diff options
Diffstat (limited to 'server/middlewares/validators')
26 files changed, 193 insertions, 150 deletions
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index 99403ca40..3b897fdef 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts | |||
@@ -19,6 +19,7 @@ import { doesAbuseExist, doesAccountIdExist, doesVideoExist } from '@server/help | |||
19 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' | 19 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
20 | import { AbuseCreate, UserRight } from '@shared/models' | 20 | import { AbuseCreate, UserRight } from '@shared/models' |
21 | import { areValidationErrors } from './utils' | 21 | import { areValidationErrors } from './utils' |
22 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
22 | 23 | ||
23 | const abuseReportValidator = [ | 24 | const abuseReportValidator = [ |
24 | body('account.id') | 25 | body('account.id') |
@@ -70,8 +71,8 @@ const abuseReportValidator = [ | |||
70 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return | 71 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return |
71 | 72 | ||
72 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { | 73 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { |
73 | res.status(400) | 74 | res.status(HttpStatusCode.BAD_REQUEST_400) |
74 | .json({ error: 'video id or account id or comment id is required.' }) | 75 | .json({ error: 'video id or account id or comment id is required.' }) |
75 | 76 | ||
76 | return | 77 | return |
77 | } | 78 | } |
@@ -194,7 +195,8 @@ const getAbuseValidator = [ | |||
194 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` | 195 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` |
195 | logger.warn(message) | 196 | logger.warn(message) |
196 | 197 | ||
197 | return res.status(403).json({ error: message }) | 198 | return res.status(HttpStatusCode.FORBIDDEN_403) |
199 | .json({ error: message }) | ||
198 | } | 200 | } |
199 | 201 | ||
200 | return next() | 202 | return next() |
@@ -207,9 +209,10 @@ const checkAbuseValidForMessagesValidator = [ | |||
207 | 209 | ||
208 | const abuse = res.locals.abuse | 210 | const abuse = res.locals.abuse |
209 | if (abuse.ReporterAccount.isOwned() === false) { | 211 | if (abuse.ReporterAccount.isOwned() === false) { |
210 | return res.status(400).json({ | 212 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
211 | error: 'This abuse was created by a user of your instance.' | 213 | .json({ |
212 | }) | 214 | error: 'This abuse was created by a user of your instance.' |
215 | }) | ||
213 | } | 216 | } |
214 | 217 | ||
215 | return next() | 218 | return next() |
@@ -243,11 +246,13 @@ const deleteAbuseMessageValidator = [ | |||
243 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) | 246 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) |
244 | 247 | ||
245 | if (!abuseMessage) { | 248 | if (!abuseMessage) { |
246 | return res.status(404).json({ error: 'Abuse message not found' }) | 249 | return res.status(HttpStatusCode.NOT_FOUND_404) |
250 | .json({ error: 'Abuse message not found' }) | ||
247 | } | 251 | } |
248 | 252 | ||
249 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { | 253 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { |
250 | return res.status(403).json({ error: 'Cannot delete this abuse message' }) | 254 | return res.status(HttpStatusCode.FORBIDDEN_403) |
255 | .json({ error: 'Cannot delete this abuse message' }) | ||
251 | } | 256 | } |
252 | 257 | ||
253 | res.locals.abuseMessage = abuseMessage | 258 | res.locals.abuseMessage = abuseMessage |
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts index 7350be5d5..255d8eb17 100644 --- a/server/middlewares/validators/activitypub/activity.ts +++ b/server/middlewares/validators/activitypub/activity.ts | |||
@@ -2,20 +2,23 @@ import * as express from 'express' | |||
2 | import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' | 2 | import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' |
3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
4 | import { getServerActor } from '@server/models/application/application' | 4 | import { getServerActor } from '@server/models/application/application' |
5 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
5 | 6 | ||
6 | async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 7 | async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
7 | logger.debug('Checking activity pub parameters') | 8 | logger.debug('Checking activity pub parameters') |
8 | 9 | ||
9 | if (!isRootActivityValid(req.body)) { | 10 | if (!isRootActivityValid(req.body)) { |
10 | logger.warn('Incorrect activity parameters.', { activity: req.body }) | 11 | logger.warn('Incorrect activity parameters.', { activity: req.body }) |
11 | return res.status(400).json({ error: 'Incorrect activity.' }) | 12 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
13 | .json({ error: 'Incorrect activity.' }) | ||
12 | } | 14 | } |
13 | 15 | ||
14 | const serverActor = await getServerActor() | 16 | const serverActor = await getServerActor() |
15 | const remoteActor = res.locals.signature.actor | 17 | const remoteActor = res.locals.signature.actor |
16 | if (serverActor.id === remoteActor.id) { | 18 | if (serverActor.id === remoteActor.id) { |
17 | logger.error('Receiving request in INBOX by ourselves!', req.body) | 19 | logger.error('Receiving request in INBOX by ourselves!', req.body) |
18 | return res.status(409).end() | 20 | return res.status(HttpStatusCode.CONFLICT_409) |
21 | .end() | ||
19 | } | 22 | } |
20 | 23 | ||
21 | return next() | 24 | return next() |
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index c24fa9609..f61811a1a 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts | |||
@@ -9,6 +9,7 @@ import { ServerModel } from '../../models/server/server' | |||
9 | import { WEBSERVER } from '../../initializers/constants' | 9 | import { WEBSERVER } from '../../initializers/constants' |
10 | import { doesAccountNameWithHostExist } from '../../helpers/middlewares' | 10 | import { doesAccountNameWithHostExist } from '../../helpers/middlewares' |
11 | import { getServerActor } from '@server/models/application/application' | 11 | import { getServerActor } from '@server/models/application/application' |
12 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
12 | 13 | ||
13 | const blockAccountValidator = [ | 14 | const blockAccountValidator = [ |
14 | body('accountName').exists().withMessage('Should have an account name with host'), | 15 | body('accountName').exists().withMessage('Should have an account name with host'), |
@@ -23,7 +24,7 @@ const blockAccountValidator = [ | |||
23 | const accountToBlock = res.locals.account | 24 | const accountToBlock = res.locals.account |
24 | 25 | ||
25 | if (user.Account.id === accountToBlock.id) { | 26 | if (user.Account.id === accountToBlock.id) { |
26 | res.status(409) | 27 | res.status(HttpStatusCode.CONFLICT_409) |
27 | .json({ error: 'You cannot block yourself.' }) | 28 | .json({ error: 'You cannot block yourself.' }) |
28 | 29 | ||
29 | return | 30 | return |
@@ -78,7 +79,7 @@ const blockServerValidator = [ | |||
78 | const host: string = req.body.host | 79 | const host: string = req.body.host |
79 | 80 | ||
80 | if (host === WEBSERVER.HOST) { | 81 | if (host === WEBSERVER.HOST) { |
81 | return res.status(409) | 82 | return res.status(HttpStatusCode.CONFLICT_409) |
82 | .json({ error: 'You cannot block your own server.' }) | 83 | .json({ error: 'You cannot block your own server.' }) |
83 | } | 84 | } |
84 | 85 | ||
@@ -136,7 +137,7 @@ export { | |||
136 | async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) { | 137 | async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) { |
137 | const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) | 138 | const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) |
138 | if (!accountBlock) { | 139 | if (!accountBlock) { |
139 | res.status(404) | 140 | res.status(HttpStatusCode.NOT_FOUND_404) |
140 | .json({ error: 'Account block entry not found.' }) | 141 | .json({ error: 'Account block entry not found.' }) |
141 | 142 | ||
142 | return false | 143 | return false |
@@ -150,7 +151,7 @@ async function doesUnblockAccountExist (accountId: number, targetAccountId: numb | |||
150 | async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) { | 151 | async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) { |
151 | const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) | 152 | const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) |
152 | if (!serverBlock) { | 153 | if (!serverBlock) { |
153 | res.status(404) | 154 | res.status(HttpStatusCode.NOT_FOUND_404) |
154 | .json({ error: 'Server block entry not found.' }) | 155 | .json({ error: 'Server block entry not found.' }) |
155 | 156 | ||
156 | return false | 157 | return false |
diff --git a/server/middlewares/validators/bulk.ts b/server/middlewares/validators/bulk.ts index f9b0f565a..cfb16d352 100644 --- a/server/middlewares/validators/bulk.ts +++ b/server/middlewares/validators/bulk.ts | |||
@@ -6,6 +6,7 @@ import { UserRight } from '@shared/models' | |||
6 | import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' | 6 | import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' |
7 | import { logger } from '../../helpers/logger' | 7 | import { logger } from '../../helpers/logger' |
8 | import { areValidationErrors } from './utils' | 8 | import { areValidationErrors } from './utils' |
9 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' | ||
9 | 10 | ||
10 | const bulkRemoveCommentsOfValidator = [ | 11 | const bulkRemoveCommentsOfValidator = [ |
