diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
| -rw-r--r-- | server/middlewares/validators/users.ts | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 4be446732..35f41c450 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -22,6 +22,7 @@ import { logger } from '../../helpers/logger' | |||
| 22 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' | 22 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' |
| 23 | import { Redis } from '../../lib/redis' | 23 | import { Redis } from '../../lib/redis' |
| 24 | import { UserModel } from '../../models/account/user' | 24 | import { UserModel } from '../../models/account/user' |
| 25 | import { AccountModel } from '../../models/account/account' | ||
| 25 | import { areValidationErrors } from './utils' | 26 | import { areValidationErrors } from './utils' |
| 26 | import { ActorModel } from '../../models/activitypub/actor' | 27 | import { ActorModel } from '../../models/activitypub/actor' |
| 27 | 28 | ||
| @@ -317,6 +318,20 @@ const userAutocompleteValidator = [ | |||
| 317 | param('search').isString().not().isEmpty().withMessage('Should have a search parameter') | 318 | param('search').isString().not().isEmpty().withMessage('Should have a search parameter') |
| 318 | ] | 319 | ] |
| 319 | 320 | ||
| 321 | const ensureAuthUserOwnsAccountValidator = [ | ||
| 322 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
| 323 | const user = res.locals.oauth.token.User | ||
| 324 | |||
| 325 | if (res.locals.account.id !== user.Account.id) { | ||
| 326 | return res.status(403) | ||
| 327 | .send({ error: 'Only owner can access ratings list.' }) | ||
| 328 | .end() | ||
| 329 | } | ||
| 330 | |||
| 331 | return next() | ||
| 332 | } | ||
| 333 | ] | ||
| 334 | |||
| 320 | // --------------------------------------------------------------------------- | 335 | // --------------------------------------------------------------------------- |
| 321 | 336 | ||
| 322 | export { | 337 | export { |
| @@ -335,7 +350,8 @@ export { | |||
| 335 | usersResetPasswordValidator, | 350 | usersResetPasswordValidator, |
| 336 | usersAskSendVerifyEmailValidator, | 351 | usersAskSendVerifyEmailValidator, |
| 337 | usersVerifyEmailValidator, | 352 | usersVerifyEmailValidator, |
| 338 | userAutocompleteValidator | 353 | userAutocompleteValidator, |
| 354 | ensureAuthUserOwnsAccountValidator | ||
| 339 | } | 355 | } |
| 340 | 356 | ||
| 341 | // --------------------------------------------------------------------------- | 357 | // --------------------------------------------------------------------------- |