aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--server/controllers/api/server/index.ts2
-rw-r--r--server/controllers/api/server/server-blocklist.ts132
-rw-r--r--server/controllers/api/users/my-blocklist.ts8
-rw-r--r--server/middlewares/validators/blocklist.ts45
-rw-r--r--server/models/utils.ts2
-rw-r--r--server/tests/api/check-params/blocklist.ts256
-rw-r--r--server/tests/api/users/account-blocklist.ts294
-rw-r--r--server/tests/api/users/blocklist.ts500
-rw-r--r--server/tests/api/users/index.ts1
-rw-r--r--server/tests/utils/users/blocklist.ts97
-rw-r--r--shared/models/users/user-right.enum.ts3
-rw-r--r--shared/models/users/user-role.ts4
12 files changed, 1035 insertions, 309 deletions
diff --git a/server/controllers/api/server/index.ts b/server/controllers/api/server/index.ts
index 43bca2c10..c08192a8c 100644
--- a/server/controllers/api/server/index.ts
+++ b/server/controllers/api/server/index.ts
@@ -2,12 +2,14 @@ import * as express from 'express'
2import { serverFollowsRouter } from './follows' 2import { serverFollowsRouter } from './follows'
3import { statsRouter } from './stats' 3import { statsRouter } from './stats'
4import { serverRedundancyRouter } from './redundancy' 4import { serverRedundancyRouter } from './redundancy'
5import { serverBlocklistRouter } from './server-blocklist'
5 6
6const serverRouter = express.Router() 7const serverRouter = express.Router()
7 8
8serverRouter.use('/', serverFollowsRouter) 9serverRouter.use('/', serverFollowsRouter)
9serverRouter.use('/', serverRedundancyRouter) 10serverRouter.use('/', serverRedundancyRouter)
10serverRouter.use('/', statsRouter) 11serverRouter.use('/', statsRouter)
12serverRouter.use('/', serverBlocklistRouter)
11 13
12// --------------------------------------------------------------------------- 14// ---------------------------------------------------------------------------
13 15
diff --git a/server/controllers/api/server/server-blocklist.ts b/server/controllers/api/server/server-blocklist.ts
new file mode 100644
index 000000000..3cb3a96e2
--- /dev/null
+++ b/server/controllers/api/server/server-blocklist.ts
@@ -0,0 +1,132 @@
1import * as express from 'express'
2import 'multer'
3import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
4import {
5 asyncMiddleware,
6 asyncRetryTransactionMiddleware,
7 authenticate,
8 ensureUserHasRight,
9 paginationValidator,
10 setDefaultPagination,
11 setDefaultSort
12} from '../../../middlewares'
13import {
14 accountsBlocklistSortValidator,
15 blockAccountValidator,
16 blockServerValidator,
17 serversBlocklistSortValidator,
18 unblockAccountByServerValidator,
19 unblockServerByServerValidator
20} from '../../../middlewares/validators'
21import { AccountModel } from '../../../models/account/account'
22import { AccountBlocklistModel } from '../../../models/account/account-blocklist'
23import { addAccountInBlocklist, addServerInBlocklist, removeAccountFromBlocklist, removeServerFromBlocklist } from '../../../lib/blocklist'
24import { ServerBlocklistModel } from '../../../models/server/server-blocklist'
25import { ServerModel } from '../../../models/server/server'
26import { UserRight } from '../../../../shared/models/users'
27
28const serverBlocklistRouter = express.Router()
29
30serverBlocklistRouter.get('/blocklist/accounts',
31 authenticate,
32 ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
33 paginationValidator,
34 accountsBlocklistSortValidator,
35 setDefaultSort,
36 setDefaultPagination,
37 asyncMiddleware(listBlockedAccounts)
38)
39
40serverBlocklistRouter.post('/blocklist/accounts',
41 authenticate,
42 ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
43 asyncMiddleware(blockAccountValidator),
44 asyncRetryTransactionMiddleware(blockAccount)
45)
46
47serverBlocklistRouter.delete('/blocklist/accounts/:accountName',
48 authenticate,
49 ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
50 asyncMiddleware(unblockAccountByServerValidator),
51 asyncRetryTransactionMiddleware(unblockAccount)
52)
53
54serverBlocklistRouter.get('/blocklist/servers',
55 authenticate,
56 ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
57 paginationValidator,
58 serversBlocklistSortValidator,
59 setDefaultSort,
60 setDefaultPagination,
61 asyncMiddleware(listBlockedServers)
62)
63
64serverBlocklistRouter.post('/blocklist/servers',
65 authenticate,
66 ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
67 asyncMiddleware(blockServerValidator),
68 asyncRetryTransactionMiddleware(blockServer)
69)
70
71serverBlocklistRouter.delete('/blocklist/servers/:host',
72 authenticate,
73 ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
74 asyncMiddleware(unblockServerByServerValidator),
75 asyncRetryTransactionMiddleware(unblockServer)
76)
77
78export {
79 serverBlocklistRouter
80}
81
82// ---------------------------------------------------------------------------
83
84async function listBlockedAccounts (req: express.Request, res: express.Response) {
85 const serverActor = await getServerActor()
86
87 const resultList = await AccountBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
88
89 return res.json(getFormattedObjects(resultList.data, resultList.total))
90}
91
92async function blockAccount (req: express.Request, res: express.Response) {
93 const serverActor = await getServerActor()
94 const accountToBlock: AccountModel = res.locals.account
95
96 await addAccountInBlocklist(serverActor.Account.id, accountToBlock.id)
97
98 return res.status(204).end()
99}
100
101async function unblockAccount (req: express.Request, res: express.Response) {
102 const accountBlock: AccountBlocklistModel = res.locals.accountBlock
103
104 await removeAccountFromBlocklist(accountBlock)
105
106 return res.status(204).end()
107}
108
109async function listBlockedServers (req: express.Request, res: express.Response) {
110 const serverActor = await getServerActor()
111
112 const resultList = await ServerBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
113
114 return res.json(getFormattedObjects(resultList.data, resultList.total))
115}
116
117async function blockServer (req: express.Request, res: express.Response) {
118 const serverActor = await getServerActor()
119 const serverToBlock: ServerModel = res.locals.server
120
121 await addServerInBlocklist(serverActor.Account.id, serverToBlock.id)
122
123 return res.status(204).end()
124}
125
126async function unblockServer (req: express.Request, res: express.Response) {
