diff options
-rw-r--r-- | server/helpers/core-utils.ts | 23 | ||||
-rw-r--r-- | server/helpers/custom-validators/accounts.ts | 7 | ||||
-rw-r--r-- | server/helpers/custom-validators/video-channels.ts | 5 | ||||
-rw-r--r-- | server/helpers/custom-validators/videos.ts | 113 | ||||
-rw-r--r-- | server/helpers/database-utils.ts | 1 | ||||
-rw-r--r-- | server/helpers/ffmpeg-utils.ts | 3 | ||||
-rw-r--r-- | server/helpers/logger.ts | 2 | ||||
-rw-r--r-- | server/helpers/peertube-crypto.ts | 15 | ||||
-rw-r--r-- | server/helpers/utils.ts | 5 | ||||
-rw-r--r-- | server/helpers/webfinger.ts | 1 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 43 | ||||
-rw-r--r-- | server/middlewares/validators/webfinger.ts | 8 |
12 files changed, 57 insertions, 169 deletions
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts index 4ff07848c..443115336 100644 --- a/server/helpers/core-utils.ts +++ b/server/helpers/core-utils.ts | |||
@@ -3,23 +3,14 @@ | |||
3 | Useful to avoid circular dependencies. | 3 | Useful to avoid circular dependencies. |
4 | */ | 4 | */ |
5 | 5 | ||
6 | import { join } from 'path' | ||
7 | import { pseudoRandomBytes } from 'crypto' | ||
8 | import { | ||
9 | readdir, | ||
10 | readFile, | ||
11 | rename, | ||
12 | unlink, | ||
13 | writeFile, | ||
14 | access, | ||
15 | stat, | ||
16 | Stats | ||
17 | } from 'fs' | ||
18 | import * as mkdirp from 'mkdirp' | ||
19 | import * as bcrypt from 'bcrypt' | 6 | import * as bcrypt from 'bcrypt' |
20 | import * as createTorrent from 'create-torrent' | 7 | import * as createTorrent from 'create-torrent' |
21 | import * as rimraf from 'rimraf' | 8 | import { pseudoRandomBytes } from 'crypto' |
9 | import { readdir, readFile, rename, stat, Stats, unlink, writeFile } from 'fs' | ||
10 | import * as mkdirp from 'mkdirp' | ||
11 | import { join } from 'path' | ||
22 | import * as pem from 'pem' | 12 | import * as pem from 'pem' |
13 | import * as rimraf from 'rimraf' | ||
23 | 14 | ||
24 | function isTestInstance () { | 15 | function isTestInstance () { |
25 | return process.env.NODE_ENV === 'test' | 16 | return process.env.NODE_ENV === 'test' |
@@ -100,7 +91,6 @@ function promisify2WithVoid<T, U> (func: (arg1: T, arg2: U, cb: (err: any) => vo | |||
100 | } | 91 | } |
101 | } | 92 | } |
102 | 93 | ||
103 | const readFilePromise = promisify2<string, string, string>(readFile) | ||
104 | const readFileBufferPromise = promisify1<string, Buffer>(readFile) | 94 | const readFileBufferPromise = promisify1<string, Buffer>(readFile) |
105 | const unlinkPromise = promisify1WithVoid<string>(unlink) | 95 | const unlinkPromise = promisify1WithVoid<string>(unlink) |
106 | const renamePromise = promisify2WithVoid<string, string>(rename) | 96 | const renamePromise = promisify2WithVoid<string, string>(rename) |
@@ -108,7 +98,6 @@ const writeFilePromise = promisify2WithVoid<string, any>(writeFile) | |||
108 | const readdirPromise = promisify1<string, string[]>(readdir) | 98 | const readdirPromise = promisify1<string, string[]>(readdir) |
109 | const mkdirpPromise = promisify1<string, string>(mkdirp) | 99 | const mkdirpPromise = promisify1<string, string>(mkdirp) |
110 | const pseudoRandomBytesPromise = promisify1<number, Buffer>(pseudoRandomBytes) | 100 | const pseudoRandomBytesPromise = promisify1<number, Buffer>(pseudoRandomBytes) |
111 | const accessPromise = promisify1WithVoid<string | Buffer>(access) | ||
112 | const createPrivateKey = promisify1<number, { key: string }>(pem.createPrivateKey) | 101 | const createPrivateKey = promisify1<number, { key: string }>(pem.createPrivateKey) |
