aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/abuse.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/abuse.ts')
-rw-r--r--server/middlewares/validators/abuse.ts21
1 files changed, 13 insertions, 8 deletions
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 99403ca40..3b897fdef 100644
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -19,6 +19,7 @@ import { doesAbuseExist, doesAccountIdExist, doesVideoExist } from '@server/help
19import { AbuseMessageModel } from '@server/models/abuse/abuse-message' 19import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
20import { AbuseCreate, UserRight } from '@shared/models' 20import { AbuseCreate, UserRight } from '@shared/models'
21import { areValidationErrors } from './utils' 21import { areValidationErrors } from './utils'
22import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
22 23
23const abuseReportValidator = [ 24const abuseReportValidator = [
24 body('account.id') 25 body('account.id')
@@ -70,8 +71,8 @@ const abuseReportValidator = [
70 if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return 71 if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
71 72
72 if (!body.video?.id && !body.account?.id && !body.comment?.id) { 73 if (!body.video?.id && !body.account?.id && !body.comment?.id) {
73 res.status(400) 74 res.status(HttpStatusCode.BAD_REQUEST_400)
74 .json({ error: 'video id or account id or comment id is required.' }) 75 .json({ error: 'video id or account id or comment id is required.' })
75 76
76 return 77 return
77 } 78 }
@@ -194,7 +195,8 @@ const getAbuseValidator = [
194 const message = `User ${user.username} does not have right to get abuse ${abuse.id}` 195 const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
195 logger.warn(message) 196 logger.warn(message)
196 197
197 return res.status(403).json({ error: message }) 198 return res.status(HttpStatusCode.FORBIDDEN_403)
199 .json({ error: message })
198 } 200 }
199 201
200 return next() 202 return next()
@@ -207,9 +209,10 @@ const checkAbuseValidForMessagesValidator = [
207 209
208 const abuse = res.locals.abuse 210 const abuse = res.locals.abuse
209 if (abuse.ReporterAccount.isOwned() === false) { 211 if (abuse.ReporterAccount.isOwned() === false) {
210 return res.status(400).json({ 212 return res.status(HttpStatusCode.BAD_REQUEST_400)
211 error: 'This abuse was created by a user of your instance.' 213 .json({
212 }) 214 error: 'This abuse was created by a user of your instance.'
215 })
213 } 216 }
214 217
215 return next() 218 return next()
@@ -243,11 +246,13 @@ const deleteAbuseMessageValidator = [
243 const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) 246 const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
244 247
245 if (!abuseMessage) { 248 if (!abuseMessage) {
246 return res.status(404).json({ error: 'Abuse message not found' }) 249 return res.status(HttpStatusCode.NOT_FOUND_404)
250 .json({ error: 'Abuse message not found' })
247 } 251 }
248 252
249 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { 253 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
250 return res.status(403).json({ error: 'Cannot delete this abuse message' }) 254 return res.status(HttpStatusCode.FORBIDDEN_403)
255 .json({ error: 'Cannot delete this abuse message' })
251 } 256 }
252 257
253 res.locals.abuseMessage = abuseMessage 258 res.locals.abuseMessage = abuseMessage
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 01:44:14 +0000