diff options
Diffstat (limited to 'middlewares')
-rw-r--r-- | middlewares/misc.js | 9 | ||||
-rw-r--r-- | middlewares/reqValidators/pods.js | 15 | ||||
-rw-r--r-- | middlewares/reqValidators/videos.js | 32 |
3 files changed, 36 insertions, 20 deletions
diff --git a/middlewares/misc.js b/middlewares/misc.js index dbb604db3..cc4e2e8a4 100644 --- a/middlewares/misc.js +++ b/middlewares/misc.js | |||
@@ -5,7 +5,7 @@ | |||
5 | var ursa = require('ursa') | 5 | var ursa = require('ursa') |
6 | 6 | ||
7 | var logger = require('../helpers/logger') | 7 | var logger = require('../helpers/logger') |
8 | var PodsDB = require('../initializers/database').PodsDB | 8 | var Pods = require('../models/pods') |
9 | var utils = require('../helpers/utils') | 9 | var utils = require('../helpers/utils') |
10 | 10 | ||
11 | var miscMiddleware = { | 11 | var miscMiddleware = { |
@@ -28,18 +28,19 @@ | |||
28 | } | 28 | } |
29 | 29 | ||
30 | function decryptBody (req, res, next) { | 30 | function decryptBody (req, res, next) { |
31 | PodsDB.findOne({ url: req.body.signature.url }, function (err, pod) { | 31 | var url = req.body.signature.url |
32 | Pods.findByUrl(url, function (err, pod) { | ||
32 | if (err) { | 33 | if (err) { |
33 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | 34 | logger.error('Cannot get signed url in decryptBody.', { error: err }) |
34 | return res.sendStatus(500) | 35 | return res.sendStatus(500) |
35 | } | 36 | } |
36 | 37 | ||
37 | if (pod === null) { | 38 | if (pod === null) { |
38 | logger.error('Unknown pod %s.', req.body.signature.url) | 39 | logger.error('Unknown pod %s.', url) |
39 | return res.sendStatus(403) | 40 | return res.sendStatus(403) |
40 | } | 41 | } |
41 | 42 | ||
42 | logger.debug('Decrypting body from %s.', req.body.signature.url) | 43 | logger.debug('Decrypting body from %s.', url) |
43 | 44 | ||
44 | var crt = ursa.createPublicKey(pod.publicKey) | 45 | var crt = ursa.createPublicKey(pod.publicKey) |
45 | var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') | 46 | var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') |
diff --git a/middlewares/reqValidators/pods.js b/middlewares/reqValidators/pods.js index 6ccfd7361..499cafd8f 100644 --- a/middlewares/reqValidators/pods.js +++ b/middlewares/reqValidators/pods.js | |||
@@ -2,12 +2,27 @@ | |||
2 | 'use strict' | 2 | 'use strict' |
3 | 3 | ||
4 | var checkErrors = require('./utils').checkErrors | 4 | var checkErrors = require('./utils').checkErrors |
5 | var friends = require('../../lib/friends') | ||
5 | var logger = require('../../helpers/logger') | 6 | var logger = require('../../helpers/logger') |
6 | 7 | ||
7 | var reqValidatorsPod = { | 8 | var reqValidatorsPod = { |
9 | makeFriends: makeFriends, | ||
8 | podsAdd: podsAdd | 10 | podsAdd: podsAdd |
9 | } | 11 | } |
10 | 12 | ||
13 | function makeFriends (req, res, next) { | ||
14 | friends.hasFriends(function (err, has_friends) { | ||
15 | if (err) return next(err) | ||
16 | |||
17 | if (has_friends === true) { | ||
18 | // We need to quit our friends before make new ones | ||
19 | res.sendStatus(409) | ||
20 | } else { | ||
21 | next() | ||
22 | } | ||
23 | }) | ||
24 | } | ||
25 | |||
11 | function podsAdd (req, res, next) { | 26 | function podsAdd (req, res, next) { |
12 | req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) | 27 | req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) |
13 | req.checkBody('data.publicKey', 'Should have a public key').notEmpty() | 28 | req.checkBody('data.publicKey', 'Should have a public key').notEmpty() |
diff --git a/middlewares/reqValidators/videos.js b/middlewares/reqValidators/videos.js index 3479c47c3..f7bd24658 100644 --- a/middlewares/reqValidators/videos.js +++ b/middlewares/reqValidators/videos.js | |||
@@ -3,7 +3,7 @@ | |||
3 | 3 | ||
4 | var checkErrors = require('./utils').checkErrors | 4 | var checkErrors = require('./utils').checkErrors |
5 | var logger = require('../../helpers/logger') | 5 | var logger = require('../../helpers/logger') |
6 | var VideosDB = require('../../initializers/database').VideosDB | 6 | var Videos = require('../../models/videos') |
7 | 7 | ||
8 | var reqValidatorsVideos = { | 8 | var reqValidatorsVideos = { |
9 | videosAdd: videosAdd, | 9 | videosAdd: videosAdd, |
@@ -29,8 +29,13 @@ | |||
29 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | 29 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
30 | 30 | ||
31 | checkErrors(req, res, function () { | 31 | checkErrors(req, res, function () { |
32 | findVideoById(req.params.id, function (video) { | 32 | Videos.getVideoState(req.params.id, function (err, state) { |
33 | if (!video) return res.status(404).send('Video not found') | 33 | if (err) { |
34 | logger.error('Error in videosGet request validator.', { error: err }) | ||
35 | res.sendStatus(500) | ||
36 | } | ||
37 | |||
38 | if (state.exist === false) return res.status(404).send('Video not found') | ||
34 | 39 | ||
35 | next() | 40 | next() |
36 | }) | 41 | }) |
@@ -43,9 +48,14 @@ | |||
43 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | 48 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |
44 | 49 | ||
45 | checkErrors(req, res, function () { | 50 | checkErrors(req, res, function () { |
46 | findVideoById(req.params.id, function (video) { | 51 | Videos.getVideoState(req.params.id, function (err, state) { |
47 | if (!video) return res.status(404).send('Video not found') | 52 | if (err) { |
48 | else if (video.namePath === null) return res.status(403).send('Cannot remove video of another pod') | 53 | logger.error('Error in videosRemove request validator.', { error: err }) |
54 | res.sendStatus(500) | ||
55 | } | ||
56 | |||
57 | if (state.exist === false) return res.status(404).send('Video not found') | ||
58 | else if (state.owned === false) return res.status(403).send('Cannot remove video of another pod') | ||
49 | 59 | ||
50 | next() | 60 | next() |
51 | }) | 61 | }) |
@@ -63,14 +73,4 @@ | |||
63 | // --------------------------------------------------------------------------- | 73 | // --------------------------------------------------------------------------- |
64 | 74 | ||
65 | module.exports = reqValidatorsVideos | 75 | module.exports = reqValidatorsVideos |
66 | |||
67 | // --------------------------------------------------------------------------- | ||
68 | |||
69 | function findVideoById (id, callback) { | ||
70 | VideosDB.findById(id, { _id: 1, namePath: 1 }).limit(1).exec(function (err, video) { | ||
71 | if (err) throw err | ||
72 | |||
73 | callback(video) | ||
74 | }) | ||
75 | } | ||
76 | })() | 76 | })() |