127 const serverBlock: ServerBlocklistModel = res.locals.serverBlock
128
129 await removeServerFromBlocklist(serverBlock)
130
131 return res.status(204).end()
132}
diff --git a/server/controllers/api/users/my-blocklist.ts b/server/controllers/api/users/my-blocklist.ts
index 95a4105ec..9575eab46 100644
--- a/server/controllers/api/users/my-blocklist.ts
+++ b/server/controllers/api/users/my-blocklist.ts
@@ -12,8 +12,8 @@ import {
12} from '../../../middlewares' 12} from '../../../middlewares'
13import { 13import {
14 accountsBlocklistSortValidator, 14 accountsBlocklistSortValidator,
15 blockAccountByAccountValidator, 15 blockAccountValidator,
16 blockServerByAccountValidator, 16 blockServerValidator,
17 serversBlocklistSortValidator, 17 serversBlocklistSortValidator,
18 unblockServerByAccountValidator 18 unblockServerByAccountValidator
19} from '../../../middlewares/validators' 19} from '../../../middlewares/validators'
@@ -37,7 +37,7 @@ myBlocklistRouter.get('/me/blocklist/accounts',
37 37
38myBlocklistRouter.post('/me/blocklist/accounts', 38myBlocklistRouter.post('/me/blocklist/accounts',
39 authenticate, 39 authenticate,
40 asyncMiddleware(blockAccountByAccountValidator), 40 asyncMiddleware(blockAccountValidator),
41 asyncRetryTransactionMiddleware(blockAccount) 41 asyncRetryTransactionMiddleware(blockAccount)
42) 42)
43 43
@@ -58,7 +58,7 @@ myBlocklistRouter.get('/me/blocklist/servers',
58 58
59myBlocklistRouter.post('/me/blocklist/servers', 59myBlocklistRouter.post('/me/blocklist/servers',
60 authenticate, 60 authenticate,
61 asyncMiddleware(blockServerByAccountValidator), 61 asyncMiddleware(blockServerValidator),
62 asyncRetryTransactionMiddleware(blockServer) 62 asyncRetryTransactionMiddleware(blockServer)
63) 63)
64 64
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts
index 25c054d6b..109276c63 100644
--- a/server/middlewares/validators/blocklist.ts
+++ b/server/middlewares/validators/blocklist.ts
@@ -9,8 +9,9 @@ import { isHostValid } from '../../helpers/custom-validators/servers'
9import { ServerBlocklistModel } from '../../models/server/server-blocklist' 9import { ServerBlocklistModel } from '../../models/server/server-blocklist'
10import { ServerModel } from '../../models/server/server' 10import { ServerModel } from '../../models/server/server'
11import { CONFIG } from '../../initializers' 11import { CONFIG } from '../../initializers'
12import { getServerActor } from '../../helpers/utils'
12 13
13const blockAccountByAccountValidator = [ 14const blockAccountValidator = [
14 body('accountName').exists().withMessage('Should have an account name with host'), 15 body('accountName').exists().withMessage('Should have an account name with host'),
15 16
16 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 17 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -51,7 +52,24 @@ const unblockAccountByAccountValidator = [
51 } 52 }
52] 53]
53 54
54const blockServerByAccountValidator = [ 55const unblockAccountByServerValidator = [
56 param('accountName').exists().withMessage('Should have an account name with host'),
57
58 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
59 logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
60
61 if (areValidationErrors(req, res)) return
62 if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
63
64 const serverActor = await getServerActor()
65 const targetAccount = res.locals.account
66 if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return
67
68 return next()
69 }
70]
71
72const blockServerValidator = [
55 body('host').custom(isHostValid).withMessage('Should have a valid host'), 73 body('host').custom(isHostValid).withMessage('Should have a valid host'),
56 74
57 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 75 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -95,13 +113,30 @@ const unblockServerByAccountValidator = [
95 } 113 }
96] 114]
97 115
116const unblockServerByServerValidator = [
117 param('host').custom(isHostValid).withMessage('Should have an account name with host'),
118
119 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
120 logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
121
122 if (areValidationErrors(req, res)) return
123
124 const serverActor = await getServerActor()
125 if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return
126
127 return next()
128 }
129]
130
98// --------------------------------------------------------------------------- 131// ---------------------------------------------------------------------------
99 132
100export { 133export {
101 blockServerByAccountValidator, 134 blockServerValidator,
102 blockAccountByAccountValidator, 135 blockAccountValidator,
103 unblockAccountByAccountValidator, 136 unblockAccountByAccountValidator,
104 unblockServerByAccountValidator 137 unblockServerByAccountValidator,
138 unblockAccountByServerValidator,
139 unblockServerByServerValidator
105} 140}
106 141
107// --------------------------------------------------------------------------- 142// ---------------------------------------------------------------------------
diff --git a/server/models/utils.ts b/server/models/utils.ts
index 50c865e75..60b0906e8 100644
--- a/server/models/utils.ts
+++ b/server/models/utils.ts
@@ -72,8 +72,6 @@ function buildBlockedAccountSQL (serverAccountId: number, userAccountId?: number
72 72
73 const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' + 73 const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' +
74 ' UNION ALL ' + 74 ' UNION ALL ' +
75 // 'SELECT "accountId" FROM "accountBlocklist" WHERE "targetAccountId" = user.account.id
76 // UNION ALL
77 'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' + 75 'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' +
78 'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' + 76 'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' +
79 'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')' 77 'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')'
diff --git a/server/tests/api/check-params/blocklist.ts b/server/tests/api/check-params/blocklist.ts
index d24d9323f..c745ac975 100644
--- a/server/tests/api/check-params/blocklist.ts
+++ b/server/tests/api/check-params/blocklist.ts
@@ -12,13 +12,14 @@ import {
12 makeGetRequest, 12 makeGetRequest,
13 makePostBodyRequest, 13 makePostBodyRequest,
14 ServerInfo, 14 ServerInfo,
15 setAccessTokensToServers 15 setAccessTokensToServers, userLogin
16} from '../../utils' 16} from '../../utils'
