diff options
-rw-r--r-- | server/controllers/api/server/index.ts | 2 | ||||
-rw-r--r-- | server/controllers/api/server/server-blocklist.ts | 132 | ||||
-rw-r--r-- | server/controllers/api/users/my-blocklist.ts | 8 | ||||
-rw-r--r-- | server/middlewares/validators/blocklist.ts | 45 | ||||
-rw-r--r-- | server/models/utils.ts | 2 | ||||
-rw-r--r-- | server/tests/api/check-params/blocklist.ts | 256 | ||||
-rw-r--r-- | server/tests/api/users/account-blocklist.ts | 294 | ||||
-rw-r--r-- | server/tests/api/users/blocklist.ts | 500 | ||||
-rw-r--r-- | server/tests/api/users/index.ts | 1 | ||||
-rw-r--r-- | server/tests/utils/users/blocklist.ts | 97 | ||||
-rw-r--r-- | shared/models/users/user-right.enum.ts | 3 | ||||
-rw-r--r-- | shared/models/users/user-role.ts | 4 |
12 files changed, 1035 insertions, 309 deletions
diff --git a/server/controllers/api/server/index.ts b/server/controllers/api/server/index.ts index 43bca2c10..c08192a8c 100644 --- a/server/controllers/api/server/index.ts +++ b/server/controllers/api/server/index.ts | |||
@@ -2,12 +2,14 @@ import * as express from 'express' | |||
2 | import { serverFollowsRouter } from './follows' | 2 | import { serverFollowsRouter } from './follows' |
3 | import { statsRouter } from './stats' | 3 | import { statsRouter } from './stats' |
4 | import { serverRedundancyRouter } from './redundancy' | 4 | import { serverRedundancyRouter } from './redundancy' |
5 | import { serverBlocklistRouter } from './server-blocklist' | ||
5 | 6 | ||
6 | const serverRouter = express.Router() | 7 | const serverRouter = express.Router() |
7 | 8 | ||
8 | serverRouter.use('/', serverFollowsRouter) | 9 | serverRouter.use('/', serverFollowsRouter) |
9 | serverRouter.use('/', serverRedundancyRouter) | 10 | serverRouter.use('/', serverRedundancyRouter) |
10 | serverRouter.use('/', statsRouter) | 11 | serverRouter.use('/', statsRouter) |
12 | serverRouter.use('/', serverBlocklistRouter) | ||
11 | 13 | ||
12 | // --------------------------------------------------------------------------- | 14 | // --------------------------------------------------------------------------- |
13 | 15 | ||
diff --git a/server/controllers/api/server/server-blocklist.ts b/server/controllers/api/server/server-blocklist.ts new file mode 100644 index 000000000..3cb3a96e2 --- /dev/null +++ b/server/controllers/api/server/server-blocklist.ts | |||
@@ -0,0 +1,132 @@ | |||
1 | import * as express from 'express' | ||
2 | import 'multer' | ||
3 | import { getFormattedObjects, getServerActor } from '../../../helpers/utils' | ||
4 | import { | ||
5 | asyncMiddleware, | ||
6 | asyncRetryTransactionMiddleware, | ||
7 | authenticate, | ||
8 | ensureUserHasRight, | ||
9 | paginationValidator, | ||
10 | setDefaultPagination, | ||
11 | setDefaultSort | ||
12 | } from '../../../middlewares' | ||
13 | import { | ||
14 | accountsBlocklistSortValidator, | ||
15 | blockAccountValidator, | ||
16 | blockServerValidator, | ||
17 | serversBlocklistSortValidator, | ||
18 | unblockAccountByServerValidator, | ||
19 | unblockServerByServerValidator | ||
20 | } from '../../../middlewares/validators' | ||
21 | import { AccountModel } from '../../../models/account/account' | ||
22 | import { AccountBlocklistModel } from '../../../models/account/account-blocklist' | ||
23 | import { addAccountInBlocklist, addServerInBlocklist, removeAccountFromBlocklist, removeServerFromBlocklist } from '../../../lib/blocklist' | ||
24 | import { ServerBlocklistModel } from '../../../models/server/server-blocklist' | ||
25 | import { ServerModel } from '../../../models/server/server' | ||
26 | import { UserRight } from '../../../../shared/models/users' | ||
27 | |||
28 | const serverBlocklistRouter = express.Router() | ||
29 | |||
30 | serverBlocklistRouter.get('/blocklist/accounts', | ||
31 | authenticate, | ||
32 | ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST), | ||
33 | paginationValidator, | ||
34 | accountsBlocklistSortValidator, | ||
35 | setDefaultSort, | ||
36 | setDefaultPagination, | ||
37 | asyncMiddleware(listBlockedAccounts) | ||
38 | ) | ||
39 | |||
40 | serverBlocklistRouter.post('/blocklist/accounts', | ||
41 | authenticate, | ||
42 | ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST), | ||
43 | asyncMiddleware(blockAccountValidator), | ||
44 | asyncRetryTransactionMiddleware(blockAccount) | ||
45 | ) | ||
46 | |||
47 | serverBlocklistRouter.delete('/blocklist/accounts/:accountName', | ||
48 | authenticate, | ||
49 | ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST), | ||
50 | asyncMiddleware(unblockAccountByServerValidator), | ||
51 | asyncRetryTransactionMiddleware(unblockAccount) | ||
52 | ) | ||
53 | |||
54 | serverBlocklistRouter.get('/blocklist/servers', | ||
55 | authenticate, | ||
56 | ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST), | ||
57 | paginationValidator, | ||
58 | serversBlocklistSortValidator, | ||
59 | setDefaultSort, | ||
60 | setDefaultPagination, | ||
61 | asyncMiddleware(listBlockedServers) | ||
62 | ) | ||
63 | |||
64 | serverBlocklistRouter.post('/blocklist/servers', | ||
65 | authenticate, | ||
66 | ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST), | ||
67 | asyncMiddleware(blockServerValidator), | ||
68 | asyncRetryTransactionMiddleware(blockServer) | ||
69 | ) | ||
70 | |||
71 | serverBlocklistRouter.delete('/blocklist/servers/:host', | ||
72 | authenticate, | ||
73 | ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST), | ||
74 | asyncMiddleware(unblockServerByServerValidator), | ||
75 | asyncRetryTransactionMiddleware(unblockServer) | ||
76 | ) | ||
77 | |||
78 | export { | ||
79 | serverBlocklistRouter | ||
80 | } | ||
81 | |||
82 | // --------------------------------------------------------------------------- | ||
83 | |||
84 | async function listBlockedAccounts (req: express.Request, res: express.Response) { | ||
85 | const serverActor = await getServerActor() | ||
86 | |||
87 | const resultList = await AccountBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort) | ||
88 | |||
89 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | ||
90 | } | ||
91 | |||
92 | async function blockAccount (req: express.Request, res: express.Response) { | ||
93 | const serverActor = await getServerActor() | ||
94 | const accountToBlock: AccountModel = res.locals.account | ||
95 | |||
96 | await addAccountInBlocklist(serverActor.Account.id, accountToBlock.id) | ||
97 | |||
98 | return res.status(204).end() | ||
99 | } | ||
100 | |||
101 | async function unblockAccount (req: express.Request, res: express.Response) { | ||
102 | const accountBlock: AccountBlocklistModel = res.locals.accountBlock | ||
103 | |||
104 | await removeAccountFromBlocklist(accountBlock) | ||
105 | |||
106 | return res.status(204).end() | ||
107 | } | ||
108 | |||
109 | async function listBlockedServers (req: express.Request, res: express.Response) { | ||
110 | const serverActor = await getServerActor() | ||
111 | |||
112 | const resultList = await ServerBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort) | ||
113 | |||
114 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | ||
115 | } | ||
116 | |||
117 | async function blockServer (req: express.Request, res: express.Response) { | ||
118 | const serverActor = await getServerActor() | ||
119 | const serverToBlock: ServerModel = res.locals.server | ||
120 | |||
121 | await addServerInBlocklist(serverActor.Account.id, serverToBlock.id) | ||
122 | |||
123 | return res.status(204).end() | ||
124 | } | ||
125 | |||
126 | async function unblockServer (req: express.Request, res: express.Response) { | ||
127 | const serverBlock: ServerBlocklistModel = res.locals.serverBlock | ||
128 | |||
129 | await removeServerFromBlocklist(serverBlock) | ||
130 | |||
131 | return res.status(204).end() | ||
