refactor scoped token service

4 files changed, 107 insertions, 69 deletions

diff --git a/server/controllers/feeds.ts b/server/controllers/feeds.ts
index 6e9f7e60c..5c95069fc 100644
--- a/server/controllers/feeds.ts
+++ b/server/controllers/feeds.ts
@@ -18,7 +18,6 @@ import { cacheRoute } from '../middlewares/cache'
 import { VideoModel } from '../models/video/video'
 import { VideoCommentModel } from '../models/video/video-comment'
 import { VideoFilter } from '../../shared/models/videos/video-query.type'
-import { logger } from '../helpers/logger'
 
 const feedsRouter = express.Router()
 
@@ -47,10 +46,24 @@ feedsRouter.get('/feeds/videos.:format',
   })(ROUTE_CACHE_LIFETIME.FEEDS)),
   commonVideosFiltersValidator,
   asyncMiddleware(videoFeedsValidator),
-  asyncMiddleware(videoSubscriptonFeedsValidator),
   asyncMiddleware(generateVideoFeed)
 )
 
+feedsRouter.get('/feeds/subscriptions.:format',
+  videosSortValidator,
+  setDefaultVideosSort,
+  feedsFormatValidator,
+  setFeedFormatContentType,
+  asyncMiddleware(cacheRoute({
+    headerBlacklist: [
+      'Content-Type'
+    ]
+  })(ROUTE_CACHE_LIFETIME.FEEDS)),
+  commonVideosFiltersValidator,
+  asyncMiddleware(videoSubscriptonFeedsValidator),
+  asyncMiddleware(generateVideoFeedForSubscriptions)
+)
+
 // ---------------------------------------------------------------------------
 
 export {
@@ -61,7 +74,6 @@ export {
 
 async function generateVideoCommentsFeed (req: express.Request, res: express.Response) {
   const start = 0
-
   const video = res.locals.videoAll
   const account = res.locals.account
   const videoChannel = res.locals.videoChannel
@@ -125,10 +137,8 @@ async function generateVideoCommentsFeed (req: express.Request, res: express.Res
 
 async function generateVideoFeed (req: express.Request, res: express.Response) {
   const start = 0
-
   const account = res.locals.account
   const videoChannel = res.locals.videoChannel
-  const token = req.query.token
   const nsfw = buildNSFWFilter(res, req.query.nsfw)
 
   let name: string
@@ -152,21 +162,10 @@ async function generateVideoFeed (req: express.Request, res: express.Response) {
     queryString: new URL(WEBSERVER.URL + req.url).search
   })
 
-  /**
-   * We have two ways to query video results:
-   * - one with account and token -> get subscription videos
-   * - one with either account, channel, or nothing: just videos with these filters
-   */
-  const options = token && token !== '' && res.locals.user
-    ? {
-      followerActorId: res.locals.user.Account.Actor.id,
-      user: res.locals.user,
-      includeLocalVideos: false
-    }
-    : {
-      accountId: account ? account.id : null,
-      videoChannelId: videoChannel ? videoChannel.id : null
-    }
+  const options = {
+    accountId: account ? account.id : null,
+    videoChannelId: videoChannel ? videoChannel.id : null
+  }
 
   const resultList = await VideoModel.listForApi({
     start,
@@ -179,10 +178,86 @@ async function generateVideoFeed (req: express.Request, res: express.Response) {
     ...options
   })
 