113 | const getPublicKey = promisify1<string, { publicKey: string }>(pem.getPublicKey) | 102 | const getPublicKey = promisify1<string, { publicKey: string }>(pem.getPublicKey) |
114 | const bcryptComparePromise = promisify2<any, string, boolean>(bcrypt.compare) | 103 | const bcryptComparePromise = promisify2<any, string, boolean>(bcrypt.compare) |
@@ -130,14 +119,12 @@ export { | |||
130 | promisify1, | 119 | promisify1, |
131 | 120 | ||
132 | readdirPromise, | 121 | readdirPromise, |
133 | readFilePromise, | ||
134 | readFileBufferPromise, | 122 | readFileBufferPromise, |
135 | unlinkPromise, | 123 | unlinkPromise, |
136 | renamePromise, | 124 | renamePromise, |
137 | writeFilePromise, | 125 | writeFilePromise, |
138 | mkdirpPromise, | 126 | mkdirpPromise, |
139 | pseudoRandomBytesPromise, | 127 | pseudoRandomBytesPromise, |
140 | accessPromise, | ||
141 | createPrivateKey, | 128 | createPrivateKey, |
142 | getPublicKey, | 129 | getPublicKey, |
143 | bcryptComparePromise, | 130 | bcryptComparePromise, |
diff --git a/server/helpers/custom-validators/accounts.ts b/server/helpers/custom-validators/accounts.ts index 088d5fc8f..83540e545 100644 --- a/server/helpers/custom-validators/accounts.ts +++ b/server/helpers/custom-validators/accounts.ts | |||
@@ -14,12 +14,6 @@ function isAccountNameValid (value: string) { | |||
14 | return isUserUsernameValid(value) | 14 | return isUserUsernameValid(value) |
15 | } | 15 | } |
16 | 16 | ||
17 | function isAccountNameWithHostValid (value: string) { | ||
18 | const [ name, host ] = value.split('@') | ||
19 | |||
20 | return isAccountNameValid(name) && isHostValid(host) | ||
21 | } | ||
22 | |||
23 | function checkVideoAccountExists (id: string, res: express.Response, callback: () => void) { | 17 | function checkVideoAccountExists (id: string, res: express.Response, callback: () => void) { |
24 | let promise: Promise<AccountInstance> | 18 | let promise: Promise<AccountInstance> |
25 | if (validator.isInt(id)) { | 19 | if (validator.isInt(id)) { |
@@ -48,6 +42,5 @@ function checkVideoAccountExists (id: string, res: express.Response, callback: ( | |||
48 | 42 | ||
49 | export { | 43 | export { |
50 | checkVideoAccountExists, | 44 | checkVideoAccountExists, |
51 | isAccountNameWithHostValid, | ||
52 | isAccountNameValid | 45 | isAccountNameValid |
53 | } | 46 | } |
diff --git a/server/helpers/custom-validators/video-channels.ts b/server/helpers/custom-validators/video-channels.ts index 5787c3850..5de01f74b 100644 --- a/server/helpers/custom-validators/video-channels.ts +++ b/server/helpers/custom-validators/video-channels.ts | |||
@@ -24,10 +24,6 @@ function isVideoChannelNameValid (value: string) { | |||
24 | return exists(value) && validator.isLength(value, VIDEO_CHANNELS_CONSTRAINTS_FIELDS.NAME) | 24 | return exists(value) && validator.isLength(value, VIDEO_CHANNELS_CONSTRAINTS_FIELDS.NAME) |
25 | } | 25 | } |
26 | 26 | ||
27 | function isVideoChannelUUIDValid (value: string) { | ||
28 | return exists(value) && validator.isUUID('' + value, 4) | ||
29 | } | ||
30 | |||
31 | function checkVideoChannelExists (id: string, res: express.Response, callback: () => void) { | 27 | function checkVideoChannelExists (id: string, res: express.Response, callback: () => void) { |
32 | let promise: Promise<VideoChannelInstance> | 28 | let promise: Promise<VideoChannelInstance> |
33 | if (validator.isInt(id)) { | 29 | if (validator.isInt(id)) { |
@@ -57,7 +53,6 @@ function checkVideoChannelExists (id: string, res: express.Response, callback: ( | |||