132 | } | ||
diff --git a/server/controllers/api/users/my-blocklist.ts b/server/controllers/api/users/my-blocklist.ts index 95a4105ec..9575eab46 100644 --- a/server/controllers/api/users/my-blocklist.ts +++ b/server/controllers/api/users/my-blocklist.ts | |||
@@ -12,8 +12,8 @@ import { | |||
12 | } from '../../../middlewares' | 12 | } from '../../../middlewares' |
13 | import { | 13 | import { |
14 | accountsBlocklistSortValidator, | 14 | accountsBlocklistSortValidator, |
15 | blockAccountByAccountValidator, | 15 | blockAccountValidator, |
16 | blockServerByAccountValidator, | 16 | blockServerValidator, |
17 | serversBlocklistSortValidator, | 17 | serversBlocklistSortValidator, |
18 | unblockServerByAccountValidator | 18 | unblockServerByAccountValidator |
19 | } from '../../../middlewares/validators' | 19 | } from '../../../middlewares/validators' |
@@ -37,7 +37,7 @@ myBlocklistRouter.get('/me/blocklist/accounts', | |||
37 | 37 | ||
38 | myBlocklistRouter.post('/me/blocklist/accounts', | 38 | myBlocklistRouter.post('/me/blocklist/accounts', |
39 | authenticate, | 39 | authenticate, |
40 | asyncMiddleware(blockAccountByAccountValidator), | 40 | asyncMiddleware(blockAccountValidator), |
41 | asyncRetryTransactionMiddleware(blockAccount) | 41 | asyncRetryTransactionMiddleware(blockAccount) |
42 | ) | 42 | ) |
43 | 43 | ||
@@ -58,7 +58,7 @@ myBlocklistRouter.get('/me/blocklist/servers', | |||
58 | 58 | ||
59 | myBlocklistRouter.post('/me/blocklist/servers', | 59 | myBlocklistRouter.post('/me/blocklist/servers', |
60 | authenticate, | 60 | authenticate, |
61 | asyncMiddleware(blockServerByAccountValidator), | 61 | asyncMiddleware(blockServerValidator), |
62 | asyncRetryTransactionMiddleware(blockServer) | 62 | asyncRetryTransactionMiddleware(blockServer) |
63 | ) | 63 | ) |
64 | 64 | ||
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 25c054d6b..109276c63 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts | |||
@@ -9,8 +9,9 @@ import { isHostValid } from '../../helpers/custom-validators/servers' | |||
9 | import { ServerBlocklistModel } from '../../models/server/server-blocklist' | 9 | import { ServerBlocklistModel } from '../../models/server/server-blocklist' |
10 | import { ServerModel } from '../../models/server/server' | 10 | import { ServerModel } from '../../models/server/server' |
11 | import { CONFIG } from '../../initializers' | 11 | import { CONFIG } from '../../initializers' |
12 | import { getServerActor } from '../../helpers/utils' | ||
12 | 13 | ||
13 | const blockAccountByAccountValidator = [ | 14 | const blockAccountValidator = [ |
14 | body('accountName').exists().withMessage('Should have an account name with host'), | 15 | body('accountName').exists().withMessage('Should have an account name with host'), |
15 | 16 | ||
16 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 17 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
@@ -51,7 +52,24 @@ const unblockAccountByAccountValidator = [ | |||
51 | } | 52 | } |
52 | ] | 53 | ] |
53 | 54 | ||
54 | const blockServerByAccountValidator = [ | 55 | const unblockAccountByServerValidator = [ |
56 | param('accountName').exists().withMessage('Should have an account name with host'), | ||
57 | |||
58 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
59 | logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params }) | ||
60 | |||
61 | if (areValidationErrors(req, res)) return | ||
62 | if (!await isAccountNameWithHostExist(req.params.accountName, res)) return | ||
63 | |||
64 | const serverActor = await getServerActor() | ||
65 | const targetAccount = res.locals.account | ||
66 | if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return | ||
67 | |||
68 | return next() | ||
69 | } | ||
70 | ] | ||
71 | |||
72 | const blockServerValidator = [ | ||
55 | body('host').custom(isHostValid).withMessage('Should have a valid host'), | 73 | body('host').custom(isHostValid).withMessage('Should have a valid host'), |
56 | 74 | ||
57 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 75 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
@@ -95,13 +113,30 @@ const unblockServerByAccountValidator = [ | |||
95 | } | 113 | } |
96 | ] | 114 | ] |
97 | 115 | ||
116 | const unblockServerByServerValidator = [ | ||
117 | param('host').custom(isHostValid).withMessage('Should have an account name with host'), | ||
118 | |||
119 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
120 | logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params }) | ||
121 | |||
122 | if (areValidationErrors(req, res)) return | ||
123 | |||
124 | const serverActor = await getServerActor() | ||
125 | if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return | ||
126 | |||
127 | return next() | ||
128 | } | ||
129 | ] | ||
130 | |||
98 | // --------------------------------------------------------------------------- | 131 | // --------------------------------------------------------------------------- |
99 | 132 | ||
100 | export { | 133 | export { |
101 | blockServerByAccountValidator, | 134 | blockServerValidator, |
102 | blockAccountByAccountValidator, | 135 | blockAccountValidator, |
103 | unblockAccountByAccountValidator, | 136 | unblockAccountByAccountValidator, |
104 | unblockServerByAccountValidator | 137 | unblockServerByAccountValidator, |
138 | unblockAccountByServerValidator, | ||
139 | unblockServerByServerValidator | ||
105 | } | 140 | } |
106 | 141 | ||
107 | // --------------------------------------------------------------------------- | 142 | // --------------------------------------------------------------------------- |
diff --git a/server/models/utils.ts b/server/models/utils.ts index 50c865e75..60b0906e8 100644 --- a/server/models/utils.ts +++ b/server/models/utils.ts | |||
@@ -72,8 +72,6 @@ function buildBlockedAccountSQL (serverAccountId: number, userAccountId?: number | |||
72 | 72 | ||
73 | const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' + | 73 | const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' + |
74 | ' UNION ALL ' + | 74 | ' UNION ALL ' + |
75 | // 'SELECT "accountId" FROM "accountBlocklist" WHERE "targetAccountId" = user.account.id | ||
76 | // UNION ALL | ||
77 | 'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' + | 75 | 'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' + |
78 | 'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' + | 76 | 'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' + |
79 | 'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')' | 77 | 'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')' |
diff --git a/server/tests/api/check-params/blocklist.ts b/server/tests/api/check-params/blocklist.ts index d24d9323f..c745ac975 100644 --- a/server/tests/api/check-params/blocklist.ts +++ b/server/tests/api/check-params/blocklist.ts | |||
@@ -12,13 +12,14 @@ import { | |||
12 | makeGetRequest, | 12 | makeGetRequest, |
13 | makePostBodyRequest, | 13 | makePostBodyRequest, |
14 | ServerInfo, | 14 | ServerInfo, |
15 | setAccessTokensToServers | 15 | setAccessTokensToServers, userLogin |
16 | } from '../../utils' | 16 | } from '../../utils' |
17 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' | 17 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' |
18 | 18 | ||
19 | describe('Test blocklist API validators', function () { | 19 | describe('Test blocklist API validators', function () { |
20 | let servers: ServerInfo[] | 20 | let servers: ServerInfo[] |
21 | let server: ServerInfo | 21 | let server: ServerInfo |
22 | let userAccessToken: string | ||
22 | 23 | ||
23 | before(async function () { | 24 | before(async function () { |
24 | this.timeout(60000) | 25 | this.timeout(60000) |
@@ -33,15 +34,17 @@ describe('Test blocklist API validators', function () { | |||