11 | body('accountName').exists().withMessage('Should have an account name with host'), | 12 | body('accountName').exists().withMessage('Should have an account name with host'), |
@@ -22,7 +23,7 @@ const bulkRemoveCommentsOfValidator = [ | |||
22 | const body = req.body as BulkRemoveCommentsOfBody | 23 | const body = req.body as BulkRemoveCommentsOfBody |
23 | 24 | ||
24 | if (body.scope === 'instance' && user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) !== true) { | 25 | if (body.scope === 'instance' && user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) !== true) { |
25 | return res.status(403) | 26 | return res.status(HttpStatusCode.FORBIDDEN_403) |
26 | .json({ | 27 | .json({ |
27 | error: 'User cannot remove any comments of this instance.' | 28 | error: 'User cannot remove any comments of this instance.' |
28 | }) | 29 | }) |
diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts index d0071ccc1..93de453a7 100644 --- a/server/middlewares/validators/config.ts +++ b/server/middlewares/validators/config.ts | |||
@@ -8,6 +8,7 @@ import { isUserNSFWPolicyValid, isUserVideoQuotaDailyValid, isUserVideoQuotaVali | |||
8 | import { logger } from '../../helpers/logger' | 8 | import { logger } from '../../helpers/logger' |
9 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' | 9 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' |
10 | import { areValidationErrors } from './utils' | 10 | import { areValidationErrors } from './utils' |
11 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
11 | 12 | ||
12 | const customConfigUpdateValidator = [ | 13 | const customConfigUpdateValidator = [ |
13 | body('instance.name').exists().withMessage('Should have a valid instance name'), | 14 | body('instance.name').exists().withMessage('Should have a valid instance name'), |
@@ -105,9 +106,9 @@ function checkInvalidConfigIfEmailDisabled (customConfig: CustomConfig, res: exp | |||
105 | if (isEmailEnabled()) return true | 106 | if (isEmailEnabled()) return true |
106 | 107 | ||
107 | if (customConfig.signup.requiresEmailVerification === true) { | 108 | if (customConfig.signup.requiresEmailVerification === true) { |
108 | res.status(400) | 109 | res.status(HttpStatusCode.BAD_REQUEST_400) |
109 | .send({ error: 'Emailer is disabled but you require signup email verification.' }) | 110 | .send({ error: 'Emailer is disabled but you require signup email verification.' }) |
110 | .end() | 111 | .end() |
111 | return false | 112 | return false |
112 | } | 113 | } |
113 | 114 | ||
@@ -118,7 +119,7 @@ function checkInvalidTranscodingConfig (customConfig: CustomConfig, res: express | |||
118 | if (customConfig.transcoding.enabled === false) return true | 119 | if (customConfig.transcoding.enabled === false) return true |
119 | 120 | ||
120 | if (customConfig.transcoding.webtorrent.enabled === false && customConfig.transcoding.hls.enabled === false) { | 121 | if (customConfig.transcoding.webtorrent.enabled === false && customConfig.transcoding.hls.enabled === false) { |
121 | res.status(400) | 122 | res.status(HttpStatusCode.BAD_REQUEST_400) |
122 | .send({ error: 'You need to enable at least webtorrent transcoding or hls transcoding' }) | 123 | .send({ error: 'You need to enable at least webtorrent transcoding or hls transcoding' }) |
123 | .end() | 124 | .end() |
124 | return false | 125 | return false |
@@ -131,7 +132,7 @@ function checkInvalidLiveConfig (customConfig: CustomConfig, res: express.Respon | |||
131 | if (customConfig.live.enabled === false) return true | 132 | if (customConfig.live.enabled === false) return true |
132 | 133 | ||
133 | if (customConfig.live.allowReplay === true && customConfig.transcoding.enabled === false) { | 134 | if (customConfig.live.allowReplay === true && customConfig.transcoding.enabled === false) { |
134 | res.status(400) | 135 | res.status(HttpStatusCode.BAD_REQUEST_400) |
135 | .send({ error: 'You cannot allow live replay if transcoding is not enabled' }) | 136 | .send({ error: 'You cannot allow live replay if transcoding is not enabled' }) |
136 | .end() | 137 | .end() |
137 | return false | 138 | return false |
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index 18469bad3..617661813 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts | |||
@@ -12,6 +12,7 @@ import { | |||
12 | } from '../../helpers/middlewares' | 12 | } from '../../helpers/middlewares' |
13 | import { doesVideoExist } from '../../helpers/middlewares/videos' | 13 | import { doesVideoExist } from '../../helpers/middlewares/videos' |
14 | import { areValidationErrors } from './utils' | 14 | import { areValidationErrors } from './utils' |
15 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
15 | 16 | ||
16 | const feedsFormatValidator = [ | 17 | const feedsFormatValidator = [ |
17 | param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), | 18 | param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'), |
@@ -35,7 +36,7 @@ function setFeedFormatContentType (req: express.Request, res: express.Response, | |||
35 | if (req.accepts(acceptableContentTypes)) { | 36 | if (req.accepts(acceptableContentTypes)) { |
36 | res.set('Content-Type', req.accepts(acceptableContentTypes) as string) | 37 | res.set('Content-Type', req.accepts(acceptableContentTypes) as string) |
37 | } else { | 38 | } else { |
38 | return res.status(406) | 39 | return res.status(HttpStatusCode.NOT_ACCEPTABLE_406) |
39 | .json({ | 40 | .json({ |
40 | message: `You should accept at least one of the following content-types: ${acceptableContentTypes.join(', ')}` | 41 | message: `You should accept at least one of the following content-types: ${acceptableContentTypes.join(', ')}` |
41 | }) | 42 | }) |
@@ -105,7 +106,7 @@ const videoCommentsFeedsValidator = [ | |||
105 | if (areValidationErrors(req, res)) return | 106 | if (areValidationErrors(req, res)) return |
106 | 107 | ||
107 | if (req.query.videoId && (req.query.videoChannelId || req.query.videoChannelName)) { | 108 | if (req.query.videoId && (req.query.videoChannelId || req.query.videoChannelName)) { |
108 | return res.status(400) | 109 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
109 | .json({ | 110 | .json({ |
110 | message: 'videoId cannot be mixed with a channel filter' | 111 | message: 'videoId cannot be mixed with a channel filter' |
111 | }) | 112 | }) |
diff --git a/server/middlewares/validators/follows.ts b/server/middlewares/validators/follows.ts index 2c1ddf2df..a590aca99 100644 --- a/server/middlewares/validators/follows.ts +++ b/server/middlewares/validators/follows.ts | |||
@@ -12,6 +12,7 @@ import { isActorTypeValid, isValidActorHandle } from '../../helpers/custom-valid | |||
12 | import { MActorFollowActorsDefault } from '@server/types/models' | 12 | import { MActorFollowActorsDefault } from '@server/types/models' |
13 | import { isFollowStateValid } from '@server/helpers/custom-validators/follows' | 13 | import { isFollowStateValid } from '@server/helpers/custom-validators/follows' |
14 | import { getServerActor } from '@server/models/application/application' | 14 | import { getServerActor } from '@server/models/application/application' |
15 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
15 | 16 | ||
16 | const listFollowsValidator = [ | 17 | const listFollowsValidator = [ |
17 | query('state') | 18 | query('state') |
@@ -34,7 +35,8 @@ const followValidator = [ | |||
34 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 35 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
35 | // Force https if the administrator wants to make friends | 36 | // Force https if the administrator wants to make friends |
36 | if (isTestInstance() === false && WEBSERVER.SCHEME === 'http') { | 37 | if (isTestInstance() === false && WEBSERVER.SCHEME === 'http') { |
37 | return res.status(500) | 38 | return res |
39 | .status(HttpStatusCode.INTERNAL_SERVER_ERROR_500) | ||
38 | .json({ | 40 | .json({ |
39 | error: 'Cannot follow on a non HTTPS web server.' | 41 | error: 'Cannot follow on a non HTTPS web server.' |
40 | }) | 42 | }) |
@@ -62,7 +64,7 @@ const removeFollowingValidator = [ | |||
62 | 64 | ||
63 | if (!follow) { | 65 | if (!follow) { |
64 | return res | 66 | return res |
65 | .status(404) | 67 | .status(HttpStatusCode.NOT_FOUND_404) |
66 | .json({ | 68 | .json({ |
67 | error: `Following ${req.params.host} not found.` | 69 | error: `Following ${req.params.host} not found.` |
68 | }) | 70 | }) |
@@ -95,7 +97,7 @@ const getFollowerValidator = [ | |||
95 | 97 | ||
96 | if (!follow) { | 98 | if (!follow) { |
97 | return res | 99 | return res |
98 | .status(404) | 100 | .status(HttpStatusCode.NOT_FOUND_404) |
99 | .json({ | 101 | .json({ |
100 | error: `Follower ${req.params.nameWithHost} not found.` | 102 | error: `Follower ${req.params.nameWithHost} not found.` |
101 | }) | 103 | }) |
@@ -113,7 +115,12 @@ const acceptOrRejectFollowerValidator = [ | |||
113 | 115 | ||
114 | const follow = res.locals.follow | 116 | const follow = res.locals.follow |
115 | if (follow.state !== 'pending') { | 117 | if (follow.state !== 'pending') { |
116 | return res.status(400).json({ error: 'Follow is not in pending state.' }).end() | 118 | return res |
119 | .status(HttpStatusCode.BAD_REQUEST_400) | ||
120 | .json({ | ||
121 | error: 'Follow is not in pending state.' | ||
122 | }) | ||
123 | .end() | ||
117 | } | 124 | } |
118 | 125 | ||
119 | return next() | 126 | return next() |
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index c9f9ea0c0..86623efcd 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
@@ -9,6 +9,7 @@ import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' | |||
9 | import { logger } from '../../helpers/logger' | 9 | import { logger } from '../../helpers/logger' |
