diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/users.js | 13 | ||||
-rw-r--r-- | server/middlewares/validators/videos.js | 17 |
2 files changed, 12 insertions, 18 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index 02e4f34cb..0629550bc 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js | |||
@@ -1,12 +1,9 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const mongoose = require('mongoose') | ||
4 | |||
5 | const checkErrors = require('./utils').checkErrors | 3 | const checkErrors = require('./utils').checkErrors |
4 | const db = require('../../initializers/database') | ||
6 | const logger = require('../../helpers/logger') | 5 | const logger = require('../../helpers/logger') |
7 | 6 | ||
8 | const User = mongoose.model('User') | ||
9 | |||
10 | const validatorsUsers = { | 7 | const validatorsUsers = { |
11 | usersAdd, | 8 | usersAdd, |
12 | usersRemove, | 9 | usersRemove, |
@@ -20,7 +17,7 @@ function usersAdd (req, res, next) { | |||
20 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 17 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
21 | 18 | ||
22 | checkErrors(req, res, function () { | 19 | checkErrors(req, res, function () { |
23 | User.loadByUsername(req.body.username, function (err, user) { | 20 | db.User.loadByUsername(req.body.username, function (err, user) { |
24 | if (err) { | 21 | if (err) { |
25 | logger.error('Error in usersAdd request validator.', { error: err }) | 22 | logger.error('Error in usersAdd request validator.', { error: err }) |
26 | return res.sendStatus(500) | 23 | return res.sendStatus(500) |
@@ -34,12 +31,12 @@ function usersAdd (req, res, next) { | |||
34 | } | 31 | } |
35 | 32 | ||
36 | function usersRemove (req, res, next) { | 33 | function usersRemove (req, res, next) { |
37 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | 34 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() |
38 | 35 | ||
39 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | 36 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) |
40 | 37 | ||
41 | checkErrors(req, res, function () { | 38 | checkErrors(req, res, function () { |
42 | User.loadById(req.params.id, function (err, user) { | 39 | db.User.loadById(req.params.id, function (err, user) { |
43 | if (err) { | 40 | if (err) { |
44 | logger.error('Error in usersRemove request validator.', { error: err }) | 41 | logger.error('Error in usersRemove request validator.', { error: err }) |
45 | return res.sendStatus(500) | 42 | return res.sendStatus(500) |
@@ -55,7 +52,7 @@ function usersRemove (req, res, next) { | |||
55 | } | 52 | } |
56 | 53 | ||
57 | function usersUpdate (req, res, next) { | 54 | function usersUpdate (req, res, next) { |
58 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | 55 | req.checkParams('id', 'Should have a valid id').notEmpty().isInt() |
59 | // Add old password verification | 56 | // Add old password verification |
60 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | 57 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() |
61 | 58 | ||
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 76e943e77..7e90ca047 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -1,14 +1,11 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const mongoose = require('mongoose') | ||
4 | |||
5 | const checkErrors = require('./utils').checkErrors | 3 | const checkErrors = require('./utils').checkErrors |
6 | const constants = require('../../initializers/constants') | 4 | const constants = require('../../initializers/constants') |
7 | const customVideosValidators = require('../../helpers/custom-validators').videos | 5 | const customVideosValidators = require('../../helpers/custom-validators').videos |
6 | const db = require('../../initializers/database') | ||
8 | const logger = require('../../helpers/logger') | 7 | const logger = require('../../helpers/logger') |
9 | 8 | ||
10 | const Video = mongoose.model('Video') | ||
11 | |||
12 | const validatorsVideos = { | 9 | const validatorsVideos = { |
13 | videosAdd, | 10 | videosAdd, |
14 | videosGet, | 11 | videosGet, |
@@ -29,7 +26,7 @@ function videosAdd (req, res, next) { | |||
29 | checkErrors(req, res, function () { | 26 | checkErrors(req, res, function () { |
30 | const videoFile = req.files.videofile[0] | 27 | const videoFile = req.files.videofile[0] |
31 | 28 | ||
32 | Video.getDurationFromFile(videoFile.path, function (err, duration) { | 29 | db.Video.getDurationFromFile(videoFile.path, function (err, duration) { |
33 | if (err) { | 30 | if (err) { |
34 | return res.status(400).send('Cannot retrieve metadata of the file.') | 31 | return res.status(400).send('Cannot retrieve metadata of the file.') |
35 | } | 32 | } |
@@ -45,12 +42,12 @@ function videosAdd (req, res, next) { | |||
45 | } | 42 | } |
46 | 43 | ||
47 | function videosGet (req, res, next) { | 44 | function videosGet (req, res, next) { |
48 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | 45 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
49 | 46 | ||
50 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | 47 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
51 | 48 | ||
52 | checkErrors(req, res, function () { | 49 | checkErrors(req, res, function () { |
53 | Video.load(req.params.id, function (err, video) { | 50 | db.Video.load(req.params.id, function (err, video) { |
54 | if (err) { | 51 | if (err) { |
55 | logger.error('Error in videosGet request validator.', { error: err }) | 52 | logger.error('Error in videosGet request validator.', { error: err }) |
56 | return res.sendStatus(500) | 53 | return res.sendStatus(500) |
@@ -64,12 +61,12 @@ function videosGet (req, res, next) { | |||
64 | } | 61 | } |
65 | 62 | ||
66 | function videosRemove (req, res, next) { | 63 | function videosRemove (req, res, next) { |
67 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | 64 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
68 | 65 | ||
69 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | 66 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |
70 | 67 | ||
71 | checkErrors(req, res, function () { | 68 | checkErrors(req, res, function () { |
72 | Video.load(req.params.id, function (err, video) { | 69 | db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) { |
73 | if (err) { | 70 | if (err) { |
74 | logger.error('Error in videosRemove request validator.', { error: err }) | 71 | logger.error('Error in videosRemove request validator.', { error: err }) |
75 | return res.sendStatus(500) | 72 | return res.sendStatus(500) |
@@ -77,7 +74,7 @@ function videosRemove (req, res, next) { | |||
77 | 74 | ||
78 | if (!video) return res.status(404).send('Video not found') | 75 | if (!video) return res.status(404).send('Video not found') |
79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') | 76 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') |
80 | else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') | 77 | else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') |
81 | 78 | ||
82 | next() | 79 | next() |
83 | }) | 80 | }) |