33 | const user = { username: 'user1', password: 'password' } | 34 | const user = { username: 'user1', password: 'password' } |
34 | await createUser(server.url, server.accessToken, user.username, user.password) | 35 | await createUser(server.url, server.accessToken, user.username, user.password) |
35 | 36 | ||
37 | userAccessToken = await userLogin(server, user) | ||
38 | |||
36 | await doubleFollow(servers[0], servers[1]) | 39 | await doubleFollow(servers[0], servers[1]) |
37 | }) | 40 | }) |
38 | 41 | ||
39 | // --------------------------------------------------------------- | 42 | // --------------------------------------------------------------- |
40 | 43 | ||
41 | describe('When managing user blocklist', function () { | 44 | describe('When managing user blocklist', function () { |
42 | const path = '/api/v1/users/me/blocklist/accounts' | ||
43 | 45 | ||
44 | describe('When managing user accounts blocklist', function () { | 46 | describe('When managing user accounts blocklist', function () { |
47 | const path = '/api/v1/users/me/blocklist/accounts' | ||
45 | 48 | ||
46 | describe('When listing blocked accounts', function () { | 49 | describe('When listing blocked accounts', function () { |
47 | it('Should fail with an unauthenticated user', async function () { | 50 | it('Should fail with an unauthenticated user', async function () { |
@@ -231,6 +234,255 @@ describe('Test blocklist API validators', function () { | |||
231 | }) | 234 | }) |
232 | }) | 235 | }) |
233 | 236 | ||
237 | describe('When managing server blocklist', function () { | ||
238 | |||
239 | describe('When managing server accounts blocklist', function () { | ||
240 | const path = '/api/v1/server/blocklist/accounts' | ||
241 | |||
242 | describe('When listing blocked accounts', function () { | ||
243 | it('Should fail with an unauthenticated user', async function () { | ||
244 | await makeGetRequest({ | ||
245 | url: server.url, | ||
246 | path, | ||
247 | statusCodeExpected: 401 | ||
248 | }) | ||
249 | }) | ||
250 | |||
251 | it('Should fail with a user without the appropriate rights', async function () { | ||
252 | await makeGetRequest({ | ||
253 | url: server.url, | ||
254 | token: userAccessToken, | ||
255 | path, | ||
256 | statusCodeExpected: 403 | ||
257 | }) | ||
258 | }) | ||
259 | |||
260 | it('Should fail with a bad start pagination', async function () { | ||
261 | await checkBadStartPagination(server.url, path, server.accessToken) | ||
262 | }) | ||
263 | |||
264 | it('Should fail with a bad count pagination', async function () { | ||
265 | await checkBadCountPagination(server.url, path, server.accessToken) | ||
266 | }) | ||
267 | |||
268 | it('Should fail with an incorrect sort', async function () { | ||
269 | await checkBadSortPagination(server.url, path, server.accessToken) | ||
270 | }) | ||
271 | }) | ||
272 | |||
273 | describe('When blocking an account', function () { | ||
274 | it('Should fail with an unauthenticated user', async function () { | ||
275 | await makePostBodyRequest({ | ||
276 | url: server.url, | ||
277 | path, | ||
278 | fields: { accountName: 'user1' }, | ||
279 | statusCodeExpected: 401 | ||
280 | }) | ||
281 | }) | ||
282 | |||
283 | it('Should fail with a user without the appropriate rights', async function () { | ||
284 | await makePostBodyRequest({ | ||
285 | url: server.url, | ||
286 | token: userAccessToken, | ||
287 | path, | ||
288 | fields: { accountName: 'user1' }, | ||
289 | statusCodeExpected: 403 | ||
290 | }) | ||
291 | }) | ||
292 | |||
293 | it('Should fail with an unknown account', async function () { | ||
294 | await makePostBodyRequest({ | ||
295 | url: server.url, | ||
296 | token: server.accessToken, | ||
297 | path, | ||
298 | fields: { accountName: 'user2' }, | ||
299 | statusCodeExpected: 404 | ||
300 | }) | ||
301 | }) | ||
302 | |||
303 | it('Should fail to block ourselves', async function () { | ||
304 | await makePostBodyRequest({ | ||
305 | url: server.url, | ||
306 | token: server.accessToken, | ||
307 | path, | ||
308 | fields: { accountName: 'root' }, | ||
309 | statusCodeExpected: 409 | ||
310 | }) | ||
311 | }) | ||
312 | |||
313 | it('Should succeed with the correct params', async function () { | ||
314 | await makePostBodyRequest({ | ||
315 | url: server.url, | ||
316 | token: server.accessToken, | ||
317 | path, | ||
318 | fields: { accountName: 'user1' }, | ||
319 | statusCodeExpected: 204 | ||
320 | }) | ||
321 | }) | ||
322 | }) | ||
323 | |||
324 | describe('When unblocking an account', function () { | ||
325 | it('Should fail with an unauthenticated user', async function () { | ||
326 | await makeDeleteRequest({ | ||
327 | url: server.url, | ||
328 | path: path + '/user1', | ||
329 | statusCodeExpected: 401 | ||
330 | }) | ||
331 | }) | ||
332 | |||
333 | it('Should fail with a user without the appropriate rights', async function () { | ||
334 | await makeDeleteRequest({ | ||
335 | url: server.url, | ||
336 | path: path + '/user1', | ||
337 | token: userAccessToken, | ||
338 | statusCodeExpected: 403 | ||
339 | }) | ||
340 | }) | ||
341 | |||
342 | it('Should fail with an unknown account block', async function () { | ||
343 | await makeDeleteRequest({ | ||
344 | url: server.url, | ||
345 | path: path + '/user2', | ||
346 | token: server.accessToken, | ||
347 | statusCodeExpected: 404 | ||
348 | }) | ||
349 | }) | ||
350 | |||
351 | it('Should succeed with the correct params', async function () { | ||
352 | await makeDeleteRequest({ | ||
353 | url: server.url, | ||
354 | path: path + '/user1', | ||
355 | token: server.accessToken, | ||
356 | statusCodeExpected: 204 | ||
357 | }) | ||
358 | }) | ||
359 | }) | ||
360 | }) | ||
361 | |||
362 | describe('When managing server servers blocklist', function () { | ||
363 | const path = '/api/v1/server/blocklist/servers' | ||
364 | |||
365 | describe('When listing blocked servers', function () { | ||
366 | it('Should fail with an unauthenticated user', async function () { | ||
367 | await makeGetRequest({ | ||
368 | url: server.url, | ||
369 | path, | ||
370 | statusCodeExpected: 401 | ||
371 | }) | ||
372 | }) | ||
373 | |||
374 | it('Should fail with a user without the appropriate rights', async function () { | ||
375 | await makeGetRequest({ | ||
376 | url: server.url, | ||
377 | token: userAccessToken, | ||
378 | path, | ||
379 | statusCodeExpected: 403 | ||
380 | }) | ||
381 | }) | ||
382 | |||
383 | it('Should fail with a bad start pagination', async function () { | ||
384 | await checkBadStartPagination(server.url, path, server.accessToken) | ||
385 | }) | ||
386 | |||
387 | it('Should fail with a bad count pagination', async function () { | ||
388 | await checkBadCountPagination(server.url, path, server.accessToken) | ||
389 | }) | ||
390 | |||
391 | it('Should fail with an incorrect sort', async function () { | ||
392 | await checkBadSortPagination(server.url, path, server.accessToken) | ||
393 | }) | ||
394 | }) | ||
395 | |||
396 | describe('When blocking a server', function () { | ||
397 | it('Should fail with an unauthenticated user', async function () { | ||
398 | await makePostBodyRequest({ | ||
399 | url: server.url, | ||
400 | path, | ||
401 | fields: { host: 'localhost:9002' }, | ||
402 | statusCodeExpected: 401 | ||
403 | }) | ||
404 | }) | ||
405 | |||
406 | it('Should fail with a user without the appropriate rights', async function () { | ||
407 | await makePostBodyRequest({ | ||
408 | url: server.url, | ||
409 | token: userAccessToken, | ||
410 | path, | ||
411 | fields: { host: 'localhost:9002' }, | ||
412 | statusCodeExpected: 403 | ||
413 | }) | ||
414 | }) | ||
415 | |||
416 | it('Should fail with an unknown server', async function () { | ||
417 | await makePostBodyRequest({ | ||
418 | url: server.url, | ||