17import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' 17import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
18 18
19describe('Test blocklist API validators', function () { 19describe('Test blocklist API validators', function () {
20 let servers: ServerInfo[] 20 let servers: ServerInfo[]
21 let server: ServerInfo 21 let server: ServerInfo
22 let userAccessToken: string
22 23
23 before(async function () { 24 before(async function () {
24 this.timeout(60000) 25 this.timeout(60000)
@@ -33,15 +34,17 @@ describe('Test blocklist API validators', function () {
33 const user = { username: 'user1', password: 'password' } 34 const user = { username: 'user1', password: 'password' }
34 await createUser(server.url, server.accessToken, user.username, user.password) 35 await createUser(server.url, server.accessToken, user.username, user.password)
35 36
37 userAccessToken = await userLogin(server, user)
38
36 await doubleFollow(servers[0], servers[1]) 39 await doubleFollow(servers[0], servers[1])
37 }) 40 })
38 41
39 // --------------------------------------------------------------- 42 // ---------------------------------------------------------------
40 43
41 describe('When managing user blocklist', function () { 44 describe('When managing user blocklist', function () {
42 const path = '/api/v1/users/me/blocklist/accounts'
43 45
44 describe('When managing user accounts blocklist', function () { 46 describe('When managing user accounts blocklist', function () {
47 const path = '/api/v1/users/me/blocklist/accounts'
45 48
46 describe('When listing blocked accounts', function () { 49 describe('When listing blocked accounts', function () {
47 it('Should fail with an unauthenticated user', async function () { 50 it('Should fail with an unauthenticated user', async function () {
@@ -231,6 +234,255 @@ describe('Test blocklist API validators', function () {
231 }) 234 })
232 }) 235 })
233 236
237 describe('When managing server blocklist', function () {
238
239 describe('When managing server accounts blocklist', function () {
240 const path = '/api/v1/server/blocklist/accounts'
241
242 describe('When listing blocked accounts', function () {
243 it('Should fail with an unauthenticated user', async function () {
244 await makeGetRequest({
245 url: server.url,
246 path,
247 statusCodeExpected: 401
248 })
249 })
250
251 it('Should fail with a user without the appropriate rights', async function () {
252 await makeGetRequest({
253 url: server.url,
254 token: userAccessToken,
255 path,
256 statusCodeExpected: 403
257 })
258 })
259
260 it('Should fail with a bad start pagination', async function () {
261 await checkBadStartPagination(server.url, path, server.accessToken)
262 })
263
264 it('Should fail with a bad count pagination', async function () {
265 await checkBadCountPagination(server.url, path, server.accessToken)
266 })
267
268 it('Should fail with an incorrect sort', async function () {
269 await checkBadSortPagination(server.url, path, server.accessToken)
270 })
271 })
272
273 describe('When blocking an account', function () {
274 it('Should fail with an unauthenticated user', async function () {
275 await makePostBodyRequest({
276 url: server.url,
277 path,
278 fields: { accountName: 'user1' },
279 statusCodeExpected: 401
280 })
281 })
282
283 it('Should fail with a user without the appropriate rights', async function () {
284 await makePostBodyRequest({
285 url: server.url,
286 token: userAccessToken,
287 path,
288 fields: { accountName: 'user1' },
289 statusCodeExpected: 403
290 })
291 })
292
293 it('Should fail with an unknown account', async function () {
294 await makePostBodyRequest({
295 url: server.url,
296 token: server.accessToken,
297 path,
298 fields: { accountName: 'user2' },
299 statusCodeExpected: 404
300 })
301 })
302
303 it('Should fail to block ourselves', async function () {
304 await makePostBodyRequest({
305 url: server.url,
306 token: server.accessToken,
307 path,
308 fields: { accountName: 'root' },
309 statusCodeExpected: 409
310 })
311 })
312
313 it('Should succeed with the correct params', async function () {
314 await makePostBodyRequest({
315 url: server.url,
316 token: server.accessToken,
317 path,
318 fields: { accountName: 'user1' },
319 statusCodeExpected: 204
320 })
321 })
322 })
323
324 describe('When unblocking an account', function () {
325 it('Should fail with an unauthenticated user', async function () {
326 await makeDeleteRequest({
327 url: server.url,
328 path: path + '/user1',
329 statusCodeExpected: 401
330 })
331 })
332
333 it('Should fail with a user without the appropriate rights', async function () {
334 await makeDeleteRequest({
335 url: server.url,
336 path: path + '/user1',
337 token: userAccessToken,
338 statusCodeExpected: 403
339 })
340 })
341
342 it('Should fail with an unknown account block', async function () {
343 await makeDeleteRequest({
344 url: server.url,
345 path: path + '/user2',
346 token: server.accessToken,
347 statusCodeExpected: 404
348 })
349 })
350
351 it('Should succeed with the correct params', async function () {
352 await makeDeleteRequest({
353 url: server.url,
354 path: path + '/user1',
355 token: server.accessToken,
356 statusCodeExpected: 204
357 })
358 })
359 })
360 })
361
362 describe('When managing server servers blocklist', function () {
363 const path = '/api/v1/server/blocklist/servers'
364
365 describe('When listing blocked servers', function () {
366 it('Should fail with an unauthenticated user', async function () {
367 await makeGetRequest({
368 url: server.url,
369 path,
370 statusCodeExpected: 401
371 })
372 })
373
374 it('Should fail with a user without the appropriate rights', async function () {
375 await makeGetRequest({
376 url: server.url,
377 token: userAccessToken,
378 path,
379 statusCodeExpected: 403
380 })
381 })
382
383 it('Should fail with a bad start pagination', async function () {
384 await checkBadStartPagination(server.url, path, server.accessToken)
385 })
386
387 it('Should fail with a bad count pagination', async function () {
388 await checkBadCountPagination(server.url, path, server.accessToken)
389 })
390
391 it('Should fail with an incorrect sort', async function () {
392 await checkBadSortPagination(server.url, path, server.accessToken)
393 })
394 })
395
396 describe('When blocking a server', function () {
397 it('Should fail with an unauthenticated user', async function () {
398 await makePostBodyRequest({
