diff options
author | Chocobozzz <me@florianbigard.com> | 2018-08-14 09:08:47 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-08-14 09:27:18 +0200 |
commit | 191764f30b0a812bf3a9dbdc7daf1d5afe25e12a (patch) | |
tree | a5592f8d89949cde832f025e393a3821ad2aca37 /server | |
parent | 26b7305a232e547709f433a6edf700bf495935d8 (diff) | |
download | PeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.tar.gz PeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.tar.zst PeerTube-191764f30b0a812bf3a9dbdc7daf1d5afe25e12a.zip |
Improve blacklist management
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/videos/blacklist.ts | 4 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 33 | ||||
-rw-r--r-- | server/models/video/video-abuse.ts | 1 | ||||
-rw-r--r-- | server/models/video/video-blacklist.ts | 11 | ||||
-rw-r--r-- | server/models/video/video.ts | 31 | ||||
-rw-r--r-- | server/tests/utils/videos/video-blacklist.ts | 3 |
6 files changed, 60 insertions, 23 deletions
diff --git a/server/controllers/api/videos/blacklist.ts b/server/controllers/api/videos/blacklist.ts index 358f339ed..7f803c8e9 100644 --- a/server/controllers/api/videos/blacklist.ts +++ b/server/controllers/api/videos/blacklist.ts | |||
@@ -1,5 +1,5 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { BlacklistedVideo, UserRight, VideoBlacklistCreate } from '../../../../shared' | 2 | import { VideoBlacklist, UserRight, VideoBlacklistCreate } from '../../../../shared' |
3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
4 | import { getFormattedObjects } from '../../../helpers/utils' | 4 | import { getFormattedObjects } from '../../../helpers/utils' |
5 | import { | 5 | import { |
@@ -87,7 +87,7 @@ async function updateVideoBlacklistController (req: express.Request, res: expres | |||
87 | async function listBlacklist (req: express.Request, res: express.Response, next: express.NextFunction) { | 87 | async function listBlacklist (req: express.Request, res: express.Response, next: express.NextFunction) { |
88 | const resultList = await VideoBlacklistModel.listForApi(req.query.start, req.query.count, req.query.sort) | 88 | const resultList = await VideoBlacklistModel.listForApi(req.query.start, req.query.count, req.query.sort) |
89 | 89 | ||
90 | return res.json(getFormattedObjects<BlacklistedVideo, VideoBlacklistModel>(resultList.data, resultList.total)) | 90 | return res.json(getFormattedObjects<VideoBlacklist, VideoBlacklistModel>(resultList.data, resultList.total)) |
91 | } | 91 | } |
92 | 92 | ||
93 | async function removeVideoFromBlacklistController (req: express.Request, res: express.Response, next: express.NextFunction) { | 93 | async function removeVideoFromBlacklistController (req: express.Request, res: express.Response, next: express.NextFunction) { |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 203a00876..77d601a4d 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -35,6 +35,8 @@ import { VideoShareModel } from '../../models/video/video-share' | |||
35 | import { authenticate } from '../oauth' | 35 | import { authenticate } from '../oauth' |
36 | import { areValidationErrors } from './utils' | 36 | import { areValidationErrors } from './utils' |
37 | import { cleanUpReqFiles } from '../../helpers/utils' | 37 | import { cleanUpReqFiles } from '../../helpers/utils' |
38 | import { VideoModel } from '../../models/video/video' | ||
39 | import { UserModel } from '../../models/account/user' | ||
38 | 40 | ||
39 | const videosAddValidator = getCommonVideoAttributes().concat([ | 41 | const videosAddValidator = getCommonVideoAttributes().concat([ |
40 | body('videofile') | 42 | body('videofile') |
@@ -131,7 +133,25 @@ const videosGetValidator = [ | |||
131 | if (areValidationErrors(req, res)) return | 133 | if (areValidationErrors(req, res)) return |
132 | if (!await isVideoExist(req.params.id, res)) return | 134 | if (!await isVideoExist(req.params.id, res)) return |
133 | 135 | ||
134 | const video = res.locals.video | 136 | const video: VideoModel = res.locals.video |
137 | |||
138 | // Video private or blacklisted | ||