+  addVideosToFeed(feed, resultList.data)
+
+  // Now the feed generation is done, let's send it!
+  return sendFeed(feed, req, res)
+}
+
+async function generateVideoFeedForSubscriptions (req: express.Request, res: express.Response) {
+  const start = 0
+  const account = res.locals.account
+  const nsfw = buildNSFWFilter(res, req.query.nsfw)
+  const name = account.getDisplayName()
+  const description = account.description
+
+  const feed = initFeed({
+    name,
+    description,
+    resourceType: 'videos',
+    queryString: new URL(WEBSERVER.URL + req.url).search
+  })
+
+  const options = {
+    followerActorId: res.locals.user.Account.Actor.id,
+    user: res.locals.user
+  }
+
+  const resultList = await VideoModel.listForApi({
+    start,
+    count: FEEDS.COUNT,
+    sort: req.query.sort,
+    includeLocalVideos: true,
+    nsfw,
+    filter: req.query.filter as VideoFilter,
+    withFiles: true,
+    ...options
+  })
+
+  addVideosToFeed(feed, resultList.data)
+
+  // Now the feed generation is done, let's send it!
+  return sendFeed(feed, req, res)
+}
+
+function initFeed (parameters: {
+  name: string
+  description: string
+  resourceType?: 'videos' | 'video-comments'
+  queryString?: string
+}) {
+  const webserverUrl = WEBSERVER.URL
+  const { name, description, resourceType, queryString } = parameters
+
+  return new Feed({
+    title: name,
+    description,
+    // updated: TODO: somehowGetLatestUpdate, // optional, default = today
+    id: webserverUrl,
+    link: webserverUrl,
+    image: webserverUrl + '/client/assets/images/icons/icon-96x96.png',
+    favicon: webserverUrl + '/client/assets/images/favicon.png',
+    copyright: `All rights reserved, unless otherwise specified in the terms specified at ${webserverUrl}/about` +
+    ` and potential licenses granted by each content's rightholder.`,
+    generator: `Toraifōsu`, // ^.~
+    feedLinks: {
+      json: `${webserverUrl}/feeds/${resourceType}.json${queryString}`,
+      atom: `${webserverUrl}/feeds/${resourceType}.atom${queryString}`,
+      rss: `${webserverUrl}/feeds/${resourceType}.xml${queryString}`
+    },
+    author: {
+      name: 'Instance admin of ' + CONFIG.INSTANCE.NAME,
+      email: CONFIG.ADMIN.EMAIL,
+      link: `${webserverUrl}/about`
+    }
+  })
+}
+
+function addVideosToFeed (feed, videos: VideoModel[]) {
   /**
    * Adding video items to the feed object, one at a time
    */
-  resultList.data.forEach(video => {
+  for (const video of videos) {
     const formattedVideoFiles = video.getFormattedVideoFilesJSON()
 
     const torrents = formattedVideoFiles.map(videoFile => ({
@@ -252,43 +327,7 @@ async function generateVideoFeed (req: express.Request, res: express.Response) {
         }
       ]
     })
-  })
-
-  // Now the feed generation is done, let's send it!
-  return sendFeed(feed, req, res)
-}
-
-function initFeed (parameters: {
-  name: string
-  description: string
-  resourceType?: 'videos' | 'video-comments'
-  queryString?: string
-}) {
-  const webserverUrl = WEBSERVER.URL
-  const { name, description, resourceType, queryString } = parameters
-
-  return new Feed({
-    title: name,
-    description,
-    // updated: TODO: somehowGetLatestUpdate, // optional, default = today
-    id: webserverUrl,
-    link: webserverUrl,
-    image: webserverUrl + '/client/assets/images/icons/icon-96x96.png',
-    favicon: webserverUrl + '/client/assets/images/favicon.png',
-    copyright: `All rights reserved, unless otherwise specified in the terms specified at ${webserverUrl}/about` +
-    ` and potential licenses granted by each content's rightholder.`,
-    generator: `Toraifōsu`, // ^.~
-    feedLinks: {
-      json: `${webserverUrl}/feeds/${resourceType}.json${queryString}`,
-      atom: `${webserverUrl}/feeds/${resourceType}.atom${queryString}`,
-      rss: `${webserverUrl}/feeds/${resourceType}.xml${queryString}`
-    },
-    author: {
-      name: 'Instance admin of ' + CONFIG.INSTANCE.NAME,
-      email: CONFIG.ADMIN.EMAIL,
-      link: `${webserverUrl}/about`
-    }
-  })
+  }
 }
 
 function sendFeed (feed, req: express.Request, res: express.Response) {
diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts
index 9be80167c..fa4a51e6c 100644
--- a/server/helpers/middlewares/accounts.ts
+++ b/server/helpers/middlewares/accounts.ts
@@ -28,8 +28,7 @@ async function doesAccountExist (p: Bluebird<MAccountDefault>, res: Response, se
   if (!account) {
     if (sendNotFound === true) {
       res.status(404)
-         .send({ error: 'Account not found' })
-         .end()
+         .json({ error: 'Account not found' })
     }
 
