diff options
Diffstat (limited to 'server/middlewares/validators/abuse.ts')
| -rw-r--r-- | server/middlewares/validators/abuse.ts | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index 3b897fdef..c048bc6af 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts | |||
| @@ -12,14 +12,12 @@ import { | |||
| 12 | isAbuseTimestampValid, | 12 | isAbuseTimestampValid, |
| 13 | isAbuseVideoIsValid | 13 | isAbuseVideoIsValid |
| 14 | } from '@server/helpers/custom-validators/abuses' | 14 | } from '@server/helpers/custom-validators/abuses' |
| 15 | import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' | 15 | import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' |
| 16 | import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments' | ||
| 17 | import { logger } from '@server/helpers/logger' | 16 | import { logger } from '@server/helpers/logger' |
| 18 | import { doesAbuseExist, doesAccountIdExist, doesVideoExist } from '@server/helpers/middlewares' | ||
| 19 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' | 17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
| 20 | import { AbuseCreate, UserRight } from '@shared/models' | 18 | import { AbuseCreate, UserRight } from '@shared/models' |
| 21 | import { areValidationErrors } from './utils' | ||
| 22 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | 19 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' |
| 20 | import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared' | ||
| 23 | 21 | ||
| 24 | const abuseReportValidator = [ | 22 | const abuseReportValidator = [ |
| 25 | body('account.id') | 23 | body('account.id') |
| @@ -29,6 +27,7 @@ const abuseReportValidator = [ | |||
| 29 | 27 | ||
| 30 | body('video.id') | 28 | body('video.id') |
| 31 | .optional() | 29 | .optional() |
| 30 | .customSanitizer(toCompleteUUID) | ||
| 32 | .custom(isIdOrUUIDValid) | 31 | .custom(isIdOrUUIDValid) |
| 33 | .withMessage('Should have a valid videoId'), | 32 | .withMessage('Should have a valid videoId'), |
| 34 | body('video.startAt') | 33 | body('video.startAt') |
| @@ -71,9 +70,7 @@ const abuseReportValidator = [ | |||
| 71 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return | 70 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return |
| 72 | 71 | ||
| 73 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { | 72 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { |
| 74 | res.status(HttpStatusCode.BAD_REQUEST_400) | 73 | res.fail({ message: 'video id or account id or comment id is required.' }) |
| 75 | .json({ error: 'video id or account id or comment id is required.' }) | ||
| 76 | |||
| 77 | return | 74 | return |
| 78 | } | 75 | } |
| 79 | 76 | ||
| @@ -195,8 +192,10 @@ const getAbuseValidator = [ | |||
| 195 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` | 192 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` |
| 196 | logger.warn(message) | 193 | logger.warn(message) |
| 197 | 194 | ||
| 198 | return res.status(HttpStatusCode.FORBIDDEN_403) | 195 | return res.fail({ |
| 199 | .json({ error: message }) | 196 | status: HttpStatusCode.FORBIDDEN_403, |
| 197 | message | ||
| 198 | }) | ||
| 200 | } | 199 | } |
| 201 | 200 | ||
| 202 | return next() | 201 | return next() |
| @@ -209,10 +208,7 @@ const checkAbuseValidForMessagesValidator = [ | |||
| 209 | 208 | ||
| 210 | const abuse = res.locals.abuse | 209 | const abuse = res.locals.abuse |
| 211 | if (abuse.ReporterAccount.isOwned() === false) { | 210 | if (abuse.ReporterAccount.isOwned() === false) { |
| 212 | return res.status(HttpStatusCode.BAD_REQUEST_400) | 211 | return res.fail({ message: 'This abuse was created by a user of your instance.' }) |
| 213 | .json({ | ||
| 214 | error: 'This abuse was created by a user of your instance.' | ||
| 215 | }) | ||
| 216 | } | 212 | } |
| 217 | 213 | ||
| 218 | return next() | 214 | return next() |
| @@ -246,13 +242,17 @@ const deleteAbuseMessageValidator = [ | |||
| 246 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) | 242 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) |
| 247 | 243 | ||
| 248 | if (!abuseMessage) { | 244 | if (!abuseMessage) { |
| 249 | return res.status(HttpStatusCode.NOT_FOUND_404) | 245 | return res.fail({ |
| 250 | .json({ error: 'Abuse message not found' }) | 246 | status: HttpStatusCode.NOT_FOUND_404, |
| 247 | message: 'Abuse message not found' | ||
| 248 | }) | ||
| 251 | } | 249 | } |
| 252 | 250 | ||
| 253 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { | 251 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { |
| 254 | return res.status(HttpStatusCode.FORBIDDEN_403) | 252 | return res.fail({ |
| 255 | .json({ error: 'Cannot delete this abuse message' }) | 253 | status: HttpStatusCode.FORBIDDEN_403, |
| 254 | message: 'Cannot delete this abuse message' | ||
| 255 | }) | ||
| 256 | } | 256 | } |
| 257 | 257 | ||
| 258 | res.locals.abuseMessage = abuseMessage | 258 | res.locals.abuseMessage = abuseMessage |