139 | if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { | ||
140 | authenticate(req, res, () => { | ||
141 | const user: UserModel = res.locals.oauth.token.User | ||
142 | |||
143 | // Only the owner or a user that have blacklist rights can see the video | ||
144 | if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { | ||
145 | return res.status(403) | ||
146 | .json({ error: 'Cannot get this private or blacklisted video.' }) | ||
147 | .end() | ||
148 | } | ||
149 | |||
150 | return next() | ||
151 | }) | ||
152 | |||
153 | return | ||
154 | } | ||
135 | 155 | ||
136 | // Video is public, anyone can access it | 156 | // Video is public, anyone can access it |
137 | if (video.privacy === VideoPrivacy.PUBLIC) return next() | 157 | if (video.privacy === VideoPrivacy.PUBLIC) return next() |
@@ -143,17 +163,6 @@ const videosGetValidator = [ | |||
143 | // Don't leak this unlisted video | 163 | // Don't leak this unlisted video |
144 | return res.status(404).end() | 164 | return res.status(404).end() |
145 | } | 165 | } |
146 | |||
147 | // Video is private, check the user | ||
148 | authenticate(req, res, () => { | ||
149 | if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) { | ||
150 | return res.status(403) | ||
151 | .json({ error: 'Cannot get this private video of another user' }) | ||
152 | .end() | ||
153 | } | ||
154 | |||
155 | return next() | ||
156 | }) | ||
157 | } | 166 | } |
158 | ] | 167 | ] |
159 | 168 | ||
diff --git a/server/models/video/video-abuse.ts b/server/models/video/video-abuse.ts index 10a191372..dbb88ca45 100644 --- a/server/models/video/video-abuse.ts +++ b/server/models/video/video-abuse.ts | |||
@@ -137,7 +137,6 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> { | |||
137 | video: { | 137 | video: { |
138 | id: this.Video.id, | 138 | id: this.Video.id, |
139 | uuid: this.Video.uuid, | 139 | uuid: this.Video.uuid, |
140 | url: this.Video.url, | ||
141 | name: this.Video.name | 140 | name: this.Video.name |
142 | }, | 141 | }, |
143 | createdAt: this.createdAt | 142 | createdAt: this.createdAt |
diff --git a/server/models/video/video-blacklist.ts b/server/models/video/video-blacklist.ts index 1b8a338cb..eabc37ef0 100644 --- a/server/models/video/video-blacklist.ts +++ b/server/models/video/video-blacklist.ts | |||
@@ -16,7 +16,7 @@ import { getSortOnModel, throwIfNotValid } from '../utils' | |||
16 | import { VideoModel } from './video' | 16 | import { VideoModel } from './video' |
17 | import { isVideoBlacklistReasonValid } from '../../helpers/custom-validators/video-blacklist' | 17 | import { isVideoBlacklistReasonValid } from '../../helpers/custom-validators/video-blacklist' |
18 | import { Emailer } from '../../lib/emailer' | 18 | import { Emailer } from '../../lib/emailer' |
19 | import { BlacklistedVideo } from '../../../shared/models/videos' | 19 | import { VideoBlacklist } from '../../../shared/models/videos' |
20 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 20 | import { CONSTRAINTS_FIELDS } from '../../initializers' |
21 | 21 | ||
22 | @Table({ | 22 | @Table({ |
@@ -68,7 +68,12 @@ export class VideoBlacklistModel extends Model<VideoBlacklistModel> { | |||
68 | offset: start, | 68 | offset: start, |
69 | limit: count, | 69 | limit: count, |
70 | order: getSortOnModel(sort.sortModel, sort.sortValue), | 70 | order: getSortOnModel(sort.sortModel, sort.sortValue), |
71 | include: [ { model: VideoModel } ] | 71 | include: [ |
72 | { | ||
73 | model: VideoModel, | ||
74 | required: true | ||
75 | } | ||
76 | ] | ||
72 | } | 77 | } |
73 | 78 | ||
74 | return VideoBlacklistModel.findAndCountAll(query) | 79 | return VideoBlacklistModel.findAndCountAll(query) |
@@ -90,7 +95,7 @@ export class VideoBlacklistModel extends Model<VideoBlacklistModel> { | |||
90 | return VideoBlacklistModel.findOne(query) | 95 | return VideoBlacklistModel.findOne(query) |
91 | } | 96 | } |
92 | 97 | ||
93 | toFormattedJSON (): BlacklistedVideo { | 98 | toFormattedJSON (): VideoBlacklist { |
94 | const video = this.Video | 99 | const video = this.Video |
95 | 100 | ||
96 | return { | 101 | return { |