419 | token: server.accessToken, | ||
420 | path, | ||
421 | fields: { host: 'localhost:9003' }, | ||
422 | statusCodeExpected: 404 | ||
423 | }) | ||
424 | }) | ||
425 | |||
426 | it('Should fail with our own server', async function () { | ||
427 | await makePostBodyRequest({ | ||
428 | url: server.url, | ||
429 | token: server.accessToken, | ||
430 | path, | ||
431 | fields: { host: 'localhost:9001' }, | ||
432 | statusCodeExpected: 409 | ||
433 | }) | ||
434 | }) | ||
435 | |||
436 | it('Should succeed with the correct params', async function () { | ||
437 | await makePostBodyRequest({ | ||
438 | url: server.url, | ||
439 | token: server.accessToken, | ||
440 | path, | ||
441 | fields: { host: 'localhost:9002' }, | ||
442 | statusCodeExpected: 204 | ||
443 | }) | ||
444 | }) | ||
445 | }) | ||
446 | |||
447 | describe('When unblocking a server', function () { | ||
448 | it('Should fail with an unauthenticated user', async function () { | ||
449 | await makeDeleteRequest({ | ||
450 | url: server.url, | ||
451 | path: path + '/localhost:9002', | ||
452 | statusCodeExpected: 401 | ||
453 | }) | ||
454 | }) | ||
455 | |||
456 | it('Should fail with a user without the appropriate rights', async function () { | ||
457 | await makeDeleteRequest({ | ||
458 | url: server.url, | ||
459 | path: path + '/localhost:9002', | ||
460 | token: userAccessToken, | ||
461 | statusCodeExpected: 403 | ||
462 | }) | ||
463 | }) | ||
464 | |||
465 | it('Should fail with an unknown server block', async function () { | ||
466 | await makeDeleteRequest({ | ||
467 | url: server.url, | ||
468 | path: path + '/localhost:9003', | ||
469 | token: server.accessToken, | ||
470 | statusCodeExpected: 404 | ||
471 | }) | ||
472 | }) | ||
473 | |||
474 | it('Should succeed with the correct params', async function () { | ||
475 | await makeDeleteRequest({ | ||
476 | url: server.url, | ||
477 | path: path + '/localhost:9002', | ||
478 | token: server.accessToken, | ||
479 | statusCodeExpected: 204 | ||
480 | }) | ||
481 | }) | ||
482 | }) | ||
483 | }) | ||
484 | }) | ||
485 | |||
234 | after(async function () { | 486 | after(async function () { |
235 | killallServers(servers) | 487 | killallServers(servers) |
236 | 488 | ||
diff --git a/server/tests/api/users/account-blocklist.ts b/server/tests/api/users/account-blocklist.ts deleted file mode 100644 index 026971331..000000000 --- a/server/tests/api/users/account-blocklist.ts +++ /dev/null | |||
@@ -1,294 +0,0 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import * as chai from 'chai' | ||
4 | import 'mocha' | ||
5 | import { AccountBlock, ServerBlock, Video } from '../../../../shared/index' | ||
6 | import { | ||
7 | createUser, | ||
8 | doubleFollow, | ||
9 | flushAndRunMultipleServers, | ||
10 | flushTests, | ||
11 | killallServers, | ||
12 | ServerInfo, | ||
13 | uploadVideo, | ||
14 | userLogin | ||
15 | } from '../../utils/index' | ||
16 | import { setAccessTokensToServers } from '../../utils/users/login' | ||
17 | import { getVideosListWithToken } from '../../utils/videos/videos' | ||
18 | import { | ||
19 | addVideoCommentReply, | ||
20 | addVideoCommentThread, | ||
21 | getVideoCommentThreads, | ||
22 | getVideoThreadComments | ||
23 | } from '../../utils/videos/video-comments' | ||
24 | import { waitJobs } from '../../utils/server/jobs' | ||
25 | import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model' | ||
26 | import { | ||
27 | addAccountToAccountBlocklist, | ||
28 | addServerToAccountBlocklist, | ||
29 | getAccountBlocklistByAccount, getServerBlocklistByAccount, | ||
30 | removeAccountFromAccountBlocklist, | ||
31 | removeServerFromAccountBlocklist | ||
32 | } from '../../utils/users/blocklist' | ||
33 | |||
34 | const expect = chai.expect | ||
35 | |||
36 | async function checkAllVideos (url: string, token: string) { | ||
37 | const res = await getVideosListWithToken(url, token) | ||
38 | |||
39 | expect(res.body.data).to.have.lengthOf(4) | ||
40 | } | ||
41 | |||
42 | async function checkAllComments (url: string, token: string, videoUUID: string) { | ||
43 | const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token) | ||
44 | |||
45 | const threads: VideoComment[] = resThreads.body.data | ||
46 | expect(threads).to.have.lengthOf(2) | ||
47 | |||
48 | for (const thread of threads) { | ||
49 | const res = await getVideoThreadComments(url, videoUUID, thread.id, token) | ||
50 | |||
51 | const tree: VideoCommentThreadTree = res.body | ||
52 | expect(tree.children).to.have.lengthOf(1) | ||
53 | } | ||
54 | } | ||
55 | |||
56 | describe('Test accounts blocklist', function () { | ||
57 | let servers: ServerInfo[] | ||
58 | let videoUUID1: string | ||
59 | let videoUUID2: string | ||
60 | let userToken1: string | ||
61 | let userToken2: string | ||
62 | |||
63 | before(async function () { | ||
64 | this.timeout(60000) | ||
65 | |||
66 | await flushTests() | ||
67 | |||
68 | servers = await flushAndRunMultipleServers(2) | ||
69 | await setAccessTokensToServers(servers) | ||
70 | |||
71 | { | ||
72 | const user = { username: 'user1', password: 'password' } | ||
73 | await createUser(servers[0].url, servers[0].accessToken, user.username, user.password) | ||
74 | |||
75 | userToken1 = await userLogin(servers[0], user) | ||
76 | await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' }) | ||
77 | } | ||
78 | |||
79 | { | ||
80 | const user = { username: 'user2', password: 'password' } | ||
81 | await createUser(servers[1].url, servers[1].accessToken, user.username, user.password) | ||
82 | |||
83 | userToken2 = await userLogin(servers[1], user) | ||
84 | await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' }) | ||
85 | } | ||
86 | |||
87 | { | ||
88 | const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' }) | ||
89 | videoUUID1 = res.body.video.uuid | ||
90 | } | ||
91 | |||
92 | { | ||
93 | const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' }) | ||
94 | videoUUID2 = res.body.video.uuid | ||
95 | } | ||
96 | |||
97 | await doubleFollow(servers[0], servers[1]) | ||
98 | |||
99 | { | ||
100 | const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1') | ||
101 | const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1') | ||
102 | await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1') | ||
103 | } | ||
104 | |||
105 | { | ||
106 | const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1') | ||
107 | await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1') | ||
108 | } | ||
109 | |||
110 | await waitJobs(servers) | ||
111 | }) | ||
112 | |||
113 | describe('When managing account blocklist', function () { | ||
114 | it('Should list all videos', function () { | ||
115 | return checkAllVideos(servers[0].url, servers[0].accessToken) | ||
116 | }) | ||
117 | |||
118 | it('Should list the comments', function () { | ||
119 | return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1) | ||
120 | }) | ||
121 | |||
122 | it('Should block a remote account', async function () { | ||
123 | await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002') | ||
124 | }) | ||
125 | |||
126 | it('Should hide its videos', async function () { | ||
127 | const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken) | ||
128 | |||
129 | const videos: Video[] = res.body.data | ||
130 | expect(videos).to.have.lengthOf(3) | ||
131 | |||
132 | const v = videos.find(v => v.name === 'video user 2') | ||
133 | expect(v).to.be.undefined | ||
134 | }) | ||
135 | |||
136 | it('Should block a local account', async function () { | ||
137 | await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1') | ||
138 | }) | ||
139 | |||
140 | it('Should hide its videos', async function () { | ||
141 | const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken) | ||
142 | |||
