Implement user blocking on server side

author: Chocobozzz <me@florianbigard.com> 2018-08-08 14:58:21 +0200
committer: Chocobozzz <me@florianbigard.com> 2018-08-08 15:22:58 +0200
commit: e69219184b1a3262ec5e617d30337b6431c9840c (patch)
tree: 959b32e1ed28047052604941870563e946be9de1 /server/middlewares
parent: 6b09aba90dfe4c61331b66b1a6ef1f58ddc61485 (diff)
download: PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.gz
PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.zst
PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.zip
2 files changed, 22 insertions, 1 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index a6f28dd5b..5233b66bd 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -39,7 +39,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF
    if (err) {
      return res.status(err.status)
        .json({
-          error: 'Authentication failed.',
+          error: err.message,
          code: err.name
        })
        .end()
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 3c207c81f..94d8ab53b 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
  }
 ]
+const usersBlockingValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRemove parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+    const user = res.locals.user
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'Cannot block the root user' })
+                .end()
+    }
+    return next()
+  }
+]
 const deleteMeValidator = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
  usersAddValidator,
  deleteMeValidator,
  usersRegisterValidator,
+  usersBlockingValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,
author	Chocobozzz <me@florianbigard.com>	2018-08-08 14:58:21 +0200
committer	Chocobozzz <me@florianbigard.com>	2018-08-08 15:22:58 +0200
commit	e69219184b1a3262ec5e617d30337b6431c9840c (patch)
tree	959b32e1ed28047052604941870563e946be9de1 /server/middlewares
parent	6b09aba90dfe4c61331b66b1a6ef1f58ddc61485 (diff)
download	PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.gz PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.tar.zst PeerTube-e69219184b1a3262ec5e617d30337b6431c9840c.zip

diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts index a6f28dd5b..5233b66bd 100644 --- a/server/middlewares/oauth.ts +++ b/server/middlewares/oauth.ts
@@ -39,7 +39,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF
39	if (err) {	39	if (err) {
40	return res.status(err.status)	40	return res.status(err.status)
41	.json({	41	.json({
42	error: 'Authentication failed.',	42	error: err.message,
43	code: err.name	43	code: err.name
44	})	44	})
45	.end()	45	.end()


diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 3c207c81f..94d8ab53b 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
74	}	74	}
75	]	75	]
76		76
		77	const usersBlockingValidator = [
		78	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
		79
		80	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		81	logger.debug('Checking usersRemove parameters', { parameters: req.params })
		82
		83	if (areValidationErrors(req, res)) return
		84	if (!await checkUserIdExist(req.params.id, res)) return
		85
		86	const user = res.locals.user
		87	if (user.username === 'root') {
		88	return res.status(400)
		89	.send({ error: 'Cannot block the root user' })
		90	.end()
		91	}
		92
		93	return next()
		94	}
		95	]
		96
77	const deleteMeValidator = [	97	const deleteMeValidator = [
78	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	98	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79	const user: UserModel = res.locals.oauth.token.User	99	const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
230	usersAddValidator,	250	usersAddValidator,
231	deleteMeValidator,	251	deleteMeValidator,
232	usersRegisterValidator,	252	usersRegisterValidator,
		253	usersBlockingValidator,
233	usersRemoveValidator,	254	usersRemoveValidator,
234	usersUpdateValidator,	255	usersUpdateValidator,
235	usersUpdateMeValidator,	256	usersUpdateMeValidator,