diff --git a/server/models/video/video.ts b/server/models/video/video.ts index f3a900bc9..b13dee403 100644 --- a/server/models/video/video.ts +++ b/server/models/video/video.ts | |||
@@ -127,7 +127,8 @@ export enum ScopeNames { | |||
127 | WITH_ACCOUNT_DETAILS = 'WITH_ACCOUNT_DETAILS', | 127 | WITH_ACCOUNT_DETAILS = 'WITH_ACCOUNT_DETAILS', |
128 | WITH_TAGS = 'WITH_TAGS', | 128 | WITH_TAGS = 'WITH_TAGS', |
129 | WITH_FILES = 'WITH_FILES', | 129 | WITH_FILES = 'WITH_FILES', |
130 | WITH_SCHEDULED_UPDATE = 'WITH_SCHEDULED_UPDATE' | 130 | WITH_SCHEDULED_UPDATE = 'WITH_SCHEDULED_UPDATE', |
131 | WITH_BLACKLISTED = 'WITH_BLACKLISTED' | ||
131 | } | 132 | } |
132 | 133 | ||
133 | type AvailableForListOptions = { | 134 | type AvailableForListOptions = { |
@@ -374,6 +375,15 @@ type AvailableForListOptions = { | |||
374 | [ScopeNames.WITH_TAGS]: { | 375 | [ScopeNames.WITH_TAGS]: { |
375 | include: [ () => TagModel ] | 376 | include: [ () => TagModel ] |
376 | }, | 377 | }, |
378 | [ScopeNames.WITH_BLACKLISTED]: { | ||
379 | include: [ | ||
380 | { | ||
381 | attributes: [ 'id', 'reason' ], | ||
382 | model: () => VideoBlacklistModel, | ||
383 | required: false | ||
384 | } | ||
385 | ] | ||
386 | }, | ||
377 | [ScopeNames.WITH_FILES]: { | 387 | [ScopeNames.WITH_FILES]: { |
378 | include: [ | 388 | include: [ |
379 | { | 389 | { |
@@ -1004,7 +1014,13 @@ export class VideoModel extends Model<VideoModel> { | |||
1004 | } | 1014 | } |
1005 | 1015 | ||
1006 | return VideoModel | 1016 | return VideoModel |
1007 | .scope([ ScopeNames.WITH_TAGS, ScopeNames.WITH_FILES, ScopeNames.WITH_ACCOUNT_DETAILS, ScopeNames.WITH_SCHEDULED_UPDATE ]) | 1017 | .scope([ |
1018 | ScopeNames.WITH_TAGS, | ||
1019 | ScopeNames.WITH_BLACKLISTED, | ||
1020 | ScopeNames.WITH_FILES, | ||
1021 | ScopeNames.WITH_ACCOUNT_DETAILS, | ||
1022 | ScopeNames.WITH_SCHEDULED_UPDATE | ||
1023 | ]) | ||
1008 | .findById(id, options) | 1024 | .findById(id, options) |
1009 | } | 1025 | } |
1010 | 1026 | ||
@@ -1030,7 +1046,13 @@ export class VideoModel extends Model<VideoModel> { | |||
1030 | } | 1046 | } |
1031 | 1047 | ||
1032 | return VideoModel | 1048 | return VideoModel |
1033 | .scope([ ScopeNames.WITH_TAGS, ScopeNames.WITH_FILES, ScopeNames.WITH_ACCOUNT_DETAILS, ScopeNames.WITH_SCHEDULED_UPDATE ]) | 1049 | .scope([ |
1050 | ScopeNames.WITH_TAGS, | ||
1051 | ScopeNames.WITH_BLACKLISTED, | ||
1052 | ScopeNames.WITH_FILES, | ||
1053 | ScopeNames.WITH_ACCOUNT_DETAILS, | ||
1054 | ScopeNames.WITH_SCHEDULED_UPDATE | ||
1055 | ]) | ||
1034 | .findOne(options) | 1056 | .findOne(options) |
1035 | } | 1057 | } |
1036 | 1058 | ||
@@ -1276,7 +1298,8 @@ export class VideoModel extends Model<VideoModel> { | |||
1276 | toFormattedDetailsJSON (): VideoDetails { | 1298 | toFormattedDetailsJSON (): VideoDetails { |
1277 | const formattedJson = this.toFormattedJSON({ | 1299 | const formattedJson = this.toFormattedJSON({ |
1278 | additionalAttributes: { | 1300 | additionalAttributes: { |
1279 | scheduledUpdate: true | 1301 | scheduledUpdate: true, |
1302 | blacklistInfo: true | ||
1280 | } | 1303 | } |
1281 | }) | 1304 | }) |
1282 | 1305 | ||
diff --git a/server/tests/utils/videos/video-blacklist.ts b/server/tests/utils/videos/video-blacklist.ts index 7819f4b25..2c176fde0 100644 --- a/server/tests/utils/videos/video-blacklist.ts +++ b/server/tests/utils/videos/video-blacklist.ts | |||
@@ -19,7 +19,8 @@ function updateVideoBlacklist (url: string, token: string, videoId: number, reas | |||
19 | .send({ reason }) | 19 | .send({ reason }) |
20 | .set('Accept', 'application/json') | 20 | .set('Accept', 'application/json') |
21 | .set('Authorization', 'Bearer ' + token) | 21 | .set('Authorization', 'Bearer ' + token) |
22 | .expect(specialStatus)} | 22 | .expect(specialStatus) |
23 | } | ||
23 | 24 | ||
24 | function removeVideoFromBlacklist (url: string, token: string, videoId: number | string, specialStatus = 204) { | 25 | function removeVideoFromBlacklist (url: string, token: string, videoId: number | string, specialStatus = 204) { |
25 | const path = '/api/v1/videos/' + videoId + '/blacklist' | 26 | const path = '/api/v1/videos/' + videoId + '/blacklist' |