57 | export { | 53 | export { |
58 | isVideoChannelDescriptionValid, | 54 | isVideoChannelDescriptionValid, |
59 | isVideoChannelNameValid, | 55 | isVideoChannelNameValid, |
60 | isVideoChannelUUIDValid, | ||
61 | checkVideoChannelExists, | 56 | checkVideoChannelExists, |
62 | isVideoChannelUrlValid | 57 | isVideoChannelUrlValid |
63 | } | 58 | } |
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 07aadadb1..c893d2c7c 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts | |||
@@ -1,37 +1,25 @@ | |||
1 | import * as Promise from 'bluebird' | 1 | import * as Bluebird from 'bluebird' |
2 | import * as express from 'express' | 2 | import { Response } from 'express' |
3 | import 'express-validator' | 3 | import 'express-validator' |
4 | import { values } from 'lodash' | 4 | import { values } from 'lodash' |
5 | import 'multer' | 5 | import 'multer' |
6 | import * as validator from 'validator' | 6 | import * as validator from 'validator' |
7 | import { VideoRateType } from '../../../shared' | 7 | import { VideoRateType } from '../../../shared' |
8 | import { logger } from '../../helpers' | 8 | import { CONSTRAINTS_FIELDS, VIDEO_CATEGORIES, VIDEO_LANGUAGES, VIDEO_LICENCES, VIDEO_RATE_TYPES } from '../../initializers' |
9 | import { | 9 | import { database as db } from '../../initializers/database' |
10 | CONSTRAINTS_FIELDS, | 10 | import { VideoInstance } from '../../models/video/video-interface' |
11 | database as db, | 11 | import { logger } from '../logger' |
12 | VIDEO_CATEGORIES, | ||
13 | VIDEO_LANGUAGES, | ||
14 | VIDEO_LICENCES, | ||
15 | VIDEO_PRIVACIES, | ||
16 | VIDEO_RATE_TYPES | ||
17 | } from '../../initializers' | ||
18 | import { VideoInstance } from '../../models' | ||
19 | import { isActivityPubUrlValid } from './activitypub/misc' | 12 | import { isActivityPubUrlValid } from './activitypub/misc' |
20 | import { exists, isArray } from './misc' | 13 | import { exists, isArray } from './misc' |
14 | import { VIDEO_PRIVACIES } from '../../initializers/constants' | ||
21 | 15 | ||
22 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS | 16 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS |
23 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES | 17 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES |
24 | const VIDEO_EVENTS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_EVENTS | ||
25 | 18 | ||
26 | function isVideoCategoryValid (value: number) { | 19 | function isVideoCategoryValid (value: number) { |
27 | return VIDEO_CATEGORIES[value] !== undefined | 20 | return VIDEO_CATEGORIES[value] !== undefined |
28 | } | 21 | } |
29 | 22 | ||
30 | // Maybe we don't know the remote category, but that doesn't matter | ||
31 | function isRemoteVideoCategoryValid (value: string) { | ||
32 | return validator.isInt('' + value) | ||
33 | } | ||
34 | |||
35 | function isVideoUrlValid (value: string) { | 23 | function isVideoUrlValid (value: string) { |
36 | return isActivityPubUrlValid(value) | 24 | return isActivityPubUrlValid(value) |
37 | } | 25 | } |
@@ -40,29 +28,10 @@ function isVideoLicenceValid (value: number) { | |||
40 | return VIDEO_LICENCES[value] !== undefined | 28 | return VIDEO_LICENCES[value] !== undefined |
41 | } | 29 | } |
42 | 30 | ||
43 | function isVideoPrivacyValid (value: string) { | ||
44 | return VIDEO_PRIVACIES[value] !== undefined | ||
45 | } | ||
46 | |||
47 | // Maybe we don't know the remote privacy setting, but that doesn't matter | ||
48 | function isRemoteVideoPrivacyValid (value: string) { | ||
49 | return validator.isInt('' + value) | ||