10 | import { WEBSERVER } from '../../initializers/constants' | 10 | import { WEBSERVER } from '../../initializers/constants' |
11 | import { areValidationErrors } from './utils' | 11 | import { areValidationErrors } from './utils' |
12 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
12 | 13 | ||
13 | const startVideoPlaylistsURL = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch', 'playlist') + '/' | 14 | const startVideoPlaylistsURL = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch', 'playlist') + '/' |
14 | const startVideosURL = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch') + '/' | 15 | const startVideosURL = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch') + '/' |
@@ -36,7 +37,7 @@ const oembedValidator = [ | |||
36 | if (areValidationErrors(req, res)) return | 37 | if (areValidationErrors(req, res)) return |
37 | 38 | ||
38 | if (req.query.format !== undefined && req.query.format !== 'json') { | 39 | if (req.query.format !== undefined && req.query.format !== 'json') { |
39 | return res.status(501) | 40 | return res.status(HttpStatusCode.NOT_IMPLEMENTED_501) |
40 | .json({ error: 'Requested format is not implemented on server.' }) | 41 | .json({ error: 'Requested format is not implemented on server.' }) |
41 | } | 42 | } |
42 | 43 | ||
@@ -50,13 +51,13 @@ const oembedValidator = [ | |||
50 | const matches = watchRegex.exec(url) | 51 | const matches = watchRegex.exec(url) |
51 | 52 | ||
52 | if (startIsOk === false || matches === null) { | 53 | if (startIsOk === false || matches === null) { |
53 | return res.status(400) | 54 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
54 | .json({ error: 'Invalid url.' }) | 55 | .json({ error: 'Invalid url.' }) |
55 | } | 56 | } |
56 | 57 | ||
57 | const elementId = matches[1] | 58 | const elementId = matches[1] |
58 | if (isIdOrUUIDValid(elementId) === false) { | 59 | if (isIdOrUUIDValid(elementId) === false) { |
59 | return res.status(400) | 60 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
60 | .json({ error: 'Invalid video or playlist id.' }) | 61 | .json({ error: 'Invalid video or playlist id.' }) |
61 | } | 62 | } |
62 | 63 | ||
@@ -64,12 +65,12 @@ const oembedValidator = [ | |||
64 | const video = await fetchVideo(elementId, 'all') | 65 | const video = await fetchVideo(elementId, 'all') |
65 | 66 | ||
66 | if (!video) { | 67 | if (!video) { |
67 | return res.status(404) | 68 | return res.status(HttpStatusCode.NOT_FOUND_404) |
68 | .json({ error: 'Video not found' }) | 69 | .json({ error: 'Video not found' }) |
69 | } | 70 | } |
70 | 71 | ||
71 | if (video.privacy !== VideoPrivacy.PUBLIC) { | 72 | if (video.privacy !== VideoPrivacy.PUBLIC) { |
72 | return res.status(403) | 73 | return res.status(HttpStatusCode.FORBIDDEN_403) |
73 | .json({ error: 'Video is not public' }) | 74 | .json({ error: 'Video is not public' }) |
74 | } | 75 | } |
75 | 76 | ||
@@ -81,12 +82,12 @@ const oembedValidator = [ | |||
81 | 82 | ||
82 | const videoPlaylist = await VideoPlaylistModel.loadWithAccountAndChannelSummary(elementId, undefined) | 83 | const videoPlaylist = await VideoPlaylistModel.loadWithAccountAndChannelSummary(elementId, undefined) |
83 | if (!videoPlaylist) { | 84 | if (!videoPlaylist) { |
84 | return res.status(404) | 85 | return res.status(HttpStatusCode.NOT_FOUND_404) |
85 | .json({ error: 'Video playlist not found' }) | 86 | .json({ error: 'Video playlist not found' }) |
86 | } | 87 | } |
87 | 88 | ||
88 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PUBLIC) { | 89 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PUBLIC) { |
89 | return res.status(403) | 90 | return res.status(HttpStatusCode.FORBIDDEN_403) |
90 | .json({ error: 'Playlist is not public' }) | 91 | .json({ error: 'Playlist is not public' }) |
91 | } | 92 | } |
92 | 93 | ||
diff --git a/server/middlewares/validators/plugins.ts b/server/middlewares/validators/plugins.ts index cba261dc0..bbac55a50 100644 --- a/server/middlewares/validators/plugins.ts +++ b/server/middlewares/validators/plugins.ts | |||
@@ -9,6 +9,7 @@ import { PluginModel } from '../../models/server/plugin' | |||
9 | import { InstallOrUpdatePlugin } from '../../../shared/models/plugins/install-plugin.model' | 9 | import { InstallOrUpdatePlugin } from '../../../shared/models/plugins/install-plugin.model' |
10 | import { PluginType } from '../../../shared/models/plugins/plugin.type' | 10 | import { PluginType } from '../../../shared/models/plugins/plugin.type' |
11 | import { CONFIG } from '../../initializers/config' | 11 | import { CONFIG } from '../../initializers/config' |
12 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
12 | 13 | ||
13 | const getPluginValidator = (pluginType: PluginType, withVersion = true) => { | 14 | const getPluginValidator = (pluginType: PluginType, withVersion = true) => { |
14 | const validators: (ValidationChain | express.Handler)[] = [ | 15 | const validators: (ValidationChain | express.Handler)[] = [ |
@@ -30,8 +31,8 @@ const getPluginValidator = (pluginType: PluginType, withVersion = true) => { | |||
30 | const npmName = PluginModel.buildNpmName(req.params.pluginName, pluginType) | 31 | const npmName = PluginModel.buildNpmName(req.params.pluginName, pluginType) |
31 | const plugin = PluginManager.Instance.getRegisteredPluginOrTheme(npmName) | 32 | const plugin = PluginManager.Instance.getRegisteredPluginOrTheme(npmName) |
32 | 33 | ||
33 | if (!plugin) return res.sendStatus(404) | 34 | if (!plugin) return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
34 | if (withVersion && plugin.version !== req.params.pluginVersion) return res.sendStatus(404) | 35 | if (withVersion && plugin.version !== req.params.pluginVersion) return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
35 | 36 | ||
36 | res.locals.registeredPlugin = plugin | 37 | res.locals.registeredPlugin = plugin |
37 | 38 | ||
@@ -49,10 +50,10 @@ const getExternalAuthValidator = [ | |||
49 | if (areValidationErrors(req, res)) return | 50 | if (areValidationErrors(req, res)) return |
50 | 51 | ||
51 | const plugin = res.locals.registeredPlugin | 52 | const plugin = res.locals.registeredPlugin |
52 | if (!plugin.registerHelpersStore) return res.sendStatus(404) | 53 | if (!plugin.registerHelpersStore) return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
53 | 54 | ||
54 | const externalAuth = plugin.registerHelpersStore.getExternalAuths().find(a => a.authName === req.params.authName) | 55 | const externalAuth = plugin.registerHelpersStore.getExternalAuths().find(a => a.authName === req.params.authName) |
55 | if (!externalAuth) return res.sendStatus(404) | 56 | if (!externalAuth) return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
56 | 57 | ||
57 | res.locals.externalAuth = externalAuth | 58 | res.locals.externalAuth = externalAuth |
58 | 59 | ||
@@ -106,7 +107,7 @@ const installOrUpdatePluginValidator = [ | |||
106 | 107 | ||
107 | const body: InstallOrUpdatePlugin = req.body | 108 | const body: InstallOrUpdatePlugin = req.body |
108 | if (!body.path && !body.npmName) { | 109 | if (!body.path && !body.npmName) { |
109 | return res.status(400) | 110 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
110 | .json({ error: 'Should have either a npmName or a path' }) | 111 | .json({ error: 'Should have either a npmName or a path' }) |
111 | .end() | 112 | .end() |
112 | } | 113 | } |
@@ -137,9 +138,9 @@ const existingPluginValidator = [ | |||
137 | 138 | ||
138 | const plugin = await PluginModel.loadByNpmName(req.params.npmName) | 139 | const plugin = await PluginModel.loadByNpmName(req.params.npmName) |
139 | if (!plugin) { | 140 | if (!plugin) { |
140 | return res.status(404) | 141 | return res.status(HttpStatusCode.NOT_FOUND_404) |
141 | .json({ error: 'Plugin not found' }) | 142 | .json({ error: 'Plugin not found' }) |
142 | .end() | 143 | .end() |
143 | } | 144 | } |
144 | 145 | ||
145 | res.locals.plugin = plugin | 146 | res.locals.plugin = plugin |
@@ -178,9 +179,9 @@ const listAvailablePluginsValidator = [ | |||
178 | if (areValidationErrors(req, res)) return | 179 | if (areValidationErrors(req, res)) return |
179 | 180 | ||
180 | if (CONFIG.PLUGINS.INDEX.ENABLED === false) { | 181 | if (CONFIG.PLUGINS.INDEX.ENABLED === false) { |
181 | return res.status(400) | 182 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
182 | .json({ error: 'Plugin index is not enabled' }) | 183 | .json({ error: 'Plugin index is not enabled' }) |
183 | .end() | 184 | .end() |
184 | } | 185 | } |
185 | 186 | ||
186 | return next() | 187 | return next() |
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index 8cd3bc33d..6d2dd39c9 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts | |||
@@ -8,6 +8,7 @@ import { isHostValid } from '../../helpers/custom-validators/servers' | |||
8 | import { ServerModel } from '../../models/server/server' | 8 | import { ServerModel } from '../../models/server/server' |
9 | import { doesVideoExist } from '../../helpers/middlewares' | 9 | import { doesVideoExist } from '../../helpers/middlewares' |
10 | import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' | 10 | import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' |
11 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
11 | 12 | ||
12 | const videoFileRedundancyGetValidator = [ | 13 | const videoFileRedundancyGetValidator = [ |
13 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 14 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), |
@@ -34,11 +35,11 @@ const videoFileRedundancyGetValidator = [ | |||
34 | return f.resolution === paramResolution && (!req.params.fps || paramFPS) | 35 | return f.resolution === paramResolution && (!req.params.fps || paramFPS) |
35 | }) | 36 | }) |
36 | 37 | ||
