1 files changed, 369 insertions, 0 deletions
diff --git a/packages/tests/src/api/check-params/follows.ts b/packages/tests/src/api/check-params/follows.ts
new file mode 100644
index 000000000..e92a3acd6
--- /dev/null
+++ b/packages/tests/src/api/check-params/follows.ts
@@ -0,0 +1,369 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@tests/shared/checks.js'
+import { HttpStatusCode } from '@peertube/peertube-models'
+import {
+  cleanupTests,
+  createSingleServer,
+  makeDeleteRequest,
+  makeGetRequest,
+  makePostBodyRequest,
+  PeerTubeServer,
+  setAccessTokensToServers
+} from '@peertube/peertube-server-commands'
+describe('Test server follows API validators', function () {
+  let server: PeerTubeServer
+  // ---------------------------------------------------------------
+  before(async function () {
+    this.timeout(30000)
+    server = await createSingleServer(1)
+    await setAccessTokensToServers([ server ])
+  })
+  describe('When managing following', function () {
+    let userAccessToken = null
+    before(async function () {
+      userAccessToken = await server.users.generateUserAndToken('user1')
+    })
+    describe('When adding follows', function () {
+      const path = '/api/v1/server/following'
+      it('Should fail with nothing', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail if hosts is not composed by hosts', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { hosts: [ '127.0.0.1:9002', '127.0.0.1:coucou' ] },
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail if hosts is composed with http schemes', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { hosts: [ '127.0.0.1:9002', 'http://127.0.0.1:9003' ] },
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail if hosts are not unique', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { urls: [ '127.0.0.1:9002', '127.0.0.1:9002' ] },
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail if handles is not composed by handles', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { handles: [ 'hello@example.com', '127.0.0.1:9001' ] },
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail if handles are not unique', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { urls: [ 'hello@example.com', 'hello@example.com' ] },
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail with an invalid token', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { hosts: [ '127.0.0.1:9002' ] },
+          token: 'fake_token',
+          expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+        })
+      })
+      it('Should fail if the user is not an administrator', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          fields: { hosts: [ '127.0.0.1:9002' ] },
+          token: userAccessToken,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+    })
+    describe('When listing followings', function () {
+      const path = '/api/v1/server/following'
+      it('Should fail with a bad start pagination', async function () {
+        await checkBadStartPagination(server.url, path)
+      })
+      it('Should fail with a bad count pagination', async function () {
+        await checkBadCountPagination(server.url, path)
+      })
+      it('Should fail with an incorrect sort', async function () {
+        await checkBadSortPagination(server.url, path)
+      })
+      it('Should fail with an incorrect state', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          query: {
+            state: 'blabla'
+          }
+        })
+      })
+      it('Should fail with an incorrect actor type', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          query: {
+            actorType: 'blabla'
+          }
+        })
+      })
+      it('Should fail succeed with the correct params', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          expectedStatus: HttpStatusCode.OK_200,
+          query: {
+            state: 'accepted',
+            actorType: 'Application'
+          }
+        })
+      })
+    })
+    describe('When listing followers', function () {
+      const path = '/api/v1/server/followers'
+      it('Should fail with a bad start pagination', async function () {
+        await checkBadStartPagination(server.url, path)
+      })
+      it('Should fail with a bad count pagination', async function () {
+        await checkBadCountPagination(server.url, path)
+      })
+      it('Should fail with an incorrect sort', async function () {
+        await checkBadSortPagination(server.url, path)
+      })
+      it('Should fail with an incorrect actor type', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          query: {
+            actorType: 'blabla'
+          }
+        })
+      })
+      it('Should fail with an incorrect state', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          query: {
+            state: 'blabla',
+            actorType: 'Application'
