aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/pods.ts6
-rw-r--r--server/middlewares/validators/users.ts36
-rw-r--r--server/middlewares/validators/videos.ts42
3 files changed, 64 insertions, 20 deletions
diff --git a/server/middlewares/validators/pods.ts b/server/middlewares/validators/pods.ts
index 4d0e054b0..3a0f56f6a 100644
--- a/server/middlewares/validators/pods.ts
+++ b/server/middlewares/validators/pods.ts
@@ -11,7 +11,11 @@ import { isTestInstance } from '../../helpers'
11function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) { 11function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
12 // Force https if the administrator wants to make friends 12 // Force https if the administrator wants to make friends
13 if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') { 13 if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') {
14 return res.status(400).send('Cannot make friends with a non HTTPS web server.') 14 return res.status(400)
15 .json({
16 error: 'Cannot make friends with a non HTTPS web server.'
17 })
18 .end()
15 } 19 }
16 20
17 req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() 21 req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index aec6324bf..15c07c693 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -45,9 +45,13 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next
45 return res.sendStatus(500) 45 return res.sendStatus(500)
46 } 46 }
47 47
48 if (user.username === 'root') return res.status(400).send('Cannot remove the root user') 48 if (user.username === 'root') {
49 return res.status(400)
50 .send({ error: 'Cannot remove the root user' })
51 .end()
52 }
49 53
50 next() 54 return next()
51 }) 55 })
52 }) 56 })
53} 57}
@@ -99,9 +103,13 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response,
99 103
100 videoPromise 104 videoPromise
101 .then(video => { 105 .then(video => {
102 if (!video) return res.status(404).send('Video not found') 106 if (!video) {
107 return res.status(404)
108 .json({ error: 'Video not found' })
109 .end()
110 }
103 111
104 next() 112 return next()
105 }) 113 })
106 .catch(err => { 114 .catch(err => {
107 logger.error('Error in user request validator.', err) 115 logger.error('Error in user request validator.', err)
@@ -113,7 +121,9 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response,
113function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { 121function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
114 isSignupAllowed().then(allowed => { 122 isSignupAllowed().then(allowed => {
115 if (allowed === false) { 123 if (allowed === false) {
116 return res.status(403).send('User registration is not enabled or user limit is reached.') 124 return res.status(403)
125 .send({ error: 'User registration is not enabled or user limit is reached.' })
126 .end()
117 } 127 }
118 128
119 return next() 129 return next()
@@ -138,10 +148,14 @@ export {
138function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { 148function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
139 db.User.loadById(id) 149 db.User.loadById(id)
140 .then(user => { 150 .then(user => {
141 if (!user) return res.status(404).send('User not found') 151 if (!user) {
152 return res.status(404)
153 .send({ error: 'User not found' })
154 .end()
155 }
142 156
143 res.locals.user = user 157 res.locals.user = user
144 callback(null, user) 158 return callback(null, user)
145 }) 159 })
146 .catch(err => { 160 .catch(err => {
147 logger.error('Error in user request validator.', err) 161 logger.error('Error in user request validator.', err)
@@ -152,9 +166,13 @@ function checkUserExists (id: number, res: express.Response, callback: (err: Err
152function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { 166function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
153 db.User.loadByUsernameOrEmail(username, email) 167 db.User.loadByUsernameOrEmail(username, email)
154 .then(user => { 168 .then(user => {
155 if (user) return res.status(409).send('User already exists.') 169 if (user) {
170 return res.status(409)
171 .send({ error: 'User already exists.' })
172 .end()
173 }
156 174
157 callback() 175 return callback()
158 }) 176 })
159 .catch(err => { 177 .catch(err => {
160 logger.error('Error in usersAdd request validator.', err) 178 logger.error('Error in usersAdd request validator.', err)
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 519e3d46c..213b4c46b 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -30,7 +30,9 @@ function videosAddValidator (req: express.Request, res: express.Response, next:
