aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-08-14 09:08:47 +0200
committerChocobozzz <me@florianbigard.com>2018-08-14 09:27:18 +0200
commit191764f30b0a812bf3a9dbdc7daf1d5afe25e12a (patch)
treea5592f8d89949cde832f025e393a3821ad2aca37 /server
parent26b7305a232e547709f433a6edf700bf495935d8 (diff)
downloadPeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.tar.gz
PeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.tar.zst
PeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.zip
Improve blacklist management
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/videos/blacklist.ts4
-rw-r--r--server/middlewares/validators/videos.ts33
-rw-r--r--server/models/video/video-abuse.ts1
-rw-r--r--server/models/video/video-blacklist.ts11
-rw-r--r--server/models/video/video.ts31
-rw-r--r--server/tests/utils/videos/video-blacklist.ts3
6 files changed, 60 insertions, 23 deletions
diff --git a/server/controllers/api/videos/blacklist.ts b/server/controllers/api/videos/blacklist.ts
index 358f339ed..7f803c8e9 100644
--- a/server/controllers/api/videos/blacklist.ts
+++ b/server/controllers/api/videos/blacklist.ts
@@ -1,5 +1,5 @@
1import * as express from 'express' 1import * as express from 'express'
2import { BlacklistedVideo, UserRight, VideoBlacklistCreate } from '../../../../shared' 2import { VideoBlacklist, UserRight, VideoBlacklistCreate } from '../../../../shared'
3import { logger } from '../../../helpers/logger' 3import { logger } from '../../../helpers/logger'
4import { getFormattedObjects } from '../../../helpers/utils' 4import { getFormattedObjects } from '../../../helpers/utils'
5import { 5import {
@@ -87,7 +87,7 @@ async function updateVideoBlacklistController (req: express.Request, res: expres
87async function listBlacklist (req: express.Request, res: express.Response, next: express.NextFunction) { 87async function listBlacklist (req: express.Request, res: express.Response, next: express.NextFunction) {
88 const resultList = await VideoBlacklistModel.listForApi(req.query.start, req.query.count, req.query.sort) 88 const resultList = await VideoBlacklistModel.listForApi(req.query.start, req.query.count, req.query.sort)
89 89
90 return res.json(getFormattedObjects<BlacklistedVideo, VideoBlacklistModel>(resultList.data, resultList.total)) 90 return res.json(getFormattedObjects<VideoBlacklist, VideoBlacklistModel>(resultList.data, resultList.total))
91} 91}
92 92
93async function removeVideoFromBlacklistController (req: express.Request, res: express.Response, next: express.NextFunction) { 93async function removeVideoFromBlacklistController (req: express.Request, res: express.Response, next: express.NextFunction) {
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 203a00876..77d601a4d 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -35,6 +35,8 @@ import { VideoShareModel } from '../../models/video/video-share'
35import { authenticate } from '../oauth' 35import { authenticate } from '../oauth'
36import { areValidationErrors } from './utils' 36import { areValidationErrors } from './utils'
37import { cleanUpReqFiles } from '../../helpers/utils' 37import { cleanUpReqFiles } from '../../helpers/utils'
38import { VideoModel } from '../../models/video/video'
39import { UserModel } from '../../models/account/user'
38 40
39const videosAddValidator = getCommonVideoAttributes().concat([ 41const videosAddValidator = getCommonVideoAttributes().concat([
40 body('videofile') 42 body('videofile')
@@ -131,7 +133,25 @@ const videosGetValidator = [
131 if (areValidationErrors(req, res)) return 133 if (areValidationErrors(req, res)) return
132 if (!await isVideoExist(req.params.id, res)) return 134 if (!await isVideoExist(req.params.id, res)) return