399 url: server.url,
400 path,
401 fields: { host: 'localhost:9002' },
402 statusCodeExpected: 401
403 })
404 })
405
406 it('Should fail with a user without the appropriate rights', async function () {
407 await makePostBodyRequest({
408 url: server.url,
409 token: userAccessToken,
410 path,
411 fields: { host: 'localhost:9002' },
412 statusCodeExpected: 403
413 })
414 })
415
416 it('Should fail with an unknown server', async function () {
417 await makePostBodyRequest({
418 url: server.url,
419 token: server.accessToken,
420 path,
421 fields: { host: 'localhost:9003' },
422 statusCodeExpected: 404
423 })
424 })
425
426 it('Should fail with our own server', async function () {
427 await makePostBodyRequest({
428 url: server.url,
429 token: server.accessToken,
430 path,
431 fields: { host: 'localhost:9001' },
432 statusCodeExpected: 409
433 })
434 })
435
436 it('Should succeed with the correct params', async function () {
437 await makePostBodyRequest({
438 url: server.url,
439 token: server.accessToken,
440 path,
441 fields: { host: 'localhost:9002' },
442 statusCodeExpected: 204
443 })
444 })
445 })
446
447 describe('When unblocking a server', function () {
448 it('Should fail with an unauthenticated user', async function () {
449 await makeDeleteRequest({
450 url: server.url,
451 path: path + '/localhost:9002',
452 statusCodeExpected: 401
453 })
454 })
455
456 it('Should fail with a user without the appropriate rights', async function () {
457 await makeDeleteRequest({
458 url: server.url,
459 path: path + '/localhost:9002',
460 token: userAccessToken,
461 statusCodeExpected: 403
462 })
463 })
464
465 it('Should fail with an unknown server block', async function () {
466 await makeDeleteRequest({
467 url: server.url,
468 path: path + '/localhost:9003',
469 token: server.accessToken,
470 statusCodeExpected: 404
471 })
472 })
473
474 it('Should succeed with the correct params', async function () {
475 await makeDeleteRequest({
476 url: server.url,
477 path: path + '/localhost:9002',
478 token: server.accessToken,
479 statusCodeExpected: 204
480 })
481 })
482 })
483 })
484 })
485
234 after(async function () { 486 after(async function () {
235 killallServers(servers) 487 killallServers(servers)
236 488
diff --git a/server/tests/api/users/account-blocklist.ts b/server/tests/api/users/account-blocklist.ts
deleted file mode 100644
index 026971331..000000000
--- a/server/tests/api/users/account-blocklist.ts
+++ /dev/null
@@ -1,294 +0,0 @@
1/* tslint:disable:no-unused-expression */
2
3import * as chai from 'chai'
4import 'mocha'
5import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
6import {
7 createUser,
8 doubleFollow,
9 flushAndRunMultipleServers,
10 flushTests,
11 killallServers,
12 ServerInfo,
13 uploadVideo,
14 userLogin
15} from '../../utils/index'
16import { setAccessTokensToServers } from '../../utils/users/login'
17import { getVideosListWithToken } from '../../utils/videos/videos'
18import {
19 addVideoCommentReply,
20 addVideoCommentThread,
21 getVideoCommentThreads,
22 getVideoThreadComments
23} from '../../utils/videos/video-comments'
24import { waitJobs } from '../../utils/server/jobs'
25import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
26import {
27 addAccountToAccountBlocklist,
28 addServerToAccountBlocklist,
29 getAccountBlocklistByAccount, getServerBlocklistByAccount,
30 removeAccountFromAccountBlocklist,
31 removeServerFromAccountBlocklist
32} from '../../utils/users/blocklist'
33
34const expect = chai.expect
35
36async function checkAllVideos (url: string, token: string) {
37 const res = await getVideosListWithToken(url, token)
38
39 expect(res.body.data).to.have.lengthOf(4)
40}
41
42async function checkAllComments (url: string, token: string, videoUUID: string) {
43 const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
44
45 const threads: VideoComment[] = resThreads.body.data
46 expect(threads).to.have.lengthOf(2)
47
48 for (const thread of threads) {
49 const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
50
51 const tree: VideoCommentThreadTree = res.body
52 expect(tree.children).to.have.lengthOf(1)
53 }
54}
55
56describe('Test accounts blocklist', function () {
57 let servers: ServerInfo[]
58 let videoUUID1: string
59 let videoUUID2: string
60 let userToken1: string
61 let userToken2: string
62
63 before(async function () {
64 this.timeout(60000)
65
66 await flushTests()
67
68 servers = await flushAndRunMultipleServers(2)
69 await setAccessTokensToServers(servers)
70
71 {
72 const user = { username: 'user1', password: 'password' }
73 await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
74
75 userToken1 = await userLogin(servers[0], user)
76 await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
77 }
78
79 {
80 const user = { username: 'user2', password: 'password' }
81 await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
82
83 userToken2 = await userLogin(servers[1], user)
84 await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
85 }
86
87 {
88 const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
89 videoUUID1 = res.body.video.uuid
90 }
91
92 {
93 const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
94 videoUUID2 = res.body.video.uuid
95 }
96
97 await doubleFollow(servers[0], servers[1])
98
99 {
100 const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
101 const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
102 await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
103 }
104
105 {
106 const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
107 await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
108 }
109
110 await waitJobs(servers)
111 })
112
113 describe('When managing account blocklist', function () {
114 it('Should list all videos', function () {
115 return checkAllVideos(servers[0].url, servers[0].accessToken)
116 })
117
118 it('Should list the comments', function () {
119 return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
120 })
121
122 it('Should block a remote account', async function () {
123 await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
124 })
125
126 it('Should hide its videos', async function () {
127 const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
128
129 const videos: Video[] = res.body.data
130 expect(videos).to.have.lengthOf(3)
131
132 const v = videos.find(v => v.name === 'video user 2')
133 expect(v).to.be.undefined
134 })
135