37 | if (!videoFile) return res.status(404).json({ error: 'Video file not found.' }) | 38 | if (!videoFile) return res.status(HttpStatusCode.NOT_FOUND_404).json({ error: 'Video file not found.' }) |
38 | res.locals.videoFile = videoFile | 39 | res.locals.videoFile = videoFile |
39 | 40 | ||
40 | const videoRedundancy = await VideoRedundancyModel.loadLocalByFileId(videoFile.id) | 41 | const videoRedundancy = await VideoRedundancyModel.loadLocalByFileId(videoFile.id) |
41 | if (!videoRedundancy) return res.status(404).json({ error: 'Video redundancy not found.' }) | 42 | if (!videoRedundancy) return res.status(HttpStatusCode.NOT_FOUND_404).json({ error: 'Video redundancy not found.' }) |
42 | res.locals.videoRedundancy = videoRedundancy | 43 | res.locals.videoRedundancy = videoRedundancy |
43 | 44 | ||
44 | return next() | 45 | return next() |
@@ -64,11 +65,11 @@ const videoPlaylistRedundancyGetValidator = [ | |||
64 | const paramPlaylistType = req.params.streamingPlaylistType as unknown as number // We casted to int above | 65 | const paramPlaylistType = req.params.streamingPlaylistType as unknown as number // We casted to int above |
65 | const videoStreamingPlaylist = video.VideoStreamingPlaylists.find(p => p.type === paramPlaylistType) | 66 | const videoStreamingPlaylist = video.VideoStreamingPlaylists.find(p => p.type === paramPlaylistType) |
66 | 67 | ||
67 | if (!videoStreamingPlaylist) return res.status(404).json({ error: 'Video playlist not found.' }) | 68 | if (!videoStreamingPlaylist) return res.status(HttpStatusCode.NOT_FOUND_404).json({ error: 'Video playlist not found.' }) |
68 | res.locals.videoStreamingPlaylist = videoStreamingPlaylist | 69 | res.locals.videoStreamingPlaylist = videoStreamingPlaylist |
69 | 70 | ||
70 | const videoRedundancy = await VideoRedundancyModel.loadLocalByStreamingPlaylistId(videoStreamingPlaylist.id) | 71 | const videoRedundancy = await VideoRedundancyModel.loadLocalByStreamingPlaylistId(videoStreamingPlaylist.id) |
71 | if (!videoRedundancy) return res.status(404).json({ error: 'Video redundancy not found.' }) | 72 | if (!videoRedundancy) return res.status(HttpStatusCode.NOT_FOUND_404).json({ error: 'Video redundancy not found.' }) |
72 | res.locals.videoRedundancy = videoRedundancy | 73 | res.locals.videoRedundancy = videoRedundancy |
73 | 74 | ||
74 | return next() | 75 | return next() |
@@ -90,7 +91,7 @@ const updateServerRedundancyValidator = [ | |||
90 | 91 | ||
91 | if (!server) { | 92 | if (!server) { |
92 | return res | 93 | return res |
93 | .status(404) | 94 | .status(HttpStatusCode.NOT_FOUND_404) |
94 | .json({ | 95 | .json({ |
95 | error: `Server ${req.params.host} not found.` | 96 | error: `Server ${req.params.host} not found.` |
96 | }) | 97 | }) |
@@ -128,15 +129,15 @@ const addVideoRedundancyValidator = [ | |||
128 | if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return | 129 | if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return |
129 | 130 | ||
130 | if (res.locals.onlyVideo.remote === false) { | 131 | if (res.locals.onlyVideo.remote === false) { |
131 | return res.status(400) | 132 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
132 | .json({ error: 'Cannot create a redundancy on a local video' }) | 133 | .json({ error: 'Cannot create a redundancy on a local video' }) |
133 | .end() | 134 | .end() |
134 | } | 135 | } |
135 | 136 | ||
136 | const alreadyExists = await VideoRedundancyModel.isLocalByVideoUUIDExists(res.locals.onlyVideo.uuid) | 137 | const alreadyExists = await VideoRedundancyModel.isLocalByVideoUUIDExists(res.locals.onlyVideo.uuid) |
137 | if (alreadyExists) { | 138 | if (alreadyExists) { |
138 | return res.status(409) | 139 | return res.status(HttpStatusCode.CONFLICT_409) |
139 | .json({ error: 'This video is already duplicated by your instance.' }) | 140 | .json({ error: 'This video is already duplicated by your instance.' }) |
140 | } | 141 | } |
141 | 142 | ||
142 | return next() | 143 | return next() |
@@ -155,7 +156,7 @@ const removeVideoRedundancyValidator = [ | |||
155 | 156 | ||
156 | const redundancy = await VideoRedundancyModel.loadByIdWithVideo(parseInt(req.params.redundancyId, 10)) | 157 | const redundancy = await VideoRedundancyModel.loadByIdWithVideo(parseInt(req.params.redundancyId, 10)) |
157 | if (!redundancy) { | 158 | if (!redundancy) { |
158 | return res.status(404) | 159 | return res.status(HttpStatusCode.NOT_FOUND_404) |
159 | .json({ error: 'Video redundancy not found' }) | 160 | .json({ error: 'Video redundancy not found' }) |
160 | .end() | 161 | .end() |
161 | } | 162 | } |
diff --git a/server/middlewares/validators/server.ts b/server/middlewares/validators/server.ts index 6158c3363..fe6704716 100644 --- a/server/middlewares/validators/server.ts +++ b/server/middlewares/validators/server.ts | |||
@@ -7,6 +7,7 @@ import { body } from 'express-validator' | |||
7 | import { isUserDisplayNameValid } from '../../helpers/custom-validators/users' | 7 | import { isUserDisplayNameValid } from '../../helpers/custom-validators/users' |
8 | import { Redis } from '../../lib/redis' | 8 | import { Redis } from '../../lib/redis' |
9 | import { CONFIG, isEmailEnabled } from '../../initializers/config' | 9 | import { CONFIG, isEmailEnabled } from '../../initializers/config' |
10 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
10 | 11 | ||
11 | const serverGetValidator = [ | 12 | const serverGetValidator = [ |
12 | body('host').custom(isHostValid).withMessage('Should have a valid host'), | 13 | body('host').custom(isHostValid).withMessage('Should have a valid host'), |
@@ -18,9 +19,9 @@ const serverGetValidator = [ | |||
18 | 19 | ||
19 | const server = await ServerModel.loadByHost(req.body.host) | 20 | const server = await ServerModel.loadByHost(req.body.host) |
20 | if (!server) { | 21 | if (!server) { |
21 | return res.status(404) | 22 | return res.status(HttpStatusCode.NOT_FOUND_404) |
22 | .send({ error: 'Server host not found.' }) | 23 | .send({ error: 'Server host not found.' }) |
23 | .end() | 24 | .end() |
24 | } | 25 | } |
25 | 26 | ||
26 | res.locals.server = server | 27 | res.locals.server = server |
@@ -44,14 +45,14 @@ const contactAdministratorValidator = [ | |||
44 | 45 | ||
45 | if (CONFIG.CONTACT_FORM.ENABLED === false) { | 46 | if (CONFIG.CONTACT_FORM.ENABLED === false) { |
46 | return res | 47 | return res |
47 | .status(409) | 48 | .status(HttpStatusCode.CONFLICT_409) |
48 | .send({ error: 'Contact form is not enabled on this instance.' }) | 49 | .send({ error: 'Contact form is not enabled on this instance.' }) |
49 | .end() | 50 | .end() |
50 | } | 51 | } |
51 | 52 | ||
52 | if (isEmailEnabled() === false) { | 53 | if (isEmailEnabled() === false) { |
53 | return res | 54 | return res |
54 | .status(409) | 55 | .status(HttpStatusCode.CONFLICT_409) |
55 | .send({ error: 'Emailer is not enabled on this instance.' }) | 56 | .send({ error: 'Emailer is not enabled on this instance.' }) |
56 | .end() | 57 | .end() |
57 | } | 58 | } |
@@ -60,7 +61,7 @@ const contactAdministratorValidator = [ | |||
60 | logger.info('Refusing a contact form by %s: already sent one recently.', req.ip) | 61 | logger.info('Refusing a contact form by %s: already sent one recently.', req.ip) |
61 | 62 | ||
62 | return res | 63 | return res |
63 | .status(403) | 64 | .status(HttpStatusCode.FORBIDDEN_403) |
64 | .send({ error: 'You already sent a contact form recently.' }) | 65 | .send({ error: 'You already sent a contact form recently.' }) |
65 | .end() | 66 | .end() |
66 | } | 67 | } |
diff --git a/server/middlewares/validators/themes.ts b/server/middlewares/validators/themes.ts index 82794656d..a726a567b 100644 --- a/server/middlewares/validators/themes.ts +++ b/server/middlewares/validators/themes.ts | |||
@@ -5,6 +5,7 @@ import { areValidationErrors } from './utils' | |||
5 | import { isPluginNameValid, isPluginVersionValid } from '../../helpers/custom-validators/plugins' | 5 | import { isPluginNameValid, isPluginVersionValid } from '../../helpers/custom-validators/plugins' |
6 | import { PluginManager } from '../../lib/plugins/plugin-manager' | 6 | import { PluginManager } from '../../lib/plugins/plugin-manager' |
7 | import { isSafePath } from '../../helpers/custom-validators/misc' | 7 | import { isSafePath } from '../../helpers/custom-validators/misc' |
8 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
8 | 9 | ||
9 | const serveThemeCSSValidator = [ | 10 | const serveThemeCSSValidator = [ |
10 | param('themeName').custom(isPluginNameValid).withMessage('Should have a valid theme name'), | 11 | param('themeName').custom(isPluginNameValid).withMessage('Should have a valid theme name'), |
@@ -19,11 +20,11 @@ const serveThemeCSSValidator = [ | |||
19 | const theme = PluginManager.Instance.getRegisteredThemeByShortName(req.params.themeName) | 20 | const theme = PluginManager.Instance.getRegisteredThemeByShortName(req.params.themeName) |
20 | 21 | ||
21 | if (!theme || theme.version !== req.params.themeVersion) { | 22 | if (!theme || theme.version !== req.params.themeVersion) { |
22 | return res.sendStatus(404) | 23 | return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
23 | } | 24 | } |
24 | 25 | ||
25 | if (theme.css.includes(req.params.staticEndpoint) === false) { | 26 | if (theme.css.includes(req.params.staticEndpoint) === false) { |
26 | return res.sendStatus(404) | 27 | return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
27 | } | 28 | } |
28 | 29 | ||
29 | res.locals.registeredPlugin = theme | 30 | res.locals.registeredPlugin = theme |
diff --git a/server/middlewares/validators/user-subscriptions.ts b/server/middlewares/validators/user-subscriptions.ts index a54ecb704..0d0c8ccbf 100644 --- a/server/middlewares/validators/user-subscriptions.ts +++ b/server/middlewares/validators/user-subscriptions.ts | |||
