId !== video.id) {
168	res.status(400)
169	.json({ error: 'Video comment is not associated to this video.' })
170	.end()
171
172	return false
173	}
174
175	res.locals.videoCommentFull = videoComment
176	return true
177	}
178
179	function isVideoCommentsEnabled (video: MVideo, res: express.Response) {	126	function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
180	if (video.commentsEnabled !== true) {	127	if (video.commentsEnabled !== true) {
181	res.status(409)	128	res.status(409)
182	.json({ error: 'Video comments are disabled for this video.' })	129	.json({ error: 'Video comments are disabled for this video.' })
183	.end()
184		130
185	return false	131	return false
186	}	132	}
@@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC
192	if (videoComment.isDeleted()) {	138	if (videoComment.isDeleted()) {
193	res.status(409)	139	res.status(409)
194	.json({ error: 'This comment is already deleted' })	140	.json({ error: 'This comment is already deleted' })
195	.end()	141
196	return false	142	return false
197	}	143	}
198		144
@@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon
240	if (!acceptedResult \|\| acceptedResult.accepted !== true) {	186	if (!acceptedResult \|\| acceptedResult.accepted !== true) {
241	logger.info('Refused local comment.', { acceptedResult, acceptParameters })	187	logger.info('Refused local comment.', { acceptedResult, acceptParameters })
242	res.status(403)	188	res.status(403)
243	.json({ error: acceptedResult.errorMessage \|\| 'Refused local comment' })	189	.json({ error: acceptedResult.errorMessage \|\| 'Refused local comment' })
244		190
245	return false	191	return false
246	}	192	}