143 | const videos: Video[] = res.body.data | ||
144 | expect(videos).to.have.lengthOf(2) | ||
145 | |||
146 | const v = videos.find(v => v.name === 'video user 1') | ||
147 | expect(v).to.be.undefined | ||
148 | }) | ||
149 | |||
150 | it('Should hide its comments', async function () { | ||
151 | const resThreads = await getVideoCommentThreads(servers[0].url, videoUUID1, 0, 5, '-createdAt', servers[0].accessToken) | ||
152 | |||
153 | const threads: VideoComment[] = resThreads.body.data | ||
154 | expect(threads).to.have.lengthOf(1) | ||
155 | expect(threads[0].totalReplies).to.equal(0) | ||
156 | |||
157 | const t = threads.find(t => t.text === 'comment user 1') | ||
158 | expect(t).to.be.undefined | ||
159 | |||
160 | for (const thread of threads) { | ||
161 | const res = await getVideoThreadComments(servers[0].url, videoUUID1, thread.id, servers[0].accessToken) | ||
162 | |||
163 | const tree: VideoCommentThreadTree = res.body | ||
164 | expect(tree.children).to.have.lengthOf(0) | ||
165 | } | ||
166 | }) | ||
167 | |||
168 | it('Should list all the videos with another user', async function () { | ||
169 | return checkAllVideos(servers[0].url, userToken1) | ||
170 | }) | ||
171 | |||
172 | it('Should list all the comments with another user', async function () { | ||
173 | return checkAllComments(servers[0].url, userToken1, videoUUID1) | ||
174 | }) | ||
175 | |||
176 | it('Should list blocked accounts', async function () { | ||
177 | { | ||
178 | const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
179 | const blocks: AccountBlock[] = res.body.data | ||
180 | |||
181 | expect(res.body.total).to.equal(2) | ||
182 | |||
183 | const block = blocks[0] | ||
184 | expect(block.byAccount.displayName).to.equal('root') | ||
185 | expect(block.byAccount.name).to.equal('root') | ||
186 | expect(block.blockedAccount.displayName).to.equal('user2') | ||
187 | expect(block.blockedAccount.name).to.equal('user2') | ||
188 | expect(block.blockedAccount.host).to.equal('localhost:9002') | ||
189 | } | ||
190 | |||
191 | { | ||
192 | const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt') | ||
193 | const blocks: AccountBlock[] = res.body.data | ||
194 | |||
195 | expect(res.body.total).to.equal(2) | ||
196 | |||
197 | const block = blocks[0] | ||
198 | expect(block.byAccount.displayName).to.equal('root') | ||
199 | expect(block.byAccount.name).to.equal('root') | ||
200 | expect(block.blockedAccount.displayName).to.equal('user1') | ||
201 | expect(block.blockedAccount.name).to.equal('user1') | ||
202 | expect(block.blockedAccount.host).to.equal('localhost:9001') | ||
203 | } | ||
204 | }) | ||
205 | |||
206 | it('Should unblock the remote account', async function () { | ||
207 | await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002') | ||
208 | }) | ||
209 | |||
210 | it('Should display its videos', async function () { | ||
211 | const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken) | ||
212 | |||
213 | const videos: Video[] = res.body.data | ||
214 | expect(videos).to.have.lengthOf(3) | ||
215 | |||
216 | const v = videos.find(v => v.name === 'video user 2') | ||
217 | expect(v).not.to.be.undefined | ||
218 | }) | ||
219 | |||
220 | it('Should unblock the local account', async function () { | ||
221 | await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1') | ||
222 | }) | ||
223 | |||
224 | it('Should display its comments', function () { | ||
225 | return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1) | ||
226 | }) | ||
227 | }) | ||
228 | |||
229 | describe('When managing server blocklist', function () { | ||
230 | it('Should list all videos', function () { | ||
231 | return checkAllVideos(servers[0].url, servers[0].accessToken) | ||
232 | }) | ||
233 | |||
234 | it('Should list the comments', function () { | ||
235 | return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1) | ||
236 | }) | ||
237 | |||
238 | it('Should block a remote server', async function () { | ||
239 | await addServerToAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002') | ||
240 | }) | ||
241 | |||
242 | it('Should hide its videos', async function () { | ||
243 | const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken) | ||
244 | |||
245 | const videos: Video[] = res.body.data | ||
246 | expect(videos).to.have.lengthOf(2) | ||
247 | |||
248 | const v1 = videos.find(v => v.name === 'video user 2') | ||
249 | const v2 = videos.find(v => v.name === 'video server 2') | ||
250 | |||
251 | expect(v1).to.be.undefined | ||
252 | expect(v2).to.be.undefined | ||
253 | }) | ||
254 | |||
255 | it('Should list all the videos with another user', async function () { | ||
256 | return checkAllVideos(servers[0].url, userToken1) | ||
257 | }) | ||
258 | |||
259 | it('Should hide its comments') | ||
260 | |||
261 | it('Should list blocked servers', async function () { | ||
262 | const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
263 | const blocks: ServerBlock[] = res.body.data | ||
264 | |||
265 | expect(res.body.total).to.equal(1) | ||
266 | |||
267 | const block = blocks[0] | ||
268 | expect(block.byAccount.displayName).to.equal('root') | ||
269 | expect(block.byAccount.name).to.equal('root') | ||
270 | expect(block.blockedServer.host).to.equal('localhost:9002') | ||
271 | }) | ||
272 | |||
273 | it('Should unblock the remote server', async function () { | ||
274 | await removeServerFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002') | ||
275 | }) | ||
276 | |||
277 | it('Should display its videos', function () { | ||
278 | return checkAllVideos(servers[0].url, servers[0].accessToken) | ||
279 | }) | ||
280 | |||
281 | it('Should display its comments', function () { | ||
282 | return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1) | ||
283 | }) | ||
284 | }) | ||
285 | |||
286 | after(async function () { | ||
287 | killallServers(servers) | ||
288 | |||
289 | // Keep the logs if the test failed | ||
290 | if (this[ 'ok' ]) { | ||
291 | await flushTests() | ||
292 | } | ||
293 | }) | ||
294 | }) | ||
diff --git a/server/tests/api/users/blocklist.ts b/server/tests/api/users/blocklist.ts new file mode 100644 index 000000000..99fe04b8c --- /dev/null +++ b/server/tests/api/users/blocklist.ts | |||
@@ -0,0 +1,500 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import * as chai from 'chai' | ||
4 | import 'mocha' | ||
5 | import { AccountBlock, ServerBlock, Video } from '../../../../shared/index' | ||
6 | import { | ||
7 | createUser, | ||
8 | doubleFollow, | ||
9 | flushAndRunMultipleServers, | ||
10 | flushTests, | ||
11 | killallServers, | ||
12 | ServerInfo, | ||
13 | uploadVideo, | ||
14 | userLogin | ||
15 | } from '../../utils/index' | ||
16 | import { setAccessTokensToServers } from '../../utils/users/login' | ||
17 | import { getVideosListWithToken } from '../../utils/videos/videos' | ||
18 | import { | ||
19 | addVideoCommentReply, | ||
20 | addVideoCommentThread, | ||
21 | getVideoCommentThreads, | ||
22 | getVideoThreadComments | ||
23 | } from '../../utils/videos/video-comments' | ||
24 | import { waitJobs } from '../../utils/server/jobs' | ||
25 | import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model' | ||
26 | import { | ||
27 | addAccountToAccountBlocklist, | ||
28 | addAccountToServerBlocklist, | ||
29 | addServerToAccountBlocklist, | ||
30 | addServerToServerBlocklist, | ||
31 | getAccountBlocklistByAccount, | ||
32 | getAccountBlocklistByServer, | ||
33 | getServerBlocklistByAccount, | ||
34 | getServerBlocklistByServer, | ||
35 | removeAccountFromAccountBlocklist, | ||
36 | removeAccountFromServerBlocklist, | ||
37 | removeServerFromAccountBlocklist, | ||
38 | removeServerFromServerBlocklist | ||
39 | } from '../../utils/users/blocklist' | ||
40 | |||
41 | const expect = chai.expect | ||