@@ -6,6 +6,7 @@ import { ActorFollowModel } from '../../models/activitypub/actor-follow' | |||
6 | import { areValidActorHandles, isValidActorHandle } from '../../helpers/custom-validators/activitypub/actor' | 6 | import { areValidActorHandles, isValidActorHandle } from '../../helpers/custom-validators/activitypub/actor' |
7 | import { toArray } from '../../helpers/custom-validators/misc' | 7 | import { toArray } from '../../helpers/custom-validators/misc' |
8 | import { WEBSERVER } from '../../initializers/constants' | 8 | import { WEBSERVER } from '../../initializers/constants' |
9 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
9 | 10 | ||
10 | const userSubscriptionListValidator = [ | 11 | const userSubscriptionListValidator = [ |
11 | query('search').optional().not().isEmpty().withMessage('Should have a valid search'), | 12 | query('search').optional().not().isEmpty().withMessage('Should have a valid search'), |
@@ -61,7 +62,7 @@ const userSubscriptionGetValidator = [ | |||
61 | 62 | ||
62 | if (!subscription || !subscription.ActorFollowing.VideoChannel) { | 63 | if (!subscription || !subscription.ActorFollowing.VideoChannel) { |
63 | return res | 64 | return res |
64 | .status(404) | 65 | .status(HttpStatusCode.NOT_FOUND_404) |
65 | .json({ | 66 | .json({ |
66 | error: `Subscription ${req.params.uri} not found.` | 67 | error: `Subscription ${req.params.uri} not found.` |
67 | }) | 68 | }) |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index c91c378b3..c93895f2f 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -37,6 +37,7 @@ import { doesVideoExist } from '../../helpers/middlewares' | |||
37 | import { UserRole } from '../../../shared/models/users' | 37 | import { UserRole } from '../../../shared/models/users' |
38 | import { MUserDefault } from '@server/types/models' | 38 | import { MUserDefault } from '@server/types/models' |
39 | import { Hooks } from '@server/lib/plugins/hooks' | 39 | import { Hooks } from '@server/lib/plugins/hooks' |
40 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
40 | 41 | ||
41 | const usersListValidator = [ | 42 | const usersListValidator = [ |
42 | query('blocked') | 43 | query('blocked') |
@@ -73,19 +74,22 @@ const usersAddValidator = [ | |||
73 | 74 | ||
74 | const authUser = res.locals.oauth.token.User | 75 | const authUser = res.locals.oauth.token.User |
75 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { | 76 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { |
76 | return res.status(403) | 77 | return res |
78 | .status(HttpStatusCode.FORBIDDEN_403) | ||
77 | .json({ error: 'You can only create users (and not administrators or moderators)' }) | 79 | .json({ error: 'You can only create users (and not administrators or moderators)' }) |
78 | } | 80 | } |
79 | 81 | ||
80 | if (req.body.channelName) { | 82 | if (req.body.channelName) { |
81 | if (req.body.channelName === req.body.username) { | 83 | if (req.body.channelName === req.body.username) { |
82 | return res.status(400) | 84 | return res |
85 | .status(HttpStatusCode.BAD_REQUEST_400) | ||
83 | .json({ error: 'Channel name cannot be the same as user username.' }) | 86 | .json({ error: 'Channel name cannot be the same as user username.' }) |
84 | } | 87 | } |
85 | 88 | ||
86 | const existing = await ActorModel.loadLocalByName(req.body.channelName) | 89 | const existing = await ActorModel.loadLocalByName(req.body.channelName) |
87 | if (existing) { | 90 | if (existing) { |
88 | return res.status(409) | 91 | return res |
92 | .status(HttpStatusCode.CONFLICT_409) | ||
89 | .json({ error: `Channel with name ${req.body.channelName} already exists.` }) | 93 | .json({ error: `Channel with name ${req.body.channelName} already exists.` }) |
90 | } | 94 | } |
91 | } | 95 | } |
@@ -118,18 +122,19 @@ const usersRegisterValidator = [ | |||
118 | const body: UserRegister = req.body | 122 | const body: UserRegister = req.body |
119 | if (body.channel) { | 123 | if (body.channel) { |
120 | if (!body.channel.name || !body.channel.displayName) { | 124 | if (!body.channel.name || !body.channel.displayName) { |
121 | return res.status(400) | 125 | return res |
126 | .status(HttpStatusCode.BAD_REQUEST_400) | ||
122 | .json({ error: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) | 127 | .json({ error: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) |
123 | } | 128 | } |
124 | 129 | ||
125 | if (body.channel.name === body.username) { | 130 | if (body.channel.name === body.username) { |
126 | return res.status(400) | 131 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
127 | .json({ error: 'Channel name cannot be the same as user username.' }) | 132 | .json({ error: 'Channel name cannot be the same as user username.' }) |
128 | } | 133 | } |
129 | 134 | ||
130 | const existing = await ActorModel.loadLocalByName(body.channel.name) | 135 | const existing = await ActorModel.loadLocalByName(body.channel.name) |
131 | if (existing) { | 136 | if (existing) { |
132 | return res.status(409) | 137 | return res.status(HttpStatusCode.CONFLICT_409) |
133 | .json({ error: `Channel with name ${body.channel.name} already exists.` }) | 138 | .json({ error: `Channel with name ${body.channel.name} already exists.` }) |
134 | } | 139 | } |
135 | } | 140 | } |
@@ -149,7 +154,7 @@ const usersRemoveValidator = [ | |||
149 | 154 | ||
150 | const user = res.locals.user | 155 | const user = res.locals.user |
151 | if (user.username === 'root') { | 156 | if (user.username === 'root') { |
152 | return res.status(400) | 157 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
153 | .json({ error: 'Cannot remove the root user' }) | 158 | .json({ error: 'Cannot remove the root user' }) |
154 | } | 159 | } |
155 | 160 | ||
@@ -169,7 +174,7 @@ const usersBlockingValidator = [ | |||
169 | 174 | ||
170 | const user = res.locals.user | 175 | const user = res.locals.user |
171 | if (user.username === 'root') { | 176 | if (user.username === 'root') { |
172 | return res.status(400) | 177 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
173 | .json({ error: 'Cannot block the root user' }) | 178 | .json({ error: 'Cannot block the root user' }) |
174 | } | 179 | } |
175 | 180 | ||
@@ -181,7 +186,7 @@ const deleteMeValidator = [ | |||
181 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 186 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
182 | const user = res.locals.oauth.token.User | 187 | const user = res.locals.oauth.token.User |
183 | if (user.username === 'root') { | 188 | if (user.username === 'root') { |
184 | return res.status(400) | 189 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
185 | .json({ error: 'You cannot delete your root account.' }) | 190 | .json({ error: 'You cannot delete your root account.' }) |
186 | .end() | 191 | .end() |
187 | } | 192 | } |
@@ -211,8 +216,8 @@ const usersUpdateValidator = [ | |||
211 | 216 | ||
212 | const user = res.locals.user | 217 | const user = res.locals.user |
213 | if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) { | 218 | if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) { |
214 | return res.status(400) | 219 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
215 | .json({ error: 'Cannot change root role.' }) | 220 | .json({ error: 'Cannot change root role.' }) |
216 | } | 221 | } |
217 | 222 | ||
218 | return next() | 223 | return next() |
@@ -267,17 +272,17 @@ const usersUpdateMeValidator = [ | |||
267 | 272 | ||
268 | if (req.body.password || req.body.email) { | 273 | if (req.body.password || req.body.email) { |
269 | if (user.pluginAuth !== null) { | 274 | if (user.pluginAuth !== null) { |
270 | return res.status(400) | 275 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
271 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) | 276 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) |
272 | } | 277 | } |
273 | 278 | ||
274 | if (!req.body.currentPassword) { | 279 | if (!req.body.currentPassword) { |
275 | return res.status(400) | 280 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
276 | .json({ error: 'currentPassword parameter is missing.' }) | 281 | .json({ error: 'currentPassword parameter is missing.' }) |
277 | } | 282 | } |
278 | 283 | ||
279 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 284 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { |
280 | return res.status(401) | 285 | return res.status(HttpStatusCode.UNAUTHORIZED_401) |
281 | .json({ error: 'currentPassword is invalid.' }) | 286 | .json({ error: 'currentPassword is invalid.' }) |
282 | } | 287 | } |
283 | } | 288 | } |
@@ -329,7 +334,7 @@ const ensureUserRegistrationAllowed = [ | |||
329 | ) | 334 | ) |
330 | 335 | ||
331 | if (allowedResult.allowed === false) { | 336 | if (allowedResult.allowed === false) { |
332 | return res.status(403) | 337 | return res.status(HttpStatusCode.FORBIDDEN_403) |
333 | .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' }) | 338 | .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' }) |
334 | } | 339 | } |
335 | 340 | ||
@@ -342,7 +347,7 @@ const ensureUserRegistrationAllowedForIP = [ | |||
342 | const allowed = isSignupAllowedForCurrentIP(req.ip) | 347 | const allowed = isSignupAllowedForCurrentIP(req.ip) |
343 | 348 | ||
344 | if (allowed === false) { | 349 | if (allowed === false) { |
345 | return res.status(403) | 350 | return res.status(HttpStatusCode.FORBIDDEN_403) |
346 | .json({ error: 'You are not on a network authorized for registration.' }) | 351 | .json({ error: 'You are not on a network authorized for registration.' }) |
347 | } | 352 | } |
348 | 353 | ||
@@ -362,7 +367,7 @@ const usersAskResetPasswordValidator = [ | |||
