aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/users.js13
-rw-r--r--server/middlewares/validators/videos.js17
2 files changed, 12 insertions, 18 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
index 02e4f34cb..0629550bc 100644
--- a/server/middlewares/validators/users.js
+++ b/server/middlewares/validators/users.js
@@ -1,12 +1,9 @@
1'use strict' 1'use strict'
2 2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors 3const checkErrors = require('./utils').checkErrors
4const db = require('../../initializers/database')
6const logger = require('../../helpers/logger') 5const logger = require('../../helpers/logger')
7 6
8const User = mongoose.model('User')
9
10const validatorsUsers = { 7const validatorsUsers = {
11 usersAdd, 8 usersAdd,
12 usersRemove, 9 usersRemove,
@@ -20,7 +17,7 @@ function usersAdd (req, res, next) {
20 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 17 logger.debug('Checking usersAdd parameters', { parameters: req.body })
21 18
22 checkErrors(req, res, function () { 19 checkErrors(req, res, function () {
23 User.loadByUsername(req.body.username, function (err, user) { 20 db.User.loadByUsername(req.body.username, function (err, user) {
24 if (err) { 21 if (err) {
25 logger.error('Error in usersAdd request validator.', { error: err }) 22 logger.error('Error in usersAdd request validator.', { error: err })
26 return res.sendStatus(500) 23 return res.sendStatus(500)
@@ -34,12 +31,12 @@ function usersAdd (req, res, next) {
34} 31}
35 32
36function usersRemove (req, res, next) { 33function usersRemove (req, res, next) {
37 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 34 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
38 35
39 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 36 logger.debug('Checking usersRemove parameters', { parameters: req.params })
40 37
41 checkErrors(req, res, function () { 38 checkErrors(req, res, function () {
42 User.loadById(req.params.id, function (err, user) { 39 db.User.loadById(req.params.id, function (err, user) {
43 if (err) { 40 if (err) {
44 logger.error('Error in usersRemove request validator.', { error: err }) 41 logger.error('Error in usersRemove request validator.', { error: err })
45 return res.sendStatus(500) 42 return res.sendStatus(500)
@@ -55,7 +52,7 @@ function usersRemove (req, res, next) {
55} 52}
56 53
57function usersUpdate (req, res, next) { 54function usersUpdate (req, res, next) {
58 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 55 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
59 // Add old password verification 56 // Add old password verification
60 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 57 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
61 58
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 76e943e77..7e90ca047 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -1,14 +1,11 @@
1'use strict' 1'use strict'
2 2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors 3const checkErrors = require('./utils').checkErrors
6const constants = require('../../initializers/constants') 4const constants = require('../../initializers/constants')
7const customVideosValidators = require('../../helpers/custom-validators').videos 5const customVideosValidators = require('../../helpers/custom-validators').videos
6const db = require('../../initializers/database')
8const logger = require('../../helpers/logger') 7const logger = require('../../helpers/logger')
9 8
10const Video = mongoose.model('Video')
11
12const validatorsVideos = { 9const validatorsVideos = {
13 videosAdd, 10 videosAdd,
14 videosGet, 11 videosGet,
@@ -29,7 +26,7 @@ function videosAdd (req, res, next) {
29 checkErrors(req, res, function () { 26 checkErrors(req, res, function () {
30 const videoFile = req.files.videofile[0] 27 const videoFile = req.files.videofile[0]
31 28
32 Video.getDurationFromFile(videoFile.path, function (err, duration) { 29 db.Video.getDurationFromFile(videoFile.path, function (err, duration) {
33 if (err) { 30 if (err) {
34 return res.status(400).send('Cannot retrieve metadata of the file.') 31 return res.status(400).send('Cannot retrieve metadata of the file.')
35 } 32 }
@@ -45,12 +42,12 @@ function videosAdd (req, res, next) {
45} 42}
46 43
47function videosGet (req, res, next) { 44function videosGet (req, res, next) {
48 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 45 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
49 46
50 logger.debug('Checking videosGet parameters', { parameters: req.params }) 47 logger.debug('Checking videosGet parameters', { parameters: req.params })
51 48
52 checkErrors(req, res, function () { 49 checkErrors(req, res, function () {
53 Video.load(req.params.id, function (err, video) { 50 db.Video.load(req.params.id, function (err, video) {
54 if (err) { 51 if (err) {
55 logger.error('Error in videosGet request validator.', { error: err }) 52 logger.error('Error in videosGet request validator.', { error: err })
56 return res.sendStatus(500) 53 return res.sendStatus(500)
@@ -64,12 +61,12 @@ function videosGet (req, res, next) {
64} 61}
65 62
66function videosRemove (req, res, next) { 63function videosRemove (req, res, next) {
67 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 64 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
68 65
69 logger.debug('Checking videosRemove parameters', { parameters: req.params }) 66 logger.debug('Checking videosRemove parameters', { parameters: req.params })
70 67
71 checkErrors(req, res, function () { 68 checkErrors(req, res, function () {
72 Video.load(req.params.id, function (err, video) { 69 db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) {
73 if (err) { 70 if (err) {
74 logger.error('Error in videosRemove request validator.', { error: err }) 71 logger.error('Error in videosRemove request validator.', { error: err })
75 return res.sendStatus(500) 72 return res.sendStatus(500)
@@ -77,7 +74,7 @@ function videosRemove (req, res, next) {
77 74
78 if (!video) return res.status(404).send('Video not found') 75 if (!video) return res.status(404).send('Video not found')
79 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') 76 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
80 else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') 77 else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
81 78
82 next() 79 next()
83 }) 80 })