50 | } | ||
51 | |||
52 | // Maybe we don't know the remote licence, but that doesn't matter | ||
53 | function isRemoteVideoLicenceValid (value: string) { | ||
54 | return validator.isInt('' + value) | ||
55 | } | ||
56 | |||
57 | function isVideoLanguageValid (value: number) { | 31 | function isVideoLanguageValid (value: number) { |
58 | return value === null || VIDEO_LANGUAGES[value] !== undefined | 32 | return value === null || VIDEO_LANGUAGES[value] !== undefined |
59 | } | 33 | } |
60 | 34 | ||
61 | // Maybe we don't know the remote language, but that doesn't matter | ||
62 | function isRemoteVideoLanguageValid (value: string) { | ||
63 | return validator.isInt('' + value) | ||
64 | } | ||
65 | |||
66 | function isVideoNSFWValid (value: any) { | 35 | function isVideoNSFWValid (value: any) { |
67 | return typeof value === 'boolean' || (typeof value === 'string' && validator.isBoolean(value)) | 36 | return typeof value === 'boolean' || (typeof value === 'string' && validator.isBoolean(value)) |
68 | } | 37 | } |
@@ -93,14 +62,6 @@ function isVideoTagsValid (tags: string[]) { | |||
93 | tags.every(tag => isVideoTagValid(tag)) | 62 | tags.every(tag => isVideoTagValid(tag)) |
94 | } | 63 | } |
95 | 64 | ||
96 | function isVideoThumbnailValid (value: string) { | ||
97 | return exists(value) && validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.THUMBNAIL) | ||
98 | } | ||
99 | |||
100 | function isVideoThumbnailDataValid (value: string) { | ||
101 | return exists(value) && validator.isByteLength(value, VIDEOS_CONSTRAINTS_FIELDS.THUMBNAIL_DATA) | ||
102 | } | ||
103 | |||
104 | function isVideoAbuseReasonValid (value: string) { | 65 | function isVideoAbuseReasonValid (value: string) { |
105 | return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.REASON) | 66 | return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.REASON) |
106 | } | 67 | } |
@@ -109,18 +70,6 @@ function isVideoViewsValid (value: string) { | |||
109 | return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.VIEWS) | 70 | return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.VIEWS) |
110 | } | 71 | } |
111 | 72 | ||
112 | function isVideoLikesValid (value: string) { | ||
113 | return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.LIKES) | ||
114 | } | ||
115 | |||
116 | function isVideoDislikesValid (value: string) { | ||
117 | return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.DISLIKES) | ||
118 | } | ||
119 | |||
120 | function isVideoEventCountValid (value: string) { | ||
121 | return exists(value) && validator.isInt(value + '', VIDEO_EVENTS_CONSTRAINTS_FIELDS.COUNT) | ||
122 | } | ||
123 | |||
124 | function isVideoRatingTypeValid (value: string) { | 73 | function isVideoRatingTypeValid (value: string) { |
125 | return values(VIDEO_RATE_TYPES).indexOf(value as VideoRateType) !== -1 | 74 | return values(VIDEO_RATE_TYPES).indexOf(value as VideoRateType) !== -1 |
126 | } | 75 | } |
@@ -141,24 +90,16 @@ function isVideoFile (files: { [ fieldname: string ]: Express.Multer.File[] } | | |||
141 | return new RegExp('^video/(webm|mp4|ogg)$', 'i').test(file.mimetype) | 90 | return new RegExp('^video/(webm|mp4|ogg)$', 'i').test(file.mimetype) |
142 | } | 91 | } |
143 | 92 | ||
144 | function isVideoFileSizeValid (value: string) { | ||
145 | return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE) | ||
146 | } | ||
147 | |||
148 | function isVideoFileResolutionValid (value: string) { | ||
149 | return exists(value) && validator.isInt(value + '') | ||
150 | } | ||