362 | if (!exists) { | 367 | if (!exists) { |
363 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) | 368 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) |
364 | // Do not leak our emails | 369 | // Do not leak our emails |
365 | return res.status(204).end() | 370 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
366 | } | 371 | } |
367 | 372 | ||
368 | return next() | 373 | return next() |
@@ -385,7 +390,7 @@ const usersResetPasswordValidator = [ | |||
385 | 390 | ||
386 | if (redisVerificationString !== req.body.verificationString) { | 391 | if (redisVerificationString !== req.body.verificationString) { |
387 | return res | 392 | return res |
388 | .status(403) | 393 | .status(HttpStatusCode.FORBIDDEN_403) |
389 | .json({ error: 'Invalid verification string.' }) | 394 | .json({ error: 'Invalid verification string.' }) |
390 | } | 395 | } |
391 | 396 | ||
@@ -404,7 +409,7 @@ const usersAskSendVerifyEmailValidator = [ | |||
404 | if (!exists) { | 409 | if (!exists) { |
405 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) | 410 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) |
406 | // Do not leak our emails | 411 | // Do not leak our emails |
407 | return res.status(204).end() | 412 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
408 | } | 413 | } |
409 | 414 | ||
410 | return next() | 415 | return next() |
@@ -432,7 +437,7 @@ const usersVerifyEmailValidator = [ | |||
432 | 437 | ||
433 | if (redisVerificationString !== req.body.verificationString) { | 438 | if (redisVerificationString !== req.body.verificationString) { |
434 | return res | 439 | return res |
435 | .status(403) | 440 | .status(HttpStatusCode.FORBIDDEN_403) |
436 | .json({ error: 'Invalid verification string.' }) | 441 | .json({ error: 'Invalid verification string.' }) |
437 | } | 442 | } |
438 | 443 | ||
@@ -449,7 +454,7 @@ const ensureAuthUserOwnsAccountValidator = [ | |||
449 | const user = res.locals.oauth.token.User | 454 | const user = res.locals.oauth.token.User |
450 | 455 | ||
451 | if (res.locals.account.id !== user.Account.id) { | 456 | if (res.locals.account.id !== user.Account.id) { |
452 | return res.status(403) | 457 | return res.status(HttpStatusCode.FORBIDDEN_403) |
453 | .json({ error: 'Only owner can access ratings list.' }) | 458 | .json({ error: 'Only owner can access ratings list.' }) |
454 | } | 459 | } |
455 | 460 | ||
@@ -465,7 +470,7 @@ const ensureCanManageUser = [ | |||
465 | if (authUser.role === UserRole.ADMINISTRATOR) return next() | 470 | if (authUser.role === UserRole.ADMINISTRATOR) return next() |
466 | if (authUser.role === UserRole.MODERATOR && onUser.role === UserRole.USER) return next() | 471 | if (authUser.role === UserRole.MODERATOR && onUser.role === UserRole.USER) return next() |
467 | 472 | ||
468 | return res.status(403) | 473 | return res.status(HttpStatusCode.FORBIDDEN_403) |
469 | .json({ error: 'A moderator can only manager users.' }) | 474 | .json({ error: 'A moderator can only manager users.' }) |
470 | } | 475 | } |
471 | ] | 476 | ] |
@@ -509,14 +514,14 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: | |||
509 | const user = await UserModel.loadByUsernameOrEmail(username, email) | 514 | const user = await UserModel.loadByUsernameOrEmail(username, email) |
510 | 515 | ||
511 | if (user) { | 516 | if (user) { |
512 | res.status(409) | 517 | res.status(HttpStatusCode.CONFLICT_409) |
513 | .json({ error: 'User with this username or email already exists.' }) | 518 | .json({ error: 'User with this username or email already exists.' }) |
514 | return false | 519 | return false |
515 | } | 520 | } |
516 | 521 | ||
517 | const actor = await ActorModel.loadLocalByName(username) | 522 | const actor = await ActorModel.loadLocalByName(username) |
518 | if (actor) { | 523 | if (actor) { |
519 | res.status(409) | 524 | res.status(HttpStatusCode.CONFLICT_409) |
520 | .json({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) | 525 | .json({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) |
521 | return false | 526 | return false |
522 | } | 527 | } |
@@ -529,7 +534,7 @@ async function checkUserExist (finder: () => Bluebird<MUserDefault>, res: expres | |||
529 | 534 | ||
530 | if (!user) { | 535 | if (!user) { |
531 | if (abortResponse === true) { | 536 | if (abortResponse === true) { |
532 | res.status(404) | 537 | res.status(HttpStatusCode.NOT_FOUND_404) |
533 | .json({ error: 'User not found' }) | 538 | .json({ error: 'User not found' }) |
534 | } | 539 | } |
535 | 540 | ||
diff --git a/server/middlewares/validators/utils.ts b/server/middlewares/validators/utils.ts index 43e5652fa..2899bed6f 100644 --- a/server/middlewares/validators/utils.ts +++ b/server/middlewares/validators/utils.ts | |||
@@ -1,13 +1,15 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { query, validationResult } from 'express-validator' | 2 | import { query, validationResult } from 'express-validator' |
3 | import { logger } from '../../helpers/logger' | 3 | import { logger } from '../../helpers/logger' |
4 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
4 | 5 | ||
5 | function areValidationErrors (req: express.Request, res: express.Response) { | 6 | function areValidationErrors (req: express.Request, res: express.Response) { |
6 | const errors = validationResult(req) | 7 | const errors = validationResult(req) |
7 | 8 | ||
8 | if (!errors.isEmpty()) { | 9 | if (!errors.isEmpty()) { |
9 | logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors.mapped() }) | 10 | logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors.mapped() }) |
10 | res.status(400).json({ errors: errors.mapped() }) | 11 | res.status(HttpStatusCode.BAD_REQUEST_400) |
12 | .json({ errors: errors.mapped() }) | ||
11 | 13 | ||
12 | return true | 14 | return true |
13 | } | 15 | } |
diff --git a/server/middlewares/validators/videos/video-blacklist.ts b/server/middlewares/validators/videos/video-blacklist.ts index 808fefc25..88c788a43 100644 --- a/server/middlewares/validators/videos/video-blacklist.ts +++ b/server/middlewares/validators/videos/video-blacklist.ts | |||
@@ -5,6 +5,7 @@ import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../.. | |||
5 | import { logger } from '../../../helpers/logger' | 5 | import { logger } from '../../../helpers/logger' |
6 | import { doesVideoBlacklistExist, doesVideoExist } from '../../../helpers/middlewares' | 6 | import { doesVideoBlacklistExist, doesVideoExist } from '../../../helpers/middlewares' |
7 | import { areValidationErrors } from '../utils' | 7 | import { areValidationErrors } from '../utils' |
8 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
8 | 9 | ||
9 | const videosBlacklistRemoveValidator = [ | 10 | const videosBlacklistRemoveValidator = [ |
10 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 11 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), |
@@ -39,7 +40,7 @@ const videosBlacklistAddValidator = [ | |||
39 | const video = res.locals.videoAll | 40 | const video = res.locals.videoAll |
40 | if (req.body.unfederate === true && video.remote === true) { | 41 | if (req.body.unfederate === true && video.remote === true) { |
41 | return res | 42 | return res |
42 | .status(409) | 43 | .status(HttpStatusCode.CONFLICT_409) |
43 | .send({ error: 'You cannot unfederate a remote video.' }) | 44 | .send({ error: 'You cannot unfederate a remote video.' }) |
44 | .end() | 45 | .end() |
45 | } | 46 | } |
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts index 2e4e755e7..57ac548b9 100644 --- a/server/middlewares/validators/videos/video-channels.ts +++ b/server/middlewares/validators/videos/video-channels.ts | |||
@@ -15,6 +15,7 @@ import { doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } fro | |||
15 | import { ActorModel } from '../../../models/activitypub/actor' | 15 | import { ActorModel } from '../../../models/activitypub/actor' |
16 | import { VideoChannelModel } from '../../../models/video/video-channel' | 16 | import { VideoChannelModel } from '../../../models/video/video-channel' |
17 | import { areValidationErrors } from '../utils' | 17 | import { areValidationErrors } from '../utils' |
18 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
18 | 19 | ||
19 | const videoChannelsAddValidator = [ | 20 | const videoChannelsAddValidator = [ |
20 | body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'), | 21 | body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'), |
@@ -29,7 +30,7 @@ const videoChannelsAddValidator = [ | |||
29 | 30 | ||
30 | const actor = await ActorModel.loadLocalByName(req.body.name) | 31 | const actor = await ActorModel.loadLocalByName(req.body.name) |
31 | if (actor) { | 32 | if (actor) { |
32 | res.status(409) | 33 | res.status(HttpStatusCode.CONFLICT_409) |
33 | .send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) | 34 | .send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) |
34 | .end() | 35 | .end() |
35 | return false | 36 | return false |
@@ -37,7 +38,7 @@ const videoChannelsAddValidator = [ | |||
37 | 38 | ||
38 | const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) | 39 | const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) |
39 | if (count >= VIDEO_CHANNELS.MAX_PER_USER) { | 40 | if (count >= VIDEO_CHANNELS.MAX_PER_USER) { |
40 | res.status(400) | 41 | res.status(HttpStatusCode.BAD_REQUEST_400) |
41 | .send({ error: `You cannot create more than ${VIDEO_CHANNELS.MAX_PER_USER} channels` }) | 42 | .send({ error: `You cannot create more than ${VIDEO_CHANNELS.MAX_PER_USER} channels` }) |
42 | .end() | 43 | .end() |
43 | return false | 44 | return false |
@@ -70,13 +71,13 @@ const videoChannelsUpdateValidator = [ | |||
70 | 71 | ||