136 it('Should block a local account', async function () {
137 await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
138 })
139
140 it('Should hide its videos', async function () {
141 const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
142
143 const videos: Video[] = res.body.data
144 expect(videos).to.have.lengthOf(2)
145
146 const v = videos.find(v => v.name === 'video user 1')
147 expect(v).to.be.undefined
148 })
149
150 it('Should hide its comments', async function () {
151 const resThreads = await getVideoCommentThreads(servers[0].url, videoUUID1, 0, 5, '-createdAt', servers[0].accessToken)
152
153 const threads: VideoComment[] = resThreads.body.data
154 expect(threads).to.have.lengthOf(1)
155 expect(threads[0].totalReplies).to.equal(0)
156
157 const t = threads.find(t => t.text === 'comment user 1')
158 expect(t).to.be.undefined
159
160 for (const thread of threads) {
161 const res = await getVideoThreadComments(servers[0].url, videoUUID1, thread.id, servers[0].accessToken)
162
163 const tree: VideoCommentThreadTree = res.body
164 expect(tree.children).to.have.lengthOf(0)
165 }
166 })
167
168 it('Should list all the videos with another user', async function () {
169 return checkAllVideos(servers[0].url, userToken1)
170 })
171
172 it('Should list all the comments with another user', async function () {
173 return checkAllComments(servers[0].url, userToken1, videoUUID1)
174 })
175
176 it('Should list blocked accounts', async function () {
177 {
178 const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
179 const blocks: AccountBlock[] = res.body.data
180
181 expect(res.body.total).to.equal(2)
182
183 const block = blocks[0]
184 expect(block.byAccount.displayName).to.equal('root')
185 expect(block.byAccount.name).to.equal('root')
186 expect(block.blockedAccount.displayName).to.equal('user2')
187 expect(block.blockedAccount.name).to.equal('user2')
188 expect(block.blockedAccount.host).to.equal('localhost:9002')
189 }
190
191 {
192 const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
193 const blocks: AccountBlock[] = res.body.data
194
195 expect(res.body.total).to.equal(2)
196
197 const block = blocks[0]
198 expect(block.byAccount.displayName).to.equal('root')
199 expect(block.byAccount.name).to.equal('root')
200 expect(block.blockedAccount.displayName).to.equal('user1')
201 expect(block.blockedAccount.name).to.equal('user1')
202 expect(block.blockedAccount.host).to.equal('localhost:9001')
203 }
204 })
205
206 it('Should unblock the remote account', async function () {
207 await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
208 })
209
210 it('Should display its videos', async function () {
211 const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
212
213 const videos: Video[] = res.body.data
214 expect(videos).to.have.lengthOf(3)
215
216 const v = videos.find(v => v.name === 'video user 2')
217 expect(v).not.to.be.undefined
218 })
219
220 it('Should unblock the local account', async function () {
221 await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
222 })
223
224 it('Should display its comments', function () {
225 return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
226 })
227 })
228
229 describe('When managing server blocklist', function () {
230 it('Should list all videos', function () {
231 return checkAllVideos(servers[0].url, servers[0].accessToken)
232 })
233
234 it('Should list the comments', function () {
235 return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
236 })
237
238 it('Should block a remote server', async function () {
239 await addServerToAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
240 })
241
242 it('Should hide its videos', async function () {
243 const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
244
245 const videos: Video[] = res.body.data
246 expect(videos).to.have.lengthOf(2)
247
248 const v1 = videos.find(v => v.name === 'video user 2')
249 const v2 = videos.find(v => v.name === 'video server 2')
250
251 expect(v1).to.be.undefined
252 expect(v2).to.be.undefined
253 })
254
255 it('Should list all the videos with another user', async function () {
256 return checkAllVideos(servers[0].url, userToken1)
257 })
258
259 it('Should hide its comments')
260
261 it('Should list blocked servers', async function () {
262 const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
263 const blocks: ServerBlock[] = res.body.data
264
265 expect(res.body.total).to.equal(1)
266
267 const block = blocks[0]
268 expect(block.byAccount.displayName).to.equal('root')
269 expect(block.byAccount.name).to.equal('root')
270 expect(block.blockedServer.host).to.equal('localhost:9002')
271 })
272
273 it('Should unblock the remote server', async function () {
274 await removeServerFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
275 })
276
277 it('Should display its videos', function () {
278 return checkAllVideos(servers[0].url, servers[0].accessToken)
279 })
280
281 it('Should display its comments', function () {
282 return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
283 })
284 })
285
286 after(async function () {
287 killallServers(servers)
288
289 // Keep the logs if the test failed
290 if (this[ 'ok' ]) {
291 await flushTests()
292 }
293 })
294})
diff --git a/server/tests/api/users/blocklist.ts b/server/tests/api/users/blocklist.ts
new file mode 100644
index 000000000..99fe04b8c
--- /dev/null
+++ b/server/tests/api/users/blocklist.ts
@@ -0,0 +1,500 @@
1/* tslint:disable:no-unused-expression */
2
3import * as chai from 'chai'
4import 'mocha'
5import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
6import {
7 createUser,
8 doubleFollow,
9 flushAndRunMultipleServers,
10 flushTests,
11 killallServers,
12 ServerInfo,
13 uploadVideo,
14 userLogin
15} from '../../utils/index'
16import { setAccessTokensToServers } from '../../utils/users/login'
17import { getVideosListWithToken } from '../../utils/videos/videos'
18import {
19 addVideoCommentReply,
20 addVideoCommentThread,
21 getVideoCommentThreads,
22 getVideoThreadComments
23} from '../../utils/videos/video-comments'
24import { waitJobs } from '../../utils/server/jobs'
25import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
26import {
27 addAccountToAccountBlocklist,
28 addAccountToServerBlocklist,
29 addServerToAccountBlocklist,
30 addServerToServerBlocklist,
31 getAccountBlocklistByAccount,
32 getAccountBlocklistByServer,
33 getServerBlocklistByAccount,
34 getServerBlocklistByServer,