151 | |||
152 | function isVideoFileExtnameValid (value: string) { | ||
153 | return VIDEOS_CONSTRAINTS_FIELDS.EXTNAME.indexOf(value) !== -1 | ||
154 | } | ||
155 | |||
156 | function isVideoFileInfoHashValid (value: string) { | 93 | function isVideoFileInfoHashValid (value: string) { |
157 | return exists(value) && validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.INFO_HASH) | 94 | return exists(value) && validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.INFO_HASH) |
158 | } | 95 | } |
159 | 96 | ||
160 | function checkVideoExists (id: string, res: express.Response, callback: () => void) { | 97 | function isVideoPrivacyValid (value: string) { |
161 | let promise: Promise<VideoInstance> | 98 | return VIDEO_PRIVACIES[value] !== undefined |
99 | } | ||
100 | |||
101 | function checkVideoExists (id: string, res: Response, callback: () => void) { | ||
102 | let promise: Bluebird<VideoInstance> | ||
162 | if (validator.isInt(id)) { | 103 | if (validator.isInt(id)) { |
163 | promise = db.Video.loadAndPopulateAccountAndServerAndTags(+id) | 104 | promise = db.Video.loadAndPopulateAccountAndServerAndTags(+id) |
164 | } else { // UUID | 105 | } else { // UUID |
@@ -168,17 +109,17 @@ function checkVideoExists (id: string, res: express.Response, callback: () => vo | |||
168 | promise.then(video => { | 109 | promise.then(video => { |
169 | if (!video) { | 110 | if (!video) { |
170 | return res.status(404) | 111 | return res.status(404) |
171 | .json({ error: 'Video not found' }) | 112 | .json({ error: 'Video not found' }) |
172 | .end() | 113 | .end() |
173 | } | 114 | } |
174 | 115 | ||
175 | res.locals.video = video | 116 | res.locals.video = video |
176 | callback() | 117 | callback() |
177 | }) | 118 | }) |
178 | .catch(err => { | 119 | .catch(err => { |
179 | logger.error('Error in video request validator.', err) | 120 | logger.error('Error in video request validator.', err) |
180 | return res.sendStatus(500) | 121 | return res.sendStatus(500) |
181 | }) | 122 | }) |
182 | } | 123 | } |
183 | 124 | ||
184 | // --------------------------------------------------------------------------- | 125 | // --------------------------------------------------------------------------- |
@@ -193,25 +134,13 @@ export { | |||
193 | isVideoFileInfoHashValid, | 134 | isVideoFileInfoHashValid, |
194 | isVideoNameValid, | 135 | isVideoNameValid, |
195 | isVideoTagsValid, | 136 | isVideoTagsValid, |
196 | isVideoThumbnailValid, | ||
197 | isVideoThumbnailDataValid, | ||
198 | isVideoFileExtnameValid, | ||
199 | isVideoAbuseReasonValid, | 137 | isVideoAbuseReasonValid, |
200 | isVideoFile, | 138 | isVideoFile, |
201 | isVideoViewsValid, | 139 | isVideoViewsValid, |
202 | isVideoLikesValid, | ||
203 | isVideoRatingTypeValid, | 140 | isVideoRatingTypeValid, |
204 | isVideoDislikesValid, | ||
205 | isVideoEventCountValid, | ||
206 | isVideoFileSizeValid, | ||
207 | isVideoPrivacyValid, | ||
208 | isRemoteVideoPrivacyValid, | ||
209 | isVideoDurationValid, | 141 | isVideoDurationValid, |
210 | isVideoFileResolutionValid, | ||
211 | checkVideoExists, | ||
212 | isVideoTagValid, | 142 | isVideoTagValid, |
213 | isRemoteVideoCategoryValid, | ||
214 | isRemoteVideoLicenceValid, | ||
215 | isVideoUrlValid, | 143 | isVideoUrlValid, |
216 | isRemoteVideoLanguageValid | 144 | isVideoPrivacyValid, |
145 | checkVideoExists | ||
217 | } | 146 | } |
diff --git a/server/helpers/database-utils.ts b/server/helpers/database-utils.ts index dacd747c9..fb8ad22b0 100644 --- a/server/helpers/database-utils.ts +++ b/server/helpers/database-utils.ts | |||