71 | // We need to make additional checks | 72 | // We need to make additional checks |
72 | if (res.locals.videoChannel.Actor.isOwned() === false) { | 73 | if (res.locals.videoChannel.Actor.isOwned() === false) { |
73 | return res.status(403) | 74 | return res.status(HttpStatusCode.FORBIDDEN_403) |
74 | .json({ error: 'Cannot update video channel of another server' }) | 75 | .json({ error: 'Cannot update video channel of another server' }) |
75 | .end() | 76 | .end() |
76 | } | 77 | } |
77 | 78 | ||
78 | if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) { | 79 | if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) { |
79 | return res.status(403) | 80 | return res.status(HttpStatusCode.FORBIDDEN_403) |
80 | .json({ error: 'Cannot update video channel of another user' }) | 81 | .json({ error: 'Cannot update video channel of another user' }) |
81 | .end() | 82 | .end() |
82 | } | 83 | } |
@@ -155,7 +156,7 @@ export { | |||
155 | 156 | ||
156 | function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) { | 157 | function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) { |
157 | if (videoChannel.Actor.isOwned() === false) { | 158 | if (videoChannel.Actor.isOwned() === false) { |
158 | res.status(403) | 159 | res.status(HttpStatusCode.FORBIDDEN_403) |
159 | .json({ error: 'Cannot remove video channel of another server.' }) | 160 | .json({ error: 'Cannot remove video channel of another server.' }) |
160 | .end() | 161 | .end() |
161 | 162 | ||
@@ -166,7 +167,7 @@ function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAcco | |||
166 | // The user can delete it if s/he is an admin | 167 | // The user can delete it if s/he is an admin |
167 | // Or if s/he is the video channel's account | 168 | // Or if s/he is the video channel's account |
168 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) { | 169 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) { |
169 | res.status(403) | 170 | res.status(HttpStatusCode.FORBIDDEN_403) |
170 | .json({ error: 'Cannot remove video channel of another user' }) | 171 | .json({ error: 'Cannot remove video channel of another user' }) |
171 | .end() | 172 | .end() |
172 | 173 | ||
@@ -180,9 +181,9 @@ async function checkVideoChannelIsNotTheLastOne (res: express.Response) { | |||
180 | const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) | 181 | const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) |
181 | 182 | ||
182 | if (count <= 1) { | 183 | if (count <= 1) { |
183 | res.status(409) | 184 | res.status(HttpStatusCode.CONFLICT_409) |
184 | .json({ error: 'Cannot remove the last channel of this user' }) | 185 | .json({ error: 'Cannot remove the last channel of this user' }) |
185 | .end() | 186 | .end() |
186 | 187 | ||
187 | return false | 188 | return false |
188 | } | 189 | } |
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index a3c9febc4..226c9d436 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts | |||
@@ -14,6 +14,7 @@ import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccep | |||
14 | import { Hooks } from '../../../lib/plugins/hooks' | 14 | import { Hooks } from '../../../lib/plugins/hooks' |
15 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' | 15 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' |
16 | import { areValidationErrors } from '../utils' | 16 | import { areValidationErrors } from '../utils' |
17 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
17 | 18 | ||
18 | const listVideoCommentsValidator = [ | 19 | const listVideoCommentsValidator = [ |
19 | query('isLocal') | 20 | query('isLocal') |
@@ -154,8 +155,8 @@ export { | |||
154 | 155 | ||
155 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { | 156 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { |
156 | if (video.commentsEnabled !== true) { | 157 | if (video.commentsEnabled !== true) { |
157 | res.status(409) | 158 | res.status(HttpStatusCode.CONFLICT_409) |
158 | .json({ error: 'Video comments are disabled for this video.' }) | 159 | .json({ error: 'Video comments are disabled for this video.' }) |
159 | 160 | ||
160 | return false | 161 | return false |
161 | } | 162 | } |
@@ -165,8 +166,8 @@ function isVideoCommentsEnabled (video: MVideo, res: express.Response) { | |||
165 | 166 | ||
166 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { | 167 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { |
167 | if (videoComment.isDeleted()) { | 168 | if (videoComment.isDeleted()) { |
168 | res.status(409) | 169 | res.status(HttpStatusCode.CONFLICT_409) |
169 | .json({ error: 'This comment is already deleted' }) | 170 | .json({ error: 'This comment is already deleted' }) |
170 | 171 | ||
171 | return false | 172 | return false |
172 | } | 173 | } |
@@ -178,7 +179,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC | |||
178 | videoComment.accountId !== userAccount.id && // Not the comment owner | 179 | videoComment.accountId !== userAccount.id && // Not the comment owner |
179 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner | 180 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner |
180 | ) { | 181 | ) { |
181 | res.status(403) | 182 | res.status(HttpStatusCode.FORBIDDEN_403) |
182 | .json({ error: 'Cannot remove video comment of another user' }) | 183 | .json({ error: 'Cannot remove video comment of another user' }) |
183 | 184 | ||
184 | return false | 185 | return false |
@@ -214,7 +215,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon | |||
214 | 215 | ||
215 | if (!acceptedResult || acceptedResult.accepted !== true) { | 216 | if (!acceptedResult || acceptedResult.accepted !== true) { |
216 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | 217 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) |
217 | res.status(403) | 218 | res.status(HttpStatusCode.FORBIDDEN_403) |
218 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | 219 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) |
219 | 220 | ||
220 | return false | 221 | return false |
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts index d69aff118..0d41933a6 100644 --- a/server/middlewares/validators/videos/video-imports.ts +++ b/server/middlewares/validators/videos/video-imports.ts | |||
@@ -13,6 +13,7 @@ import { CONFIG } from '../../../initializers/config' | |||
13 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' | 13 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' |
14 | import { areValidationErrors } from '../utils' | 14 | import { areValidationErrors } from '../utils' |
15 | import { getCommonVideoEditAttributes } from './videos' | 15 | import { getCommonVideoEditAttributes } from './videos' |
16 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' | ||
16 | 17 | ||
17 | const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | 18 | const videoImportAddValidator = getCommonVideoEditAttributes().concat([ |
18 | body('channelId') | 19 | body('channelId') |
@@ -44,14 +45,14 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | |||
44 | 45 | ||
45 | if (req.body.targetUrl && CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true) { | 46 | if (req.body.targetUrl && CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true) { |
46 | cleanUpReqFiles(req) | 47 | cleanUpReqFiles(req) |
47 | return res.status(409) | 48 | return res.status(HttpStatusCode.CONFLICT_409) |
48 | .json({ error: 'HTTP import is not enabled on this instance.' }) | 49 | .json({ error: 'HTTP import is not enabled on this instance.' }) |
49 | .end() | 50 | .end() |
50 | } | 51 | } |
51 | 52 | ||
52 | if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) { | 53 | if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) { |
53 | cleanUpReqFiles(req) | 54 | cleanUpReqFiles(req) |
54 | return res.status(409) | 55 | return res.status(HttpStatusCode.CONFLICT_409) |
55 | .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' }) | 56 | .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' }) |
56 | .end() | 57 | .end() |
57 | } | 58 | } |
@@ -62,7 +63,7 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | |||
62 | if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) { | 63 | if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) { |
63 | cleanUpReqFiles(req) | 64 | cleanUpReqFiles(req) |
64 | 65 | ||
65 | return res.status(400) | 66 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
66 | .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' }) | 67 | .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' }) |
67 | .end() | 68 | .end() |
68 | } | 69 | } |
@@ -100,7 +101,7 @@ async function isImportAccepted (req: express.Request, res: express.Response) { | |||
100 | 101 | ||
101 | if (!acceptedResult || acceptedResult.accepted !== true) { | 102 | if (!acceptedResult || acceptedResult.accepted !== true) { |
102 | logger.info('Refused to import video.', { acceptedResult, acceptParameters }) | 103 | logger.info('Refused to import video.', { acceptedResult, acceptParameters }) |
103 | res.status(403) | 104 | res.status(HttpStatusCode.FORBIDDEN_403) |
104 | .json({ error: acceptedResult.errorMessage || 'Refused to import video' }) | 105 | .json({ error: acceptedResult.errorMessage || 'Refused to import video' }) |
105 | 106 | ||
106 | return false | 107 | return false |
diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts index 69a14ccb1..3a73e1272 100644 --- a/server/middlewares/validators/videos/video-live.ts +++ b/server/middlewares/validators/videos/video-live.ts | |||
@@ -13,6 +13,7 @@ import { getCommonVideoEditAttributes } from './videos' | |||
13 | import { VideoModel } from '@server/models/video/video' | 13 | import { VideoModel } from '@server/models/video/video' |
14 | import { Hooks } from '@server/lib/plugins/hooks' | 14 | import { Hooks } from '@server/lib/plugins/hooks' |