     return false
@@ -41,12 +40,11 @@ async function doesAccountExist (p: Bluebird<MAccountDefault>, res: Response, se
 }
 
 async function doesUserFeedTokenCorrespond (id: number | string, token: string, res: Response) {
-  const user = await UserModel.loadById(parseInt(id + '', 10))
+  const user = await UserModel.loadByIdWithChannels(parseInt(id + '', 10))
 
   if (token !== user.feedToken) {
     res.status(401)
-       .send({ error: 'User and token mismatch' })
-       .end()
+       .json({ error: 'User and token mismatch' })
 
     return false
   }
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index 5c76a679f..35080ffca 100644
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -64,8 +64,8 @@ const videoFeedsValidator = [
 ]
 
 const videoSubscriptonFeedsValidator = [
-  query('accountId').optional().custom(isIdValid),
-  query('token').optional(),
+  query('accountId').custom(isIdValid),
+  query('token'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking feeds parameters', { parameters: req.query })
@@ -74,6 +74,7 @@ const videoSubscriptonFeedsValidator = [
 
     // a token alone is erroneous
     if (req.query.token && !req.query.accountId) return
+    if (req.query.accountId && !await doesAccountIdExist(req.query.accountId, res)) return
     if (req.query.token && !await doesUserFeedTokenCorrespond(res.locals.account.userId, req.query.token, res)) return
 
     return next()
diff --git a/server/tests/feeds/feeds.ts b/server/tests/feeds/feeds.ts
index 2cd9b2d0a..175ea9102 100644
--- a/server/tests/feeds/feeds.ts
+++ b/server/tests/feeds/feeds.ts
@@ -326,7 +326,7 @@ describe('Test syndication feeds', () => {
         const res = await listUserSubscriptionVideos(servers[0].url, feeduserAccessToken)
         expect(res.body.total).to.equal(0)
 
-        const json = await getJSONfeed(servers[0].url, 'videos', { accountId: feeduserAccountId, token: feeduserFeedToken })
+        const json = await getJSONfeed(servers[0].url, 'subscriptions', { accountId: feeduserAccountId, token: feeduserFeedToken })
         const jsonObj = JSON.parse(json.text)
         expect(jsonObj.items.length).to.be.equal(0) // no subscription, it should not list the instance's videos but list 0 videos
       }
@@ -337,7 +337,7 @@ describe('Test syndication feeds', () => {
         const res = await listUserSubscriptionVideos(servers[0].url, userAccessToken)
         expect(res.body.total).to.equal(0)
 
-        const json = await getJSONfeed(servers[0].url, 'videos', { accountId: userAccountId, token: userFeedToken })
+        const json = await getJSONfeed(servers[0].url, 'subscriptions', { accountId: userAccountId, token: userFeedToken })
         const jsonObj = JSON.parse(json.text)
         expect(jsonObj.items.length).to.be.equal(0) // no subscription, it should not list the instance's videos but list 0 videos
       }
@@ -354,7 +354,7 @@ describe('Test syndication feeds', () => {
         expect(res.body.total).to.equal(1)
         expect(res.body.data[0].name).to.equal('user video')
 
-        const json = await getJSONfeed(servers[0].url, 'videos', { accountId: userAccountId, token: userFeedToken, version: 1 })
+        const json = await getJSONfeed(servers[0].url, 'subscriptions', { accountId: userAccountId, token: userFeedToken, version: 1 })
         const jsonObj = JSON.parse(json.text)
         expect(jsonObj.items.length).to.be.equal(1) // subscribed to self, it should not list the instance's videos but list john's
       }
@@ -370,7 +370,7 @@ describe('Test syndication feeds', () => {
         const res = await listUserSubscriptionVideos(servers[0].url, userAccessToken)
         expect(res.body.total).to.equal(2, "there should be 2 videos part of the subscription")
 
-        const json = await getJSONfeed(servers[0].url, 'videos', { accountId: userAccountId, token: userFeedToken, version: 2 })
+        const json = await getJSONfeed(servers[0].url, 'subscriptions', { accountId: userAccountId, token: userFeedToken, version: 2 })
         const jsonObj = JSON.parse(json.text)
         expect(jsonObj.items.length).to.be.equal(2) // subscribed to root, it should not list the instance's videos but list root/john's
       }