diff options
author | Chocobozzz <me@florianbigard.com> | 2018-08-08 14:58:21 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-08-08 15:22:58 +0200 |
commit | e69219184b1a3262ec5e617d30337b6431c9840c (patch) | |
tree | 959b32e1ed28047052604941870563e946be9de1 /server/middlewares | |
parent | 6b09aba90dfe4c61331b66b1a6ef1f58ddc61485 (diff) | |
download | PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.gz PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.zst PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.zip |
Implement user blocking on server side
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/oauth.ts | 2 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts index a6f28dd5b..5233b66bd 100644 --- a/server/middlewares/oauth.ts +++ b/server/middlewares/oauth.ts | |||
@@ -39,7 +39,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF | |||
39 | if (err) { | 39 | if (err) { |
40 | return res.status(err.status) | 40 | return res.status(err.status) |
41 | .json({ | 41 | .json({ |
42 | error: 'Authentication failed.', | 42 | error: err.message, |
43 | code: err.name | 43 | code: err.name |
44 | }) | 44 | }) |
45 | .end() | 45 | .end() |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 3c207c81f..94d8ab53b 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -74,6 +74,26 @@ const usersRemoveValidator = [ | |||
74 | } | 74 | } |
75 | ] | 75 | ] |
76 | 76 | ||
77 | const usersBlockingValidator = [ | ||
78 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | ||
79 | |||
80 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
81 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | ||
82 | |||
83 | if (areValidationErrors(req, res)) return | ||
84 | if (!await checkUserIdExist(req.params.id, res)) return | ||
85 | |||
86 | const user = res.locals.user | ||
87 | if (user.username === 'root') { | ||
88 | return res.status(400) | ||
89 | .send({ error: 'Cannot block the root user' }) | ||
90 | .end() | ||
91 | } | ||
92 | |||
93 | return next() | ||
94 | } | ||
95 | ] | ||
96 | |||
77 | const deleteMeValidator = [ | 97 | const deleteMeValidator = [ |
78 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 98 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
79 | const user: UserModel = res.locals.oauth.token.User | 99 | const user: UserModel = res.locals.oauth.token.User |
@@ -230,6 +250,7 @@ export { | |||
230 | usersAddValidator, | 250 | usersAddValidator, |
231 | deleteMeValidator, | 251 | deleteMeValidator, |
232 | usersRegisterValidator, | 252 | usersRegisterValidator, |
253 | usersBlockingValidator, | ||
233 | usersRemoveValidator, | 254 | usersRemoveValidator, |
234 | usersUpdateValidator, | 255 | usersUpdateValidator, |
235 | usersUpdateMeValidator, | 256 | usersUpdateMeValidator, |