42 | |||
43 | async function checkAllVideos (url: string, token: string) { | ||
44 | const res = await getVideosListWithToken(url, token) | ||
45 | |||
46 | expect(res.body.data).to.have.lengthOf(4) | ||
47 | } | ||
48 | |||
49 | async function checkAllComments (url: string, token: string, videoUUID: string) { | ||
50 | const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token) | ||
51 | |||
52 | const threads: VideoComment[] = resThreads.body.data | ||
53 | expect(threads).to.have.lengthOf(2) | ||
54 | |||
55 | for (const thread of threads) { | ||
56 | const res = await getVideoThreadComments(url, videoUUID, thread.id, token) | ||
57 | |||
58 | const tree: VideoCommentThreadTree = res.body | ||
59 | expect(tree.children).to.have.lengthOf(1) | ||
60 | } | ||
61 | } | ||
62 | |||
63 | describe('Test blocklist', function () { | ||
64 | let servers: ServerInfo[] | ||
65 | let videoUUID1: string | ||
66 | let videoUUID2: string | ||
67 | let userToken1: string | ||
68 | let userModeratorToken: string | ||
69 | let userToken2: string | ||
70 | |||
71 | before(async function () { | ||
72 | this.timeout(60000) | ||
73 | |||
74 | await flushTests() | ||
75 | |||
76 | servers = await flushAndRunMultipleServers(2) | ||
77 | await setAccessTokensToServers(servers) | ||
78 | |||
79 | { | ||
80 | const user = { username: 'user1', password: 'password' } | ||
81 | await createUser(servers[0].url, servers[0].accessToken, user.username, user.password) | ||
82 | |||
83 | userToken1 = await userLogin(servers[0], user) | ||
84 | await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' }) | ||
85 | } | ||
86 | |||
87 | { | ||
88 | const user = { username: 'moderator', password: 'password' } | ||
89 | await createUser(servers[0].url, servers[0].accessToken, user.username, user.password) | ||
90 | |||
91 | userModeratorToken = await userLogin(servers[0], user) | ||
92 | } | ||
93 | |||
94 | { | ||
95 | const user = { username: 'user2', password: 'password' } | ||
96 | await createUser(servers[1].url, servers[1].accessToken, user.username, user.password) | ||
97 | |||
98 | userToken2 = await userLogin(servers[1], user) | ||
99 | await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' }) | ||
100 | } | ||
101 | |||
102 | { | ||
103 | const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' }) | ||
104 | videoUUID1 = res.body.video.uuid | ||
105 | } | ||
106 | |||
107 | { | ||
108 | const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' }) | ||
109 | videoUUID2 = res.body.video.uuid | ||
110 | } | ||
111 | |||
112 | await doubleFollow(servers[0], servers[1]) | ||
113 | |||
114 | { | ||
115 | const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1') | ||
116 | const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1') | ||
117 | await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1') | ||
118 | } | ||
119 | |||
120 | { | ||
121 | const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1') | ||
122 | await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1') | ||
123 | } | ||
124 | |||
125 | await waitJobs(servers) | ||
126 | }) | ||
127 | |||
128 | describe('User blocklist', function () { | ||
129 | |||
130 | describe('When managing account blocklist', function () { | ||
131 | it('Should list all videos', function () { | ||
132 | return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
133 | }) | ||
134 | |||
135 | it('Should list the comments', function () { | ||
136 | return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1) | ||
137 | }) | ||
138 | |||
139 | it('Should block a remote account', async function () { | ||
140 | await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002') | ||
141 | }) | ||
142 | |||
143 | it('Should hide its videos', async function () { | ||
144 | const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
145 | |||
146 | const videos: Video[] = res.body.data | ||
147 | expect(videos).to.have.lengthOf(3) | ||
148 | |||
149 | const v = videos.find(v => v.name === 'video user 2') | ||
150 | expect(v).to.be.undefined | ||
151 | }) | ||
152 | |||
153 | it('Should block a local account', async function () { | ||
154 | await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1') | ||
155 | }) | ||
156 | |||
157 | it('Should hide its videos', async function () { | ||
158 | const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
159 | |||
160 | const videos: Video[] = res.body.data | ||
161 | expect(videos).to.have.lengthOf(2) | ||
162 | |||
163 | const v = videos.find(v => v.name === 'video user 1') | ||
164 | expect(v).to.be.undefined | ||
165 | }) | ||
166 | |||
167 | it('Should hide its comments', async function () { | ||
168 | const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', servers[ 0 ].accessToken) | ||
169 | |||
170 | const threads: VideoComment[] = resThreads.body.data | ||
171 | expect(threads).to.have.lengthOf(1) | ||
172 | expect(threads[ 0 ].totalReplies).to.equal(0) | ||
173 | |||
174 | const t = threads.find(t => t.text === 'comment user 1') | ||
175 | expect(t).to.be.undefined | ||
176 | |||
177 | for (const thread of threads) { | ||
178 | const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, servers[ 0 ].accessToken) | ||
179 | |||
180 | const tree: VideoCommentThreadTree = res.body | ||
181 | expect(tree.children).to.have.lengthOf(0) | ||
182 | } | ||
183 | }) | ||
184 | |||
185 | it('Should list all the videos with another user', async function () { | ||
186 | return checkAllVideos(servers[ 0 ].url, userToken1) | ||
187 | }) | ||
188 | |||
189 | it('Should list all the comments with another user', async function () { | ||
190 | return checkAllComments(servers[ 0 ].url, userToken1, videoUUID1) | ||
191 | }) | ||
192 | |||
193 | it('Should list blocked accounts', async function () { | ||
194 | { | ||
195 | const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
196 | const blocks: AccountBlock[] = res.body.data | ||
197 | |||
198 | expect(res.body.total).to.equal(2) | ||
199 | |||
200 | const block = blocks[ 0 ] | ||
201 | expect(block.byAccount.displayName).to.equal('root') | ||
202 | expect(block.byAccount.name).to.equal('root') | ||
203 | expect(block.blockedAccount.displayName).to.equal('user2') | ||
204 | expect(block.blockedAccount.name).to.equal('user2') | ||
205 | expect(block.blockedAccount.host).to.equal('localhost:9002') | ||
206 | } | ||
207 | |||
208 | { | ||
209 | const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt') | ||
210 | const blocks: AccountBlock[] = res.body.data | ||
211 | |||
212 | expect(res.body.total).to.equal(2) | ||
213 | |||
214 | const block = blocks[ 0 ] | ||
215 | expect(block.byAccount.displayName).to.equal('root') | ||
216 | expect(block.byAccount.name).to.equal('root') | ||
217 | expect(block.blockedAccount.displayName).to.equal('user1') | ||
218 | expect(block.blockedAccount.name).to.equal('user1') | ||
219 | expect(block.blockedAccount.host).to.equal('localhost:9001') | ||
220 | } | ||
221 | }) | ||
222 | |||
223 | it('Should unblock the remote account', async function () { | ||
224 | await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002') | ||
225 | }) | ||
226 | |||
227 | it('Should display its videos', async function () { | ||
228 | const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
229 | |||
230 | const videos: Video[] = res.body.data | ||
231 | expect(videos).to.have.lengthOf(3) | ||
232 | |||
233 | const v = videos.find(v => v.name === 'video user 2') | ||
234 | expect(v).not.to.be.undefined | ||
235 | }) | ||
236 | |||
237 | it('Should unblock the local account', async function () { | ||
238 | await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1') | ||
239 | }) | ||
240 | |||
241 | it('Should display its comments', function () { | ||