35 removeAccountFromAccountBlocklist,
36 removeAccountFromServerBlocklist,
37 removeServerFromAccountBlocklist,
38 removeServerFromServerBlocklist
39} from '../../utils/users/blocklist'
40
41const expect = chai.expect
42
43async function checkAllVideos (url: string, token: string) {
44 const res = await getVideosListWithToken(url, token)
45
46 expect(res.body.data).to.have.lengthOf(4)
47}
48
49async function checkAllComments (url: string, token: string, videoUUID: string) {
50 const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
51
52 const threads: VideoComment[] = resThreads.body.data
53 expect(threads).to.have.lengthOf(2)
54
55 for (const thread of threads) {
56 const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
57
58 const tree: VideoCommentThreadTree = res.body
59 expect(tree.children).to.have.lengthOf(1)
60 }
61}
62
63describe('Test blocklist', function () {
64 let servers: ServerInfo[]
65 let videoUUID1: string
66 let videoUUID2: string
67 let userToken1: string
68 let userModeratorToken: string
69 let userToken2: string
70
71 before(async function () {
72 this.timeout(60000)
73
74 await flushTests()
75
76 servers = await flushAndRunMultipleServers(2)
77 await setAccessTokensToServers(servers)
78
79 {
80 const user = { username: 'user1', password: 'password' }
81 await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
82
83 userToken1 = await userLogin(servers[0], user)
84 await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
85 }
86
87 {
88 const user = { username: 'moderator', password: 'password' }
89 await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
90
91 userModeratorToken = await userLogin(servers[0], user)
92 }
93
94 {
95 const user = { username: 'user2', password: 'password' }
96 await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
97
98 userToken2 = await userLogin(servers[1], user)
99 await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
100 }
101
102 {
103 const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
104 videoUUID1 = res.body.video.uuid
105 }
106
107 {
108 const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
109 videoUUID2 = res.body.video.uuid
110 }
111
112 await doubleFollow(servers[0], servers[1])
113
114 {
115 const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
116 const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
117 await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
118 }
119
120 {
121 const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
122 await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
123 }
124
125 await waitJobs(servers)
126 })
127
128 describe('User blocklist', function () {
129
130 describe('When managing account blocklist', function () {
131 it('Should list all videos', function () {
132 return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
133 })
134
135 it('Should list the comments', function () {
136 return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
137 })
138
139 it('Should block a remote account', async function () {
140 await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
141 })
142
143 it('Should hide its videos', async function () {
144 const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
145
146 const videos: Video[] = res.body.data
147 expect(videos).to.have.lengthOf(3)
148
149 const v = videos.find(v => v.name === 'video user 2')
150 expect(v).to.be.undefined
151 })
152
153 it('Should block a local account', async function () {
154 await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
155 })
156
157 it('Should hide its videos', async function () {
158 const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
159
160 const videos: Video[] = res.body.data
161 expect(videos).to.have.lengthOf(2)
162
163 const v = videos.find(v => v.name === 'video user 1')
164 expect(v).to.be.undefined
165 })
166
167 it('Should hide its comments', async function () {
168 const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', servers[ 0 ].accessToken)
169
170 const threads: VideoComment[] = resThreads.body.data
171 expect(threads).to.have.lengthOf(1)
172 expect(threads[ 0 ].totalReplies).to.equal(0)
173
174 const t = threads.find(t => t.text === 'comment user 1')
175 expect(t).to.be.undefined
176
177 for (const thread of threads) {
178 const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, servers[ 0 ].accessToken)
179
180 const tree: VideoCommentThreadTree = res.body
181 expect(tree.children).to.have.lengthOf(0)
182 }
183 })
184
185 it('Should list all the videos with another user', async function () {
186 return checkAllVideos(servers[ 0 ].url, userToken1)
187 })
188
189 it('Should list all the comments with another user', async function () {
190 return checkAllComments(servers[ 0 ].url, userToken1, videoUUID1)
191 })
192
193 it('Should list blocked accounts', async function () {
194 {
195 const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
196 const blocks: AccountBlock[] = res.body.data
197
198 expect(res.body.total).to.equal(2)
199
200 const block = blocks[ 0 ]
201 expect(block.byAccount.displayName).to.equal('root')
202 expect(block.byAccount.name).to.equal('root')
203 expect(block.blockedAccount.displayName).to.equal('user2')
204 expect(block.blockedAccount.name).to.equal('user2')
205 expect(block.blockedAccount.host).to.equal('localhost:9002')
206 }
207
208 {
209 const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
210 const blocks: AccountBlock[] = res.body.data
211
212 expect(res.body.total).to.equal(2)
213
214 const block = blocks[ 0 ]
215 expect(block.byAccount.displayName).to.equal('root')
216 expect(block.byAccount.name).to.equal('root')
217 expect(block.blockedAccount.displayName).to.equal('user1')
218 expect(block.blockedAccount.name).to.equal('user1')
219 expect(block.blockedAccount.host).to.equal('localhost:9001')
220 }
221 })
222
223 it('Should unblock the remote account', async function () {
224 await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
225 })
226
227 it('Should display its videos', async function () {
228 const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
229
230 const videos: Video[] = res.body.data
231 expect(videos).to.have.lengthOf(3)
232
233 const v = videos.find(v => v.name === 'video user 2')
234 expect(v).not.to.be.undefined
235 })
236
237 it('Should unblock the local account', async function () {
238 await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
239 })
240