+          }
+        })
+      })
+      it('Should fail succeed with the correct params', async function () {
+        await makeGetRequest({
+          url: server.url,
+          path,
+          expectedStatus: HttpStatusCode.OK_200,
+          query: {
+            state: 'accepted'
+          }
+        })
+      })
+    })
+    describe('When removing a follower', function () {
+      const path = '/api/v1/server/followers'
+      it('Should fail with an invalid token', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002',
+          token: 'fake_token',
+          expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+        })
+      })
+      it('Should fail if the user is not an administrator', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002',
+          token: userAccessToken,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+      it('Should fail with an invalid follower', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/toto',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail with an unknown follower', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9003',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.NOT_FOUND_404
+        })
+      })
+    })
+    describe('When accepting a follower', function () {
+      const path = '/api/v1/server/followers'
+      it('Should fail with an invalid token', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002/accept',
+          token: 'fake_token',
+          expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+        })
+      })
+      it('Should fail if the user is not an administrator', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002/accept',
+          token: userAccessToken,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+      it('Should fail with an invalid follower', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto/accept',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail with an unknown follower', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9003/accept',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.NOT_FOUND_404
+        })
+      })
+    })
+    describe('When rejecting a follower', function () {
+      const path = '/api/v1/server/followers'
+      it('Should fail with an invalid token', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002/reject',
+          token: 'fake_token',
+          expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+        })
+      })
+      it('Should fail if the user is not an administrator', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9002/reject',
+          token: userAccessToken,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+      it('Should fail with an invalid follower', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto/reject',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+      it('Should fail with an unknown follower', async function () {
+        await makePostBodyRequest({
+          url: server.url,
+          path: path + '/toto@127.0.0.1:9003/reject',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.NOT_FOUND_404
+        })
+      })
+    })
+    describe('When removing following', function () {
+      const path = '/api/v1/server/following'
+      it('Should fail with an invalid token', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/127.0.0.1:9002',
+          token: 'fake_token',
+          expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+        })
+      })
+      it('Should fail if the user is not an administrator', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/127.0.0.1:9002',
+          token: userAccessToken,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+      it('Should fail if we do not follow this server', async function () {
+        await makeDeleteRequest({
+          url: server.url,
+          path: path + '/example.com',
+          token: server.accessToken,
+          expectedStatus: HttpStatusCode.NOT_FOUND_404
+        })
+      })
+    })
+  })
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})

diff --git a/packages/tests/src/api/check-params/follows.ts b/packages/tests/src/api/check-params/follows.ts new file mode 100644 index 000000000..e92a3acd6 --- /dev/null +++ b/packages/tests/src/api/check-params/follows.ts
@@ -0,0 +1,369 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@tests/shared/checks.js'
	4	import { HttpStatusCode } from '@peertube/peertube-models'
	5	import {
	6	cleanupTests,
	7	createSingleServer,
	8	makeDeleteRequest,
	9	makeGetRequest,
	10	makePostBodyRequest,
	11	PeerTubeServer,
	12	setAccessTokensToServers
	13	} from '@peertube/peertube-server-commands'
	14
	15	describe('Test server follows API validators', function () {
	16	let server: PeerTubeServer
	17
	18	// ---------------------------------------------------------------
	19
	20	before(async function () {