@@ -1,4 +1,3 @@ | |||
1 | // TODO: import from ES6 when retry typing file will include errorFilter function | ||
2 | import * as retry from 'async/retry' | 1 | import * as retry from 'async/retry' |
3 | import * as Bluebird from 'bluebird' | 2 | import * as Bluebird from 'bluebird' |
4 | import { logger } from './logger' | 3 | import { logger } from './logger' |
diff --git a/server/helpers/ffmpeg-utils.ts b/server/helpers/ffmpeg-utils.ts index c07dddefe..8ad205961 100644 --- a/server/helpers/ffmpeg-utils.ts +++ b/server/helpers/ffmpeg-utils.ts | |||
@@ -1,7 +1,6 @@ | |||
1 | import * as ffmpeg from 'fluent-ffmpeg' | 1 | import * as ffmpeg from 'fluent-ffmpeg' |
2 | |||
3 | import { CONFIG } from '../initializers' | ||
4 | import { VideoResolution } from '../../shared/models/videos/video-resolution.enum' | 2 | import { VideoResolution } from '../../shared/models/videos/video-resolution.enum' |
3 | import { CONFIG } from '../initializers' | ||
5 | 4 | ||
6 | function getVideoFileHeight (path: string) { | 5 | function getVideoFileHeight (path: string) { |
7 | return new Promise<number>((res, rej) => { | 6 | return new Promise<number>((res, rej) => { |
diff --git a/server/helpers/logger.ts b/server/helpers/logger.ts index d8f2f687c..8d809d16d 100644 --- a/server/helpers/logger.ts +++ b/server/helpers/logger.ts | |||
@@ -2,8 +2,6 @@ | |||
2 | import * as mkdirp from 'mkdirp' | 2 | import * as mkdirp from 'mkdirp' |
3 | import * as path from 'path' | 3 | import * as path from 'path' |
4 | import * as winston from 'winston' | 4 | import * as winston from 'winston' |
5 | |||
6 | // Do not use barrel (dependencies issues) | ||
7 | import { CONFIG } from '../initializers/constants' | 5 | import { CONFIG } from '../initializers/constants' |
8 | 6 | ||
9 | const label = CONFIG.WEBSERVER.HOSTNAME + ':' + CONFIG.WEBSERVER.PORT | 7 | const label = CONFIG.WEBSERVER.HOSTNAME + ':' + CONFIG.WEBSERVER.PORT |
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts index c61abfa8e..74e4cc703 100644 --- a/server/helpers/peertube-crypto.ts +++ b/server/helpers/peertube-crypto.ts | |||
@@ -1,17 +1,8 @@ | |||
1 | import { | 1 | import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers' |
2 | PRIVATE_RSA_KEY_SIZE, | ||
3 | BCRYPT_SALT_SIZE | ||
4 | } from '../initializers' | ||
5 | import { | ||
6 | bcryptComparePromise, | ||
7 | bcryptGenSaltPromise, | ||
8 | bcryptHashPromise, | ||
9 | createPrivateKey, | ||
10 | getPublicKey | ||
11 | } from './core-utils' | ||
12 | import { logger } from './logger' | ||
13 | import { AccountInstance } from '../models/account/account-interface' | 2 | import { AccountInstance } from '../models/account/account-interface' |
3 | import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils' | ||
14 | import { jsig } from './custom-jsonld-signature' | 4 | import { jsig } from './custom-jsonld-signature' |
5 | import { logger } from './logger' | ||
15 | 6 | ||
16 | async function createPrivateAndPublicKeys () { | 7 | async function createPrivateAndPublicKeys () { |
17 | logger.info('Generating a RSA key...') | 8 | logger.info('Generating a RSA key...') |
diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts index 3af14a68a..3464341e6 100644 --- a/server/helpers/utils.ts +++ b/server/helpers/utils.ts | |||
@@ -1,11 +1,10 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import * as Sequelize from 'sequelize' | 2 | import * as Sequelize from 'sequelize' |
3 | |||
4 | import { pseudoRandomBytesPromise } from './core-utils' | ||