242 | return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1) | ||
243 | }) | ||
244 | }) | ||
245 | |||
246 | describe('When managing server blocklist', function () { | ||
247 | it('Should list all videos', function () { | ||
248 | return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
249 | }) | ||
250 | |||
251 | it('Should list the comments', function () { | ||
252 | return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1) | ||
253 | }) | ||
254 | |||
255 | it('Should block a remote server', async function () { | ||
256 | await addServerToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002') | ||
257 | }) | ||
258 | |||
259 | it('Should hide its videos', async function () { | ||
260 | const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
261 | |||
262 | const videos: Video[] = res.body.data | ||
263 | expect(videos).to.have.lengthOf(2) | ||
264 | |||
265 | const v1 = videos.find(v => v.name === 'video user 2') | ||
266 | const v2 = videos.find(v => v.name === 'video server 2') | ||
267 | |||
268 | expect(v1).to.be.undefined | ||
269 | expect(v2).to.be.undefined | ||
270 | }) | ||
271 | |||
272 | it('Should list all the videos with another user', async function () { | ||
273 | return checkAllVideos(servers[ 0 ].url, userToken1) | ||
274 | }) | ||
275 | |||
276 | it('Should hide its comments') | ||
277 | |||
278 | it('Should list blocked servers', async function () { | ||
279 | const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
280 | const blocks: ServerBlock[] = res.body.data | ||
281 | |||
282 | expect(res.body.total).to.equal(1) | ||
283 | |||
284 | const block = blocks[ 0 ] | ||
285 | expect(block.byAccount.displayName).to.equal('root') | ||
286 | expect(block.byAccount.name).to.equal('root') | ||
287 | expect(block.blockedServer.host).to.equal('localhost:9002') | ||
288 | }) | ||
289 | |||
290 | it('Should unblock the remote server', async function () { | ||
291 | await removeServerFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002') | ||
292 | }) | ||
293 | |||
294 | it('Should display its videos', function () { | ||
295 | return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken) | ||
296 | }) | ||
297 | |||
298 | it('Should display its comments', function () { | ||
299 | return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1) | ||
300 | }) | ||
301 | }) | ||
302 | }) | ||
303 | |||
304 | describe('Server blocklist', function () { | ||
305 | |||
306 | describe('When managing account blocklist', function () { | ||
307 | it('Should list all videos', async function () { | ||
308 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
309 | await checkAllVideos(servers[ 0 ].url, token) | ||
310 | } | ||
311 | }) | ||
312 | |||
313 | it('Should list the comments', async function () { | ||
314 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
315 | await checkAllComments(servers[ 0 ].url, token, videoUUID1) | ||
316 | } | ||
317 | }) | ||
318 | |||
319 | it('Should block a remote account', async function () { | ||
320 | await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002') | ||
321 | }) | ||
322 | |||
323 | it('Should hide its videos', async function () { | ||
324 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
325 | const res = await getVideosListWithToken(servers[ 0 ].url, token) | ||
326 | |||
327 | const videos: Video[] = res.body.data | ||
328 | expect(videos).to.have.lengthOf(3) | ||
329 | |||
330 | const v = videos.find(v => v.name === 'video user 2') | ||
331 | expect(v).to.be.undefined | ||
332 | } | ||
333 | }) | ||
334 | |||
335 | it('Should block a local account', async function () { | ||
336 | await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1') | ||
337 | }) | ||
338 | |||
339 | it('Should hide its videos', async function () { | ||
340 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
341 | const res = await getVideosListWithToken(servers[ 0 ].url, token) | ||
342 | |||
343 | const videos: Video[] = res.body.data | ||
344 | expect(videos).to.have.lengthOf(2) | ||
345 | |||
346 | const v = videos.find(v => v.name === 'video user 1') | ||
347 | expect(v).to.be.undefined | ||
348 | } | ||
349 | }) | ||
350 | |||
351 | it('Should hide its comments', async function () { | ||
352 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
353 | const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', token) | ||
354 | |||
355 | const threads: VideoComment[] = resThreads.body.data | ||
356 | expect(threads).to.have.lengthOf(1) | ||
357 | expect(threads[ 0 ].totalReplies).to.equal(0) | ||
358 | |||
359 | const t = threads.find(t => t.text === 'comment user 1') | ||
360 | expect(t).to.be.undefined | ||
361 | |||
362 | for (const thread of threads) { | ||
363 | const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, token) | ||
364 | |||
365 | const tree: VideoCommentThreadTree = res.body | ||
366 | expect(tree.children).to.have.lengthOf(0) | ||
367 | } | ||
368 | } | ||
369 | }) | ||
370 | |||
371 | it('Should list blocked accounts', async function () { | ||
372 | { | ||
373 | const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
374 | const blocks: AccountBlock[] = res.body.data | ||
375 | |||
376 | expect(res.body.total).to.equal(2) | ||
377 | |||
378 | const block = blocks[ 0 ] | ||
379 | expect(block.byAccount.displayName).to.equal('peertube') | ||
380 | expect(block.byAccount.name).to.equal('peertube') | ||
381 | expect(block.blockedAccount.displayName).to.equal('user2') | ||
382 | expect(block.blockedAccount.name).to.equal('user2') | ||
383 | expect(block.blockedAccount.host).to.equal('localhost:9002') | ||
384 | } | ||
385 | |||
386 | { | ||
387 | const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt') | ||
388 | const blocks: AccountBlock[] = res.body.data | ||
389 | |||
390 | expect(res.body.total).to.equal(2) | ||
391 | |||
392 | const block = blocks[ 0 ] | ||
393 | expect(block.byAccount.displayName).to.equal('peertube') | ||
394 | expect(block.byAccount.name).to.equal('peertube') | ||
395 | expect(block.blockedAccount.displayName).to.equal('user1') | ||
396 | expect(block.blockedAccount.name).to.equal('user1') | ||
397 | expect(block.blockedAccount.host).to.equal('localhost:9001') | ||
398 | } | ||
399 | }) | ||
400 | |||
401 | it('Should unblock the remote account', async function () { | ||
402 | await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002') | ||
403 | }) | ||
404 | |||
405 | it('Should display its videos', async function () { | ||
406 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
407 | const res = await getVideosListWithToken(servers[ 0 ].url, token) | ||
408 | |||
409 | const videos: Video[] = res.body.data | ||
410 | expect(videos).to.have.lengthOf(3) | ||
411 | |||
412 | const v = videos.find(v => v.name === 'video user 2') | ||
413 | expect(v).not.to.be.undefined | ||
414 | } | ||
415 | }) | ||
416 | |||
417 | it('Should unblock the local account', async function () { | ||
418 | await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1') | ||
419 | }) | ||
420 | |||
421 | it('Should display its comments', async function () { | ||
422 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
423 | await checkAllComments(servers[ 0 ].url, token, videoUUID1) | ||
424 | } | ||
425 | }) | ||
426 | }) | ||
427 | |||
428 | describe('When managing server blocklist', function () { | ||
429 | it('Should list all videos', async function () { | ||
430 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
431 | await checkAllVideos(servers[ 0 ].url, token) | ||
432 | } | ||
433 | }) | ||
434 | |||
435 | it('Should list the comments', async function () { | ||
436 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
437 | await checkAllComments(servers[ 0 ].url, token, videoUUID1) | ||
438 | } | ||