	21	this.timeout(30000)
	22
	23	server = await createSingleServer(1)
	24
	25	await setAccessTokensToServers([ server ])
	26	})
	27
	28	describe('When managing following', function () {
	29	let userAccessToken = null
	30
	31	before(async function () {
	32	userAccessToken = await server.users.generateUserAndToken('user1')
	33	})
	34
	35	describe('When adding follows', function () {
	36	const path = '/api/v1/server/following'
	37
	38	it('Should fail with nothing', async function () {
	39	await makePostBodyRequest({
	40	url: server.url,
	41	path,
	42	token: server.accessToken,
	43	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	44	})
	45	})
	46
	47	it('Should fail if hosts is not composed by hosts', async function () {
	48	await makePostBodyRequest({
	49	url: server.url,
	50	path,
	51	fields: { hosts: [ '127.0.0.1:9002', '127.0.0.1:coucou' ] },
	52	token: server.accessToken,
	53	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	54	})
	55	})
	56
	57	it('Should fail if hosts is composed with http schemes', async function () {
	58	await makePostBodyRequest({
	59	url: server.url,
	60	path,
	61	fields: { hosts: [ '127.0.0.1:9002', 'http://127.0.0.1:9003' ] },
	62	token: server.accessToken,
	63	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	64	})
	65	})
	66
	67	it('Should fail if hosts are not unique', async function () {
	68	await makePostBodyRequest({
	69	url: server.url,
	70	path,
	71	fields: { urls: [ '127.0.0.1:9002', '127.0.0.1:9002' ] },
	72	token: server.accessToken,
	73	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	74	})
	75	})
	76
	77	it('Should fail if handles is not composed by handles', async function () {
	78	await makePostBodyRequest({
	79	url: server.url,
	80	path,
	81	fields: { handles: [ 'hello@example.com', '127.0.0.1:9001' ] },
	82	token: server.accessToken,
	83	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	84	})
	85	})
	86
	87	it('Should fail if handles are not unique', async function () {
	88	await makePostBodyRequest({
	89	url: server.url,
	90	path,
	91	fields: { urls: [ 'hello@example.com', 'hello@example.com' ] },
	92	token: server.accessToken,
	93	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	94	})
	95	})
	96
	97	it('Should fail with an invalid token', async function () {
	98	await makePostBodyRequest({
	99	url: server.url,
	100	path,
	101	fields: { hosts: [ '127.0.0.1:9002' ] },
	102	token: 'fake_token',
	103	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	104	})
	105	})
	106
	107	it('Should fail if the user is not an administrator', async function () {
	108	await makePostBodyRequest({
	109	url: server.url,
	110	path,
	111	fields: { hosts: [ '127.0.0.1:9002' ] },
	112	token: userAccessToken,
	113	expectedStatus: HttpStatusCode.FORBIDDEN_403
	114	})
	115	})
	116	})
	117
	118	describe('When listing followings', function () {
	119	const path = '/api/v1/server/following'
	120
	121	it('Should fail with a bad start pagination', async function () {
	122	await checkBadStartPagination(server.url, path)
	123	})
	124
	125	it('Should fail with a bad count pagination', async function () {
	126	await checkBadCountPagination(server.url, path)
	127	})
	128
	129	it('Should fail with an incorrect sort', async function () {
	130	await checkBadSortPagination(server.url, path)
	131	})
	132
	133	it('Should fail with an incorrect state', async function () {
	134	await makeGetRequest({
	135	url: server.url,
	136	path,
	137	query: {
	138	state: 'blabla'
	139	}
	140	})
	141	})
	142
	143	it('Should fail with an incorrect actor type', async function () {
	144	await makeGetRequest({
	145	url: server.url,
	146	path,
	147	query: {
	148	actorType: 'blabla'
	149	}
	150	})
	151	})
	152
	153	it('Should fail succeed with the correct params', async function () {
	154	await makeGetRequest({
	155	url: server.url,
	156	path,
	157	expectedStatus: HttpStatusCode.OK_200,
	158	query: {
	159	state: 'accepted',
	160	actorType: 'Application'
	161	}
	162	})
	163	})
	164	})
	165
	166	describe('When listing followers', function () {
	167	const path = '/api/v1/server/followers'
	168
	169	it('Should fail with a bad start pagination', async function () {
	170	await checkBadStartPagination(server.url, path)
	171	})
	172
	173	it('Should fail with a bad count pagination', async function () {
	174	await checkBadCountPagination(server.url, path)
	175	})
	176
	177	it('Should fail with an incorrect sort', async function () {
	178	await checkBadSortPagination(server.url, path)
	179	})
	180
	181	it('Should fail with an incorrect actor type', async function () {
	182	await makeGetRequest({
	183	url: server.url,
	184	path,
	185	query: {
	186	actorType: 'blabla'
	187	}
	188	})
	189	})
	190
	191	it('Should fail with an incorrect state', async function () {
	192	await makeGetRequest({
	193	url: server.url,
	194	path,
	195	query: {
	196	state: 'blabla',
	197	actorType: 'Application'
	198	}