5 | import { CONFIG, database as db } from '../initializers' | ||
6 | import { ResultList } from '../../shared' | 3 | import { ResultList } from '../../shared' |
7 | import { VideoResolution } from '../../shared/models/videos/video-resolution.enum' | 4 | import { VideoResolution } from '../../shared/models/videos/video-resolution.enum' |
5 | import { CONFIG, database as db } from '../initializers' | ||
8 | import { AccountInstance } from '../models/account/account-interface' | 6 | import { AccountInstance } from '../models/account/account-interface' |
7 | import { pseudoRandomBytesPromise } from './core-utils' | ||
9 | import { logger } from './logger' | 8 | import { logger } from './logger' |
10 | 9 | ||
11 | function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) { | 10 | function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) { |
diff --git a/server/helpers/webfinger.ts b/server/helpers/webfinger.ts index a5b4785fe..ab2888981 100644 --- a/server/helpers/webfinger.ts +++ b/server/helpers/webfinger.ts | |||
@@ -1,7 +1,6 @@ | |||
1 | import * as WebFinger from 'webfinger.js' | 1 | import * as WebFinger from 'webfinger.js' |
2 | import { WebFingerData } from '../../shared' | 2 | import { WebFingerData } from '../../shared' |
3 | import { fetchRemoteAccount } from '../lib/activitypub/account' | 3 | import { fetchRemoteAccount } from '../lib/activitypub/account' |
4 | |||
5 | import { isTestInstance } from './core-utils' | 4 | import { isTestInstance } from './core-utils' |
6 | import { isActivityPubUrlValid } from './custom-validators' | 5 | import { isActivityPubUrlValid } from './custom-validators' |
7 | 6 | ||
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 158b475e3..df0eb7b96 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -1,30 +1,30 @@ | |||
1 | import { body, param, query } from 'express-validator/check' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
3 | 2 | import { body, param, query } from 'express-validator/check' | |
4 | import { database as db } from '../../initializers/database' | 3 | import { UserRight, VideoPrivacy } from '../../../shared' |
5 | import { checkErrors } from './utils' | 4 | import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' |
6 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | ||
7 | import { | 5 | import { |
8 | logger, | 6 | checkVideoExists, |
9 | isVideoDurationValid, | 7 | isVideoAbuseReasonValid, |
10 | isVideoFile, | ||
11 | isVideoNameValid, | ||
12 | isVideoCategoryValid, | 8 | isVideoCategoryValid, |
13 | isVideoLicenceValid, | ||
14 | isVideoDescriptionValid, | 9 | isVideoDescriptionValid, |
10 | isVideoDurationValid, | ||
11 | isVideoFile, | ||
15 | isVideoLanguageValid, | 12 | isVideoLanguageValid, |
16 | isVideoTagsValid, | 13 | isVideoLicenceValid, |
14 | isVideoNameValid, | ||
17 | isVideoNSFWValid, | 15 | isVideoNSFWValid, |
18 | isIdOrUUIDValid, | 16 | isVideoPrivacyValid, |
19 | isVideoAbuseReasonValid, | ||
20 | isVideoRatingTypeValid, | 17 | isVideoRatingTypeValid, |
21 | getDurationFromVideoFile, | 18 | isVideoTagsValid |
22 | checkVideoExists, | 19 | } from '../../helpers/custom-validators/videos' |
23 | isIdValid, | 20 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' |
24 | isVideoPrivacyValid | 21 | import { logger } from '../../helpers/logger' |
25 | } from '../../helpers' | 22 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' |
26 | import { UserRight, VideoPrivacy } from '../../../shared' | 23 | |
24 | import { database as db } from '../../initializers/database' | ||