241 it('Should display its comments', function () {
242 return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
243 })
244 })
245
246 describe('When managing server blocklist', function () {
247 it('Should list all videos', function () {
248 return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
249 })
250
251 it('Should list the comments', function () {
252 return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
253 })
254
255 it('Should block a remote server', async function () {
256 await addServerToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
257 })
258
259 it('Should hide its videos', async function () {
260 const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
261
262 const videos: Video[] = res.body.data
263 expect(videos).to.have.lengthOf(2)
264
265 const v1 = videos.find(v => v.name === 'video user 2')
266 const v2 = videos.find(v => v.name === 'video server 2')
267
268 expect(v1).to.be.undefined
269 expect(v2).to.be.undefined
270 })
271
272 it('Should list all the videos with another user', async function () {
273 return checkAllVideos(servers[ 0 ].url, userToken1)
274 })
275
276 it('Should hide its comments')
277
278 it('Should list blocked servers', async function () {
279 const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
280 const blocks: ServerBlock[] = res.body.data
281
282 expect(res.body.total).to.equal(1)
283
284 const block = blocks[ 0 ]
285 expect(block.byAccount.displayName).to.equal('root')
286 expect(block.byAccount.name).to.equal('root')
287 expect(block.blockedServer.host).to.equal('localhost:9002')
288 })
289
290 it('Should unblock the remote server', async function () {
291 await removeServerFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
292 })
293
294 it('Should display its videos', function () {
295 return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
296 })
297
298 it('Should display its comments', function () {
299 return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
300 })
301 })
302 })
303
304 describe('Server blocklist', function () {
305
306 describe('When managing account blocklist', function () {
307 it('Should list all videos', async function () {
308 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
309 await checkAllVideos(servers[ 0 ].url, token)
310 }
311 })
312
313 it('Should list the comments', async function () {
314 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
315 await checkAllComments(servers[ 0 ].url, token, videoUUID1)
316 }
317 })
318
319 it('Should block a remote account', async function () {
320 await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
321 })
322
323 it('Should hide its videos', async function () {
324 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
325 const res = await getVideosListWithToken(servers[ 0 ].url, token)
326
327 const videos: Video[] = res.body.data
328 expect(videos).to.have.lengthOf(3)
329
330 const v = videos.find(v => v.name === 'video user 2')
331 expect(v).to.be.undefined
332 }
333 })
334
335 it('Should block a local account', async function () {
336 await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
337 })
338
339 it('Should hide its videos', async function () {
340 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
341 const res = await getVideosListWithToken(servers[ 0 ].url, token)
342
343 const videos: Video[] = res.body.data
344 expect(videos).to.have.lengthOf(2)
345
346 const v = videos.find(v => v.name === 'video user 1')
347 expect(v).to.be.undefined
348 }
349 })
350
351 it('Should hide its comments', async function () {
352 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
353 const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', token)
354
355 const threads: VideoComment[] = resThreads.body.data
356 expect(threads).to.have.lengthOf(1)
357 expect(threads[ 0 ].totalReplies).to.equal(0)
358
359 const t = threads.find(t => t.text === 'comment user 1')
360 expect(t).to.be.undefined
361
362 for (const thread of threads) {
363 const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, token)
364
365 const tree: VideoCommentThreadTree = res.body
366 expect(tree.children).to.have.lengthOf(0)
367 }
368 }
369 })
370
371 it('Should list blocked accounts', async function () {
372 {
373 const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
374 const blocks: AccountBlock[] = res.body.data
375
376 expect(res.body.total).to.equal(2)
377
378 const block = blocks[ 0 ]
379 expect(block.byAccount.displayName).to.equal('peertube')
380 expect(block.byAccount.name).to.equal('peertube')
381 expect(block.blockedAccount.displayName).to.equal('user2')
382 expect(block.blockedAccount.name).to.equal('user2')
383 expect(block.blockedAccount.host).to.equal('localhost:9002')
384 }
385
386 {
387 const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
388 const blocks: AccountBlock[] = res.body.data
389
390 expect(res.body.total).to.equal(2)
391
392 const block = blocks[ 0 ]
393 expect(block.byAccount.displayName).to.equal('peertube')
394 expect(block.byAccount.name).to.equal('peertube')
395 expect(block.blockedAccount.displayName).to.equal('user1')
396 expect(block.blockedAccount.name).to.equal('user1')
397 expect(block.blockedAccount.host).to.equal('localhost:9001')
398 }
399 })
400
401 it('Should unblock the remote account', async function () {
402 await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
403 })
404
405 it('Should display its videos', async function () {
406 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
407 const res = await getVideosListWithToken(servers[ 0 ].url, token)
408
409 const videos: Video[] = res.body.data
410 expect(videos).to.have.lengthOf(3)
411
412 const v = videos.find(v => v.name === 'video user 2')
413 expect(v).not.to.be.undefined
414 }
415 })
416
417 it('Should unblock the local account', async function () {
418 await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
419 })
420
421 it('Should display its comments', async function () {
422 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
423 await checkAllComments(servers[ 0 ].url, token, videoUUID1)
424 }
425 })
426 })
427
428 describe('When managing server blocklist', function () {
429 it('Should list all videos', async function () {
430 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
431 await checkAllVideos(servers[ 0 ].url, token)
432 }
433 })
434
435 it('Should list the comments', async function () {
436 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