	199	})
	200	})
	201
	202	it('Should fail succeed with the correct params', async function () {
	203	await makeGetRequest({
	204	url: server.url,
	205	path,
	206	expectedStatus: HttpStatusCode.OK_200,
	207	query: {
	208	state: 'accepted'
	209	}
	210	})
	211	})
	212	})
	213
	214	describe('When removing a follower', function () {
	215	const path = '/api/v1/server/followers'
	216
	217	it('Should fail with an invalid token', async function () {
	218	await makeDeleteRequest({
	219	url: server.url,
	220	path: path + '/toto@127.0.0.1:9002',
	221	token: 'fake_token',
	222	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	223	})
	224	})
	225
	226	it('Should fail if the user is not an administrator', async function () {
	227	await makeDeleteRequest({
	228	url: server.url,
	229	path: path + '/toto@127.0.0.1:9002',
	230	token: userAccessToken,
	231	expectedStatus: HttpStatusCode.FORBIDDEN_403
	232	})
	233	})
	234
	235	it('Should fail with an invalid follower', async function () {
	236	await makeDeleteRequest({
	237	url: server.url,
	238	path: path + '/toto',
	239	token: server.accessToken,
	240	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	241	})
	242	})
	243
	244	it('Should fail with an unknown follower', async function () {
	245	await makeDeleteRequest({
	246	url: server.url,
	247	path: path + '/toto@127.0.0.1:9003',
	248	token: server.accessToken,
	249	expectedStatus: HttpStatusCode.NOT_FOUND_404
	250	})
	251	})
	252	})
	253
	254	describe('When accepting a follower', function () {
	255	const path = '/api/v1/server/followers'
	256
	257	it('Should fail with an invalid token', async function () {
	258	await makePostBodyRequest({
	259	url: server.url,
	260	path: path + '/toto@127.0.0.1:9002/accept',
	261	token: 'fake_token',
	262	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	263	})
	264	})
	265
	266	it('Should fail if the user is not an administrator', async function () {
	267	await makePostBodyRequest({
	268	url: server.url,
	269	path: path + '/toto@127.0.0.1:9002/accept',
	270	token: userAccessToken,
	271	expectedStatus: HttpStatusCode.FORBIDDEN_403
	272	})
	273	})
	274
	275	it('Should fail with an invalid follower', async function () {
	276	await makePostBodyRequest({
	277	url: server.url,
	278	path: path + '/toto/accept',
	279	token: server.accessToken,
	280	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	281	})
	282	})
	283
	284	it('Should fail with an unknown follower', async function () {
	285	await makePostBodyRequest({
	286	url: server.url,
	287	path: path + '/toto@127.0.0.1:9003/accept',
	288	token: server.accessToken,
	289	expectedStatus: HttpStatusCode.NOT_FOUND_404
	290	})
	291	})
	292	})
	293
	294	describe('When rejecting a follower', function () {
	295	const path = '/api/v1/server/followers'
	296
	297	it('Should fail with an invalid token', async function () {
	298	await makePostBodyRequest({
	299	url: server.url,
	300	path: path + '/toto@127.0.0.1:9002/reject',
	301	token: 'fake_token',
	302	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	303	})
	304	})
	305
	306	it('Should fail if the user is not an administrator', async function () {
	307	await makePostBodyRequest({
	308	url: server.url,
	309	path: path + '/toto@127.0.0.1:9002/reject',
	310	token: userAccessToken,
	311	expectedStatus: HttpStatusCode.FORBIDDEN_403
	312	})
	313	})
	314
	315	it('Should fail with an invalid follower', async function () {
	316	await makePostBodyRequest({
	317	url: server.url,
	318	path: path + '/toto/reject',
	319	token: server.accessToken,
	320	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	321	})
	322	})
	323
	324	it('Should fail with an unknown follower', async function () {
	325	await makePostBodyRequest({
	326	url: server.url,
	327	path: path + '/toto@127.0.0.1:9003/reject',
	328	token: server.accessToken,
	329	expectedStatus: HttpStatusCode.NOT_FOUND_404
	330	})
	331	})
	332	})
	333
	334	describe('When removing following', function () {
	335	const path = '/api/v1/server/following'
	336
	337	it('Should fail with an invalid token', async function () {
	338	await makeDeleteRequest({
	339	url: server.url,
	340	path: path + '/127.0.0.1:9002',
	341	token: 'fake_token',
	342	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	343	})
	344	})
	345
	346	it('Should fail if the user is not an administrator', async function () {
	347	await makeDeleteRequest({
	348	url: server.url,
	349	path: path + '/127.0.0.1:9002',
	350	token: userAccessToken,
	351	expectedStatus: HttpStatusCode.FORBIDDEN_403
	352	})
	353	})
	354
	355	it('Should fail if we do not follow this server', async function () {
	356	await makeDeleteRequest({
	357	url: server.url,
	358	path: path + '/example.com',
	359	token: server.accessToken,
	360	expectedStatus: HttpStatusCode.NOT_FOUND_404
	361	})
	362	})
	363	})
	364	})
	365
	366	after(async function () {
	367	await cleanupTests([ server ])
	368	})
	369	})