25 | import { UserInstance } from '../../models/account/user-interface' | ||
27 | import { authenticate } from '../oauth' | 26 | import { authenticate } from '../oauth' |
27 | import { checkErrors } from './utils' | ||
28 | 28 | ||
29 | const videosAddValidator = [ | 29 | const videosAddValidator = [ |
30 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 30 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
@@ -185,7 +185,7 @@ const videosRemoveValidator = [ | |||
185 | checkErrors(req, res, () => { | 185 | checkErrors(req, res, () => { |
186 | checkVideoExists(req.params.id, res, () => { | 186 | checkVideoExists(req.params.id, res, () => { |
187 | // Check if the user who did the request is able to delete the video | 187 | // Check if the user who did the request is able to delete the video |
188 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => { | 188 | checkUserCanDeleteVideo(res.locals.oauth.token.User, res, () => { |
189 | next() | 189 | next() |
190 | }) | 190 | }) |
191 | }) | 191 | }) |
@@ -246,7 +246,7 @@ export { | |||
246 | 246 | ||
247 | // --------------------------------------------------------------------------- | 247 | // --------------------------------------------------------------------------- |
248 | 248 | ||
249 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { | 249 | function checkUserCanDeleteVideo (user: UserInstance, res: express.Response, callback: () => void) { |
250 | // Retrieve the user who did the request | 250 | // Retrieve the user who did the request |
251 | if (res.locals.video.isOwned() === false) { | 251 | if (res.locals.video.isOwned() === false) { |
252 | return res.status(403) | 252 | return res.status(403) |
@@ -258,7 +258,6 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
258 | // The user can delete it if s/he is an admin | 258 | // The user can delete it if s/he is an admin |
259 | // Or if s/he is the video's account | 259 | // Or if s/he is the video's account |
260 | const account = res.locals.video.VideoChannel.Account | 260 | const account = res.locals.video.VideoChannel.Account |
261 | const user = res.locals.oauth.token.User | ||
262 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) { | 261 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) { |
263 | return res.status(403) | 262 | return res.status(403) |
264 | .json({ error: 'Cannot remove video of another user' }) | 263 | .json({ error: 'Cannot remove video of another user' }) |
diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts index 3e61a6cc3..7852c1c2b 100644 --- a/server/middlewares/validators/webfinger.ts +++ b/server/middlewares/validators/webfinger.ts | |||
@@ -1,9 +1,9 @@ | |||
1 | import { query } from 'express-validator/check' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
3 | 2 | import { query } from 'express-validator/check' | |
4 | import { checkErrors } from './utils' | 3 | import { isWebfingerResourceValid } from '../../helpers/custom-validators/webfinger' |
5 | import { logger, isWebfingerResourceValid } from '../../helpers' | ||
6 | import { database as db } from '../../initializers' | 4 | import { database as db } from '../../initializers' |
5 | import { checkErrors } from './utils' | ||
6 | import { logger } from '../../helpers/logger' | ||
7 | 7 | ||
8 | const webfingerValidator = [ | 8 | const webfingerValidator = [ |
9 | query('resource').custom(isWebfingerResourceValid).withMessage('Should have a valid webfinger resource'), | 9 | query('resource').custom(isWebfingerResourceValid).withMessage('Should have a valid webfinger resource'), |