439 | }) | ||
440 | |||
441 | it('Should block a remote server', async function () { | ||
442 | await addServerToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002') | ||
443 | }) | ||
444 | |||
445 | it('Should hide its videos', async function () { | ||
446 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
447 | const res = await getVideosListWithToken(servers[ 0 ].url, token) | ||
448 | |||
449 | const videos: Video[] = res.body.data | ||
450 | expect(videos).to.have.lengthOf(2) | ||
451 | |||
452 | const v1 = videos.find(v => v.name === 'video user 2') | ||
453 | const v2 = videos.find(v => v.name === 'video server 2') | ||
454 | |||
455 | expect(v1).to.be.undefined | ||
456 | expect(v2).to.be.undefined | ||
457 | } | ||
458 | }) | ||
459 | |||
460 | it('Should hide its comments') | ||
461 | |||
462 | it('Should list blocked servers', async function () { | ||
463 | const res = await getServerBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt') | ||
464 | const blocks: ServerBlock[] = res.body.data | ||
465 | |||
466 | expect(res.body.total).to.equal(1) | ||
467 | |||
468 | const block = blocks[ 0 ] | ||
469 | expect(block.byAccount.displayName).to.equal('peertube') | ||
470 | expect(block.byAccount.name).to.equal('peertube') | ||
471 | expect(block.blockedServer.host).to.equal('localhost:9002') | ||
472 | }) | ||
473 | |||
474 | it('Should unblock the remote server', async function () { | ||
475 | await removeServerFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002') | ||
476 | }) | ||
477 | |||
478 | it('Should list all videos', async function () { | ||
479 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
480 | await checkAllVideos(servers[ 0 ].url, token) | ||
481 | } | ||
482 | }) | ||
483 | |||
484 | it('Should list the comments', async function () { | ||
485 | for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) { | ||
486 | await checkAllComments(servers[ 0 ].url, token, videoUUID1) | ||
487 | } | ||
488 | }) | ||
489 | }) | ||
490 | }) | ||
491 | |||
492 | after(async function () { | ||
493 | killallServers(servers) | ||
494 | |||
495 | // Keep the logs if the test failed | ||
496 | if (this[ 'ok' ]) { | ||
497 | await flushTests() | ||
498 | } | ||
499 | }) | ||
500 | }) | ||
diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts index 21d75da3e..0a1b8b0b2 100644 --- a/server/tests/api/users/index.ts +++ b/server/tests/api/users/index.ts | |||
@@ -1,3 +1,4 @@ | |||
1 | import './blocklist' | ||
1 | import './user-subscriptions' | 2 | import './user-subscriptions' |
2 | import './users' | 3 | import './users' |
3 | import './users-verification' | 4 | import './users-verification' |
diff --git a/server/tests/utils/users/blocklist.ts b/server/tests/utils/users/blocklist.ts index 47b315480..35b537571 100644 --- a/server/tests/utils/users/blocklist.ts +++ b/server/tests/utils/users/blocklist.ts | |||
@@ -91,6 +91,94 @@ function removeServerFromAccountBlocklist (url: string, token: string, serverToB | |||
91 | }) | 91 | }) |
92 | } | 92 | } |
93 | 93 | ||
94 | function getAccountBlocklistByServer ( | ||
95 | url: string, | ||
96 | token: string, | ||
97 | start: number, | ||
98 | count: number, | ||
99 | sort = '-createdAt', | ||
100 | statusCodeExpected = 200 | ||
101 | ) { | ||
102 | const path = '/api/v1/server/blocklist/accounts' | ||
103 | |||
104 | return makeGetRequest({ | ||
105 | url, | ||
106 | token, | ||
107 | query: { start, count, sort }, | ||
108 | path, | ||
109 | statusCodeExpected | ||
110 | }) | ||
111 | } | ||
112 | |||
113 | function addAccountToServerBlocklist (url: string, token: string, accountToBlock: string, statusCodeExpected = 204) { | ||
114 | const path = '/api/v1/server/blocklist/accounts' | ||
115 | |||
116 | return makePostBodyRequest({ | ||
117 | url, | ||
118 | path, | ||
119 | token, | ||
120 | fields: { | ||
121 | accountName: accountToBlock | ||
122 | }, | ||
123 | statusCodeExpected | ||
124 | }) | ||
125 | } | ||
126 | |||
127 | function removeAccountFromServerBlocklist (url: string, token: string, accountToUnblock: string, statusCodeExpected = 204) { | ||
128 | const path = '/api/v1/server/blocklist/accounts/' + accountToUnblock | ||
129 | |||
130 | return makeDeleteRequest({ | ||
131 | url, | ||
132 | path, | ||
133 | token, | ||
134 | statusCodeExpected | ||
135 | }) | ||
136 | } | ||
137 | |||
138 | function getServerBlocklistByServer ( | ||
139 | url: string, | ||
140 | token: string, | ||
141 | start: number, | ||
142 | count: number, | ||
143 | sort = '-createdAt', | ||
144 | statusCodeExpected = 200 | ||
145 | ) { | ||
146 | const path = '/api/v1/server/blocklist/servers' | ||
147 | |||
148 | return makeGetRequest({ | ||
149 | url, | ||
150 | token, | ||
151 | query: { start, count, sort }, | ||
152 | path, | ||
153 | statusCodeExpected | ||
154 | }) | ||
155 | } | ||
156 | |||
157 | function addServerToServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) { | ||
158 | const path = '/api/v1/server/blocklist/servers' | ||
159 | |||
160 | return makePostBodyRequest({ | ||
161 | url, | ||
162 | path, | ||
163 | token, | ||
164 | fields: { | ||
165 | host: serverToBlock | ||
166 | }, | ||
167 | statusCodeExpected | ||
168 | }) | ||
169 | } | ||
170 | |||
171 | function removeServerFromServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) { | ||
172 | const path = '/api/v1/server/blocklist/servers/' + serverToBlock | ||
173 | |||
174 | return makeDeleteRequest({ | ||
175 | url, | ||
176 | path, | ||
177 | token, | ||
178 | statusCodeExpected | ||
179 | }) | ||
180 | } | ||
181 | |||
94 | // --------------------------------------------------------------------------- | 182 | // --------------------------------------------------------------------------- |
95 | 183 | ||
96 | export { | 184 | export { |
@@ -99,5 +187,12 @@ export { | |||
99 | removeAccountFromAccountBlocklist, | 187 | removeAccountFromAccountBlocklist, |
100 | getServerBlocklistByAccount, | 188 | getServerBlocklistByAccount, |
101 | addServerToAccountBlocklist, | 189 | addServerToAccountBlocklist, |
102 | removeServerFromAccountBlocklist | 190 | removeServerFromAccountBlocklist, |
191 | |||
192 | getAccountBlocklistByServer, | ||
193 | addAccountToServerBlocklist, | ||
194 | removeAccountFromServerBlocklist, | ||
195 | getServerBlocklistByServer, | ||
196 | addServerToServerBlocklist, | ||
197 | removeServerFromServerBlocklist | ||
103 | } | 198 | } |
diff --git a/shared/models/users/user-right.enum.ts b/shared/models/users/user-right.enum.ts index ed2c536ce..51c59d20a 100644 --- a/shared/models/users/user-right.enum.ts +++ b/shared/models/users/user-right.enum.ts | |||
@@ -8,6 +8,9 @@ export enum UserRight { | |||
8 | MANAGE_JOBS, | 8 | MANAGE_JOBS, |
9 | MANAGE_CONFIGURATION, | 9 | MANAGE_CONFIGURATION, |
10 | 10 | ||
11 | MANAGE_ACCOUNTS_BLOCKLIST, | ||
12 | MANAGE_SERVERS_BLOCKLIST, | ||
13 | |||
11 | MANAGE_VIDEO_BLACKLIST, | 14 | MANAGE_VIDEO_BLACKLIST, |
12 | 15 | ||
13 | REMOVE_ANY_VIDEO, | 16 | REMOVE_ANY_VIDEO, |
diff --git a/shared/models/users/user-role.ts b/shared/models/users/user-role.ts index d7020c0f2..adef8fd95 100644 --- a/shared/models/users/user-role.ts +++ b/shared/models/users/user-role.ts | |||
@@ -27,7 +27,9 @@ const userRoleRights: { [ id: number ]: UserRight[] } = { | |||
27 | UserRight.REMOVE_ANY_VIDEO_CHANNEL, | 27 | UserRight.REMOVE_ANY_VIDEO_CHANNEL, |
28 | UserRight.REMOVE_ANY_VIDEO_COMMENT, | 28 | UserRight.REMOVE_ANY_VIDEO_COMMENT, |
29 | UserRight.UPDATE_ANY_VIDEO, | 29 | UserRight.UPDATE_ANY_VIDEO, |
30 | UserRight.SEE_ALL_VIDEOS | 30 | UserRight.SEE_ALL_VIDEOS, |
31 | UserRight.MANAGE_ACCOUNTS_BLOCKLIST, | ||
32 | UserRight.MANAGE_SERVERS_BLOCKLIST | ||
31 | ], | 33 | ], |
32 | 34 | ||
33 | [UserRole.USER]: [] | 35 | [UserRole.USER]: [] |