133 135
134 const video = res.locals.video 136 const video: VideoModel = res.locals.video
137
138 // Video private or blacklisted
139 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
140 authenticate(req, res, () => {
141 const user: UserModel = res.locals.oauth.token.User
142
143 // Only the owner or a user that have blacklist rights can see the video
144 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
145 return res.status(403)
146 .json({ error: 'Cannot get this private or blacklisted video.' })
147 .end()
148 }
149
150 return next()
151 })
152
153 return
154 }
135 155
136 // Video is public, anyone can access it 156 // Video is public, anyone can access it
137 if (video.privacy === VideoPrivacy.PUBLIC) return next() 157 if (video.privacy === VideoPrivacy.PUBLIC) return next()
@@ -143,17 +163,6 @@ const videosGetValidator = [
143 // Don't leak this unlisted video 163 // Don't leak this unlisted video
144 return res.status(404).end() 164 return res.status(404).end()
145 } 165 }
146
147 // Video is private, check the user
148 authenticate(req, res, () => {
149 if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
150 return res.status(403)
151 .json({ error: 'Cannot get this private video of another user' })
152 .end()
153 }
154
155 return next()
156 })
157 } 166 }
158] 167]
159 168
diff --git a/server/models/video/video-abuse.ts b/server/models/video/video-abuse.ts
index 10a191372..dbb88ca45 100644
--- a/server/models/video/video-abuse.ts
+++ b/server/models/video/video-abuse.ts
@@ -137,7 +137,6 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> {
137 video: { 137 video: {
138 id: this.Video.id, 138 id: this.Video.id,
139 uuid: this.Video.uuid, 139 uuid: this.Video.uuid,
140 url: this.Video.url,
141 name: this.Video.name 140 name: this.Video.name
142 }, 141 },
143 createdAt: this.createdAt 142 createdAt: this.createdAt
diff --git a/server/models/video/video-blacklist.ts b/server/models/video/video-blacklist.ts
index 1b8a338cb..eabc37ef0 100644
--- a/server/models/video/video-blacklist.ts
+++ b/server/models/video/video-blacklist.ts
@@ -16,7 +16,7 @@ import { getSortOnModel, throwIfNotValid } from '../utils'
16import { VideoModel } from './video' 16import { VideoModel } from './video'
17import { isVideoBlacklistReasonValid } from '../../helpers/custom-validators/video-blacklist' 17import { isVideoBlacklistReasonValid } from '../../helpers/custom-validators/video-blacklist'
18import { Emailer } from '../../lib/emailer' 18import { Emailer } from '../../lib/emailer'
19import { BlacklistedVideo } from '../../../shared/models/videos' 19import { VideoBlacklist } from '../../../shared/models/videos'
20import { CONSTRAINTS_FIELDS } from '../../initializers' 20import { CONSTRAINTS_FIELDS } from '../../initializers'
21 21
22@Table({ 22@Table({
@@ -68,7 +68,12 @@ export class VideoBlacklistModel extends Model<VideoBlacklistModel> {
68 offset: start, 68 offset: start,
69 limit: count, 69 limit: count,
70 order: getSortOnModel(sort.sortModel, sort.sortValue), 70 order: getSortOnModel(sort.sortModel, sort.sortValue),
71 include: [ { model: VideoModel } ] 71 include: [
72 {
73 model: VideoModel,
74 required: true
75 }
76 ]
72 } 77 }
73 78
74 return VideoBlacklistModel.findAndCountAll(query) 79 return VideoBlacklistModel.findAndCountAll(query)
@@ -90,7 +95,7 @@ export class VideoBlacklistModel extends Model<VideoBlacklistModel> {
90 return VideoBlacklistModel.findOne(query) 95 return VideoBlacklistModel.findOne(query)
91 } 96 }
92 97
93 toFormattedJSON (): BlacklistedVideo { 98 toFormattedJSON (): VideoBlacklist {
94 const video = this.Video 99 const video = this.Video