437 await checkAllComments(servers[ 0 ].url, token, videoUUID1)
438 }
439 })
440
441 it('Should block a remote server', async function () {
442 await addServerToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
443 })
444
445 it('Should hide its videos', async function () {
446 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
447 const res = await getVideosListWithToken(servers[ 0 ].url, token)
448
449 const videos: Video[] = res.body.data
450 expect(videos).to.have.lengthOf(2)
451
452 const v1 = videos.find(v => v.name === 'video user 2')
453 const v2 = videos.find(v => v.name === 'video server 2')
454
455 expect(v1).to.be.undefined
456 expect(v2).to.be.undefined
457 }
458 })
459
460 it('Should hide its comments')
461
462 it('Should list blocked servers', async function () {
463 const res = await getServerBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
464 const blocks: ServerBlock[] = res.body.data
465
466 expect(res.body.total).to.equal(1)
467
468 const block = blocks[ 0 ]
469 expect(block.byAccount.displayName).to.equal('peertube')
470 expect(block.byAccount.name).to.equal('peertube')
471 expect(block.blockedServer.host).to.equal('localhost:9002')
472 })
473
474 it('Should unblock the remote server', async function () {
475 await removeServerFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
476 })
477
478 it('Should list all videos', async function () {
479 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
480 await checkAllVideos(servers[ 0 ].url, token)
481 }
482 })
483
484 it('Should list the comments', async function () {
485 for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
486 await checkAllComments(servers[ 0 ].url, token, videoUUID1)
487 }
488 })
489 })
490 })
491
492 after(async function () {
493 killallServers(servers)
494
495 // Keep the logs if the test failed
496 if (this[ 'ok' ]) {
497 await flushTests()
498 }
499 })
500})
diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts
index 21d75da3e..0a1b8b0b2 100644
--- a/server/tests/api/users/index.ts
+++ b/server/tests/api/users/index.ts
@@ -1,3 +1,4 @@
1import './blocklist'
1import './user-subscriptions' 2import './user-subscriptions'
2import './users' 3import './users'
3import './users-verification' 4import './users-verification'
diff --git a/server/tests/utils/users/blocklist.ts b/server/tests/utils/users/blocklist.ts
index 47b315480..35b537571 100644
--- a/server/tests/utils/users/blocklist.ts
+++ b/server/tests/utils/users/blocklist.ts
@@ -91,6 +91,94 @@ function removeServerFromAccountBlocklist (url: string, token: string, serverToB
91 }) 91 })
92} 92}
93 93
94function getAccountBlocklistByServer (
95 url: string,
96 token: string,
97 start: number,
98 count: number,
99 sort = '-createdAt',
100 statusCodeExpected = 200
101) {
102 const path = '/api/v1/server/blocklist/accounts'
103
104 return makeGetRequest({
105 url,
106 token,
107 query: { start, count, sort },
108 path,
109 statusCodeExpected
110 })
111}
112
113function addAccountToServerBlocklist (url: string, token: string, accountToBlock: string, statusCodeExpected = 204) {
114 const path = '/api/v1/server/blocklist/accounts'
115
116 return makePostBodyRequest({
117 url,
118 path,
119 token,
120 fields: {
121 accountName: accountToBlock
122 },
123 statusCodeExpected
124 })
125}
126
127function removeAccountFromServerBlocklist (url: string, token: string, accountToUnblock: string, statusCodeExpected = 204) {
128 const path = '/api/v1/server/blocklist/accounts/' + accountToUnblock
129
130 return makeDeleteRequest({
131 url,
132 path,
133 token,
134 statusCodeExpected
135 })
136}
137
138function getServerBlocklistByServer (
139 url: string,
140 token: string,
141 start: number,
142 count: number,
143 sort = '-createdAt',
144 statusCodeExpected = 200
145) {
146 const path = '/api/v1/server/blocklist/servers'
147
148 return makeGetRequest({
149 url,
150 token,
151 query: { start, count, sort },
152 path,
153 statusCodeExpected
154 })
155}
156
157function addServerToServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
158 const path = '/api/v1/server/blocklist/servers'
159
160 return makePostBodyRequest({
161 url,
162 path,
163 token,
164 fields: {
165 host: serverToBlock
166 },
167 statusCodeExpected
168 })
169}
170
171function removeServerFromServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
172 const path = '/api/v1/server/blocklist/servers/' + serverToBlock
173
174 return makeDeleteRequest({
175 url,
176 path,
177 token,
178 statusCodeExpected
179 })
180}
181
94// --------------------------------------------------------------------------- 182// ---------------------------------------------------------------------------
95 183
96export { 184export {
@@ -99,5 +187,12 @@ export {
99 removeAccountFromAccountBlocklist, 187 removeAccountFromAccountBlocklist,
100 getServerBlocklistByAccount, 188 getServerBlocklistByAccount,
101 addServerToAccountBlocklist, 189 addServerToAccountBlocklist,
102 removeServerFromAccountBlocklist 190 removeServerFromAccountBlocklist,
191
192 getAccountBlocklistByServer,
193 addAccountToServerBlocklist,
194 removeAccountFromServerBlocklist,
195 getServerBlocklistByServer,
196 addServerToServerBlocklist,
197 removeServerFromServerBlocklist
103} 198}
diff --git a/shared/models/users/user-right.enum.ts b/shared/models/users/user-right.enum.ts
index ed2c536ce..51c59d20a 100644
--- a/shared/models/users/user-right.enum.ts
+++ b/shared/models/users/user-right.enum.ts
@@ -8,6 +8,9 @@ export enum UserRight {
8 MANAGE_JOBS, 8 MANAGE_JOBS,
9 MANAGE_CONFIGURATION, 9 MANAGE_CONFIGURATION,
10 10
11 MANAGE_ACCOUNTS_BLOCKLIST,
12 MANAGE_SERVERS_BLOCKLIST,
13
11 MANAGE_VIDEO_BLACKLIST, 14 MANAGE_VIDEO_BLACKLIST,
12 15
13 REMOVE_ANY_VIDEO, 16 REMOVE_ANY_VIDEO,
diff --git a/shared/models/users/user-role.ts b/shared/models/users/user-role.ts
index d7020c0f2..adef8fd95 100644
--- a/shared/models/users/user-role.ts
+++ b/shared/models/users/user-role.ts
@@ -27,7 +27,9 @@ const userRoleRights: { [ id: number ]: UserRight[] } = {
27 UserRight.REMOVE_ANY_VIDEO_CHANNEL, 27 UserRight.REMOVE_ANY_VIDEO_CHANNEL,
28 UserRight.REMOVE_ANY_VIDEO_COMMENT, 28 UserRight.REMOVE_ANY_VIDEO_COMMENT,
29 UserRight.UPDATE_ANY_VIDEO, 29 UserRight.UPDATE_ANY_VIDEO,
30 UserRight.SEE_ALL_VIDEOS 30 UserRight.SEE_ALL_VIDEOS,
31 UserRight.MANAGE_ACCOUNTS_BLOCKLIST,
32 UserRight.MANAGE_SERVERS_BLOCKLIST
31 ], 33 ],
32 34
33 [UserRole.USER]: [] 35 [UserRole.USER]: []