15 | import { isLocalLiveVideoAccepted } from '@server/lib/moderation' | 15 | import { isLocalLiveVideoAccepted } from '@server/lib/moderation' |
16 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' | ||
16 | 17 | ||
17 | const videoLiveGetValidator = [ | 18 | const videoLiveGetValidator = [ |
18 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 19 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), |
@@ -28,7 +29,7 @@ const videoLiveGetValidator = [ | |||
28 | if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res, false)) return | 29 | if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res, false)) return |
29 | 30 | ||
30 | const videoLive = await VideoLiveModel.loadByVideoId(res.locals.videoAll.id) | 31 | const videoLive = await VideoLiveModel.loadByVideoId(res.locals.videoAll.id) |
31 | if (!videoLive) return res.sendStatus(404) | 32 | if (!videoLive) return res.sendStatus(HttpStatusCode.NOT_FOUND_404) |
32 | 33 | ||
33 | res.locals.videoLive = videoLive | 34 | res.locals.videoLive = videoLive |
34 | 35 | ||
@@ -62,21 +63,21 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([ | |||
62 | if (CONFIG.LIVE.ENABLED !== true) { | 63 | if (CONFIG.LIVE.ENABLED !== true) { |
63 | cleanUpReqFiles(req) | 64 | cleanUpReqFiles(req) |
64 | 65 | ||
65 | return res.status(403) | 66 | return res.status(HttpStatusCode.FORBIDDEN_403) |
66 | .json({ error: 'Live is not enabled on this instance' }) | 67 | .json({ error: 'Live is not enabled on this instance' }) |
67 | } | 68 | } |
68 | 69 | ||
69 | if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) { | 70 | if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) { |
70 | cleanUpReqFiles(req) | 71 | cleanUpReqFiles(req) |
71 | 72 | ||
72 | return res.status(403) | 73 | return res.status(HttpStatusCode.FORBIDDEN_403) |
73 | .json({ error: 'Saving live replay is not allowed instance' }) | 74 | .json({ error: 'Saving live replay is not allowed instance' }) |
74 | } | 75 | } |
75 | 76 | ||
76 | if (req.body.permanentLive && req.body.saveReplay) { | 77 | if (req.body.permanentLive && req.body.saveReplay) { |
77 | cleanUpReqFiles(req) | 78 | cleanUpReqFiles(req) |
78 | 79 | ||
79 | return res.status(400) | 80 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
80 | .json({ error: 'Cannot set this live as permanent while saving its replay' }) | 81 | .json({ error: 'Cannot set this live as permanent while saving its replay' }) |
81 | } | 82 | } |
82 | 83 | ||
@@ -89,7 +90,7 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([ | |||
89 | if (totalInstanceLives >= CONFIG.LIVE.MAX_INSTANCE_LIVES) { | 90 | if (totalInstanceLives >= CONFIG.LIVE.MAX_INSTANCE_LIVES) { |
90 | cleanUpReqFiles(req) | 91 | cleanUpReqFiles(req) |
91 | 92 | ||
92 | return res.status(403) | 93 | return res.status(HttpStatusCode.FORBIDDEN_403) |
93 | .json({ | 94 | .json({ |
94 | code: ServerErrorCode.MAX_INSTANCE_LIVES_LIMIT_REACHED, | 95 | code: ServerErrorCode.MAX_INSTANCE_LIVES_LIMIT_REACHED, |
95 | error: 'Cannot create this live because the max instance lives limit is reached.' | 96 | error: 'Cannot create this live because the max instance lives limit is reached.' |
@@ -103,7 +104,7 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([ | |||
103 | if (totalUserLives >= CONFIG.LIVE.MAX_USER_LIVES) { | 104 | if (totalUserLives >= CONFIG.LIVE.MAX_USER_LIVES) { |
104 | cleanUpReqFiles(req) | 105 | cleanUpReqFiles(req) |
105 | 106 | ||
106 | return res.status(403) | 107 | return res.status(HttpStatusCode.FORBIDDEN_403) |
107 | .json({ | 108 | .json({ |
108 | code: ServerErrorCode.MAX_USER_LIVES_LIMIT_REACHED, | 109 | code: ServerErrorCode.MAX_USER_LIVES_LIMIT_REACHED, |
109 | error: 'Cannot create this live because the max user lives limit is reached.' | 110 | error: 'Cannot create this live because the max user lives limit is reached.' |
@@ -129,17 +130,17 @@ const videoLiveUpdateValidator = [ | |||
129 | if (areValidationErrors(req, res)) return | 130 | if (areValidationErrors(req, res)) return |
130 | 131 | ||
131 | if (req.body.permanentLive && req.body.saveReplay) { | 132 | if (req.body.permanentLive && req.body.saveReplay) { |
132 | return res.status(400) | 133 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
133 | .json({ error: 'Cannot set this live as permanent while saving its replay' }) | 134 | .json({ error: 'Cannot set this live as permanent while saving its replay' }) |
134 | } | 135 | } |
135 | 136 | ||
136 | if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) { | 137 | if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) { |
137 | return res.status(403) | 138 | return res.status(HttpStatusCode.FORBIDDEN_403) |
138 | .json({ error: 'Saving live replay is not allowed instance' }) | 139 | .json({ error: 'Saving live replay is not allowed instance' }) |
139 | } | 140 | } |
140 | 141 | ||
141 | if (res.locals.videoAll.state !== VideoState.WAITING_FOR_LIVE) { | 142 | if (res.locals.videoAll.state !== VideoState.WAITING_FOR_LIVE) { |
142 | return res.status(400) | 143 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
143 | .json({ error: 'Cannot update a live that has already started' }) | 144 | .json({ error: 'Cannot update a live that has already started' }) |
144 | } | 145 | } |
145 | 146 | ||
@@ -176,7 +177,7 @@ async function isLiveVideoAccepted (req: express.Request, res: express.Response) | |||
176 | if (!acceptedResult || acceptedResult.accepted !== true) { | 177 | if (!acceptedResult || acceptedResult.accepted !== true) { |
177 | logger.info('Refused local live video.', { acceptedResult, acceptParameters }) | 178 | logger.info('Refused local live video.', { acceptedResult, acceptParameters }) |
178 | 179 | ||
179 | res.status(403) | 180 | res.status(HttpStatusCode.FORBIDDEN_403) |
180 | .json({ error: acceptedResult.errorMessage || 'Refused local live video' }) | 181 | .json({ error: acceptedResult.errorMessage || 'Refused local live video' }) |
181 | 182 | ||
182 | return false | 183 | return false |
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 4647eae44..c7a6f68e3 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
@@ -29,6 +29,7 @@ import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/vid | |||
29 | import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares' | 29 | import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares' |
30 | import { MVideoPlaylist } from '../../../types/models/video/video-playlist' | 30 | import { MVideoPlaylist } from '../../../types/models/video/video-playlist' |
31 | import { MUserAccountId } from '@server/types/models' | 31 | import { MUserAccountId } from '@server/types/models' |
32 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
32 | 33 | ||
33 | const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | 34 | const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ |
34 | body('displayName') | 35 | body('displayName') |
@@ -44,7 +45,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
44 | 45 | ||
45 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | 46 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { |
46 | cleanUpReqFiles(req) | 47 | cleanUpReqFiles(req) |
47 | return res.status(400) | 48 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
48 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | 49 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) |
49 | } | 50 | } |
50 | 51 | ||
@@ -83,13 +84,13 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
83 | ) | 84 | ) |
84 | ) { | 85 | ) { |
85 | cleanUpReqFiles(req) | 86 | cleanUpReqFiles(req) |
86 | return res.status(400) | 87 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
87 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | 88 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) |
88 | } | 89 | } |
89 | 90 | ||
90 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 91 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
91 | cleanUpReqFiles(req) | 92 | cleanUpReqFiles(req) |
92 | return res.status(400) | 93 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
93 | .json({ error: 'Cannot update a watch later playlist.' }) | 94 | .json({ error: 'Cannot update a watch later playlist.' }) |
94 | } | 95 | } |
95 | 96 | ||
@@ -112,7 +113,7 @@ const videoPlaylistsDeleteValidator = [ | |||
112 | 113 | ||
113 | const videoPlaylist = getPlaylist(res) | 114 | const videoPlaylist = getPlaylist(res) |
114 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 115 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
115 | return res.status(400) | 116 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
116 | .json({ error: 'Cannot delete a watch later playlist.' }) | 117 | .json({ error: 'Cannot delete a watch later playlist.' }) |
117 | } | 118 | } |
118 | 119 | ||
@@ -142,7 +143,7 @@ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { | |||
142 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { | 143 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { |
143 | if (isUUIDValid(req.params.playlistId)) return next() | 144 | if (isUUIDValid(req.params.playlistId)) return next() |
144 | 145 | ||
145 | return res.status(404).end() | 146 | return res.status(HttpStatusCode.NOT_FOUND_404).end() |
146 | } | 147 | } |
147 | 148 | ||
148 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { | 149 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { |
@@ -154,7 +155,7 @@ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { | |||
154 | !user || | 155 | !user || |
155 | (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) | 156 | (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) |
156 | ) { | 157 | ) { |
157 | return res.status(403) | 158 | return res.status(HttpStatusCode.