30 user.isAbleToUploadVideo(videoFile) 30 user.isAbleToUploadVideo(videoFile)
31 .then(isAble => { 31 .then(isAble => {
32 if (isAble === false) { 32 if (isAble === false) {
33 res.status(403).send('The user video quota is exceeded with this video.') 33 res.status(403)
34 .json({ error: 'The user video quota is exceeded with this video.' })
35 .end()
34 36
35 return undefined 37 return undefined
36 } 38 }
@@ -38,17 +40,23 @@ function videosAddValidator (req: express.Request, res: express.Response, next:
38 return db.Video.getDurationFromFile(videoFile.path) 40 return db.Video.getDurationFromFile(videoFile.path)
39 .catch(err => { 41 .catch(err => {
40 logger.error('Invalid input file in videosAddValidator.', err) 42 logger.error('Invalid input file in videosAddValidator.', err)
41 res.status(400).send('Invalid input file.') 43 res.status(400)
44 .json({ error: 'Invalid input file.' })
45 .end()
42 46
43 return undefined 47 return undefined
44 }) 48 })
45 }) 49 })
46 .then(duration => { 50 .then(duration => {
47 // Previous test failed, abort 51 // Previous test failed, abort
48 if (duration === undefined) return undefined 52 if (duration === undefined) return
49 53
50 if (!isVideoDurationValid('' + duration)) { 54 if (!isVideoDurationValid('' + duration)) {
51 return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') 55 return res.status(400)
56 .json({
57 error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
58 })
59 .end()
52 } 60 }
53 61
54 videoFile['duration'] = duration 62 videoFile['duration'] = duration
@@ -80,11 +88,15 @@ function videosUpdateValidator (req: express.Request, res: express.Response, nex
80 checkVideoExists(req.params.id, res, () => { 88 checkVideoExists(req.params.id, res, () => {
81 // We need to make additional checks 89 // We need to make additional checks
82 if (res.locals.video.isOwned() === false) { 90 if (res.locals.video.isOwned() === false) {
83 return res.status(403).send('Cannot update video of another pod') 91 return res.status(403)
92 .json({ error: 'Cannot update video of another pod' })
93 .end()
84 } 94 }
85 95
86 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { 96 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
87 return res.status(403).send('Cannot update video of another user') 97 return res.status(403)
98 .json({ error: 'Cannot update video of another user' })
99 .end()
88 } 100 }
89 101
90 next() 102 next()
@@ -188,7 +200,11 @@ function checkVideoExists (id: string, res: express.Response, callback: () => vo
188 } 200 }
189 201
190 promise.then(video => { 202 promise.then(video => {
191 if (!video) return res.status(404).send('Video not found') 203 if (!video) {
204 return res.status(404)
205 .json({ error: 'Video not found' })
206 .end()
207 }
192 208
193 res.locals.video = video 209 res.locals.video = video
194 callback() 210 callback()
@@ -204,14 +220,18 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
204 db.User.loadById(userId) 220 db.User.loadById(userId)
205 .then(user => { 221 .then(user => {
206 if (res.locals.video.isOwned() === false) { 222 if (res.locals.video.isOwned() === false) {
207 return res.status(403).send('Cannot remove video of another pod, blacklist it') 223 return res.status(403)
224 .json({ error: 'Cannot remove video of another pod, blacklist it' })
225 .end()
208 } 226 }
209 227
210 // Check if the user can delete the video 228 // Check if the user can delete the video
211 // The user can delete it if s/he is an admin 229 // The user can delete it if s/he is an admin
212 // Or if s/he is the video's author 230 // Or if s/he is the video's author
213 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { 231 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
214 return res.status(403).send('Cannot remove video of another user') 232 return res.status(403)
233 .json({ error: 'Cannot remove video of another user' })
234 .end()
215 } 235 }
216 236
217 // If we reach this comment, we can delete the video 237 // If we reach this comment, we can delete the video
@@ -225,7 +245,9 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
225 245
226function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { 246function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) {
227 if (res.locals.video.isOwned() === true) { 247 if (res.locals.video.isOwned() === true) {
228 return res.status(403).send('Cannot blacklist a local video') 248 return res.status(403)
249 .json({ error: 'Cannot blacklist a local video' })
250 .end()
229 } 251 }
230 252
231 callback() 253 callback()