95 100
96 return { 101 return {
diff --git a/server/models/video/video.ts b/server/models/video/video.ts
index f3a900bc9..b13dee403 100644
--- a/server/models/video/video.ts
+++ b/server/models/video/video.ts
@@ -127,7 +127,8 @@ export enum ScopeNames {
127 WITH_ACCOUNT_DETAILS = 'WITH_ACCOUNT_DETAILS', 127 WITH_ACCOUNT_DETAILS = 'WITH_ACCOUNT_DETAILS',
128 WITH_TAGS = 'WITH_TAGS', 128 WITH_TAGS = 'WITH_TAGS',
129 WITH_FILES = 'WITH_FILES', 129 WITH_FILES = 'WITH_FILES',
130 WITH_SCHEDULED_UPDATE = 'WITH_SCHEDULED_UPDATE' 130 WITH_SCHEDULED_UPDATE = 'WITH_SCHEDULED_UPDATE',
131 WITH_BLACKLISTED = 'WITH_BLACKLISTED'
131} 132}
132 133
133type AvailableForListOptions = { 134type AvailableForListOptions = {
@@ -374,6 +375,15 @@ type AvailableForListOptions = {
374 [ScopeNames.WITH_TAGS]: { 375 [ScopeNames.WITH_TAGS]: {
375 include: [ () => TagModel ] 376 include: [ () => TagModel ]
376 }, 377 },
378 [ScopeNames.WITH_BLACKLISTED]: {
379 include: [
380 {
381 attributes: [ 'id', 'reason' ],
382 model: () => VideoBlacklistModel,
383 required: false
384 }
385 ]
386 },
377 [ScopeNames.WITH_FILES]: { 387 [ScopeNames.WITH_FILES]: {
378 include: [ 388 include: [
379 { 389 {
@@ -1004,7 +1014,13 @@ export class VideoModel extends Model<VideoModel> {
1004 } 1014 }
1005 1015
1006 return VideoModel 1016 return VideoModel
1007 .scope([ ScopeNames.WITH_TAGS, ScopeNames.WITH_FILES, ScopeNames.WITH_ACCOUNT_DETAILS, ScopeNames.WITH_SCHEDULED_UPDATE ]) 1017 .scope([
1018 ScopeNames.WITH_TAGS,
1019 ScopeNames.WITH_BLACKLISTED,
1020 ScopeNames.WITH_FILES,
1021 ScopeNames.WITH_ACCOUNT_DETAILS,
1022 ScopeNames.WITH_SCHEDULED_UPDATE
1023 ])
1008 .findById(id, options) 1024 .findById(id, options)
1009 } 1025 }
1010 1026
@@ -1030,7 +1046,13 @@ export class VideoModel extends Model<VideoModel> {
1030 } 1046 }
1031 1047
1032 return VideoModel 1048 return VideoModel
1033 .scope([ ScopeNames.WITH_TAGS, ScopeNames.WITH_FILES, ScopeNames.WITH_ACCOUNT_DETAILS, ScopeNames.WITH_SCHEDULED_UPDATE ]) 1049 .scope([
1050 ScopeNames.WITH_TAGS,
1051 ScopeNames.WITH_BLACKLISTED,
1052 ScopeNames.WITH_FILES,
1053 ScopeNames.WITH_ACCOUNT_DETAILS,
1054 ScopeNames.WITH_SCHEDULED_UPDATE
1055 ])
1034 .findOne(options) 1056 .findOne(options)
1035 } 1057 }
1036 1058
@@ -1276,7 +1298,8 @@ export class VideoModel extends Model<VideoModel> {
1276 toFormattedDetailsJSON (): VideoDetails { 1298 toFormattedDetailsJSON (): VideoDetails {
1277 const formattedJson = this.toFormattedJSON({ 1299 const formattedJson = this.toFormattedJSON({
1278 additionalAttributes: { 1300 additionalAttributes: {
1279 scheduledUpdate: true 1301 scheduledUpdate: true,
1302 blacklistInfo: true
1280 } 1303 }
1281 }) 1304 })
1282 1305
diff --git a/server/tests/utils/videos/video-blacklist.ts b/server/tests/utils/videos/video-blacklist.ts
index 7819f4b25..2c176fde0 100644
--- a/server/tests/utils/videos/video-blacklist.ts
+++ b/server/tests/utils/videos/video-blacklist.ts
@@ -19,7 +19,8 @@ function updateVideoBlacklist (url: string, token: string, videoId: number, reas
19 .send({ reason }) 19 .send({ reason })
20 .set('Accept', 'application/json') 20 .set('Accept', 'application/json')
21 .set('Authorization', 'Bearer ' + token) 21 .set('Authorization', 'Bearer ' + token)
22 .expect(specialStatus)} 22 .expect(specialStatus)
23}
23 24
24function removeVideoFromBlacklist (url: string, token: string, videoId: number | string, specialStatus = 204) { 25function removeVideoFromBlacklist (url: string, token: string, videoId: number | string, specialStatus = 204) {
25 const path = '/api/v1/videos/' + videoId + '/blacklist' 26 const path = '/api/v1/videos/' + videoId + '/blacklist'