aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-08-08 14:58:21 +0200
committerChocobozzz <me@florianbigard.com>2018-08-08 15:22:58 +0200
commite69219184b1a3262ec5e617d30337b6431c9840c (patch)
tree959b32e1ed28047052604941870563e946be9de1 /server/middlewares
parent6b09aba90dfe4c61331b66b1a6ef1f58ddc61485 (diff)
downloadPeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.gz
PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.zst
PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.zip
Implement user blocking on server side
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/oauth.ts2
-rw-r--r--server/middlewares/validators/users.ts21
2 files changed, 22 insertions, 1 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index a6f28dd5b..5233b66bd 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -39,7 +39,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF
39 if (err) { 39 if (err) {
40 return res.status(err.status) 40 return res.status(err.status)
41 .json({ 41 .json({
42 error: 'Authentication failed.', 42 error: err.message,
43 code: err.name 43 code: err.name
44 }) 44 })
45 .end() 45 .end()
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 3c207c81f..94d8ab53b 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
74 } 74 }
75] 75]
76 76
77const usersBlockingValidator = [
78 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
79
80 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
81 logger.debug('Checking usersRemove parameters', { parameters: req.params })
82
83 if (areValidationErrors(req, res)) return
84 if (!await checkUserIdExist(req.params.id, res)) return
85
86 const user = res.locals.user
87 if (user.username === 'root') {
88 return res.status(400)
89 .send({ error: 'Cannot block the root user' })
90 .end()
91 }
92
93 return next()
94 }
95]
96
77const deleteMeValidator = [ 97const deleteMeValidator = [
78 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 98 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79 const user: UserModel = res.locals.oauth.token.User 99 const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
230 usersAddValidator, 250 usersAddValidator,
231 deleteMeValidator, 251 deleteMeValidator,
232 usersRegisterValidator, 252 usersRegisterValidator,
253 usersBlockingValidator,
233 usersRemoveValidator, 254 usersRemoveValidator,
234 usersUpdateValidator, 255 usersUpdateValidator,
235 usersUpdateMeValidator, 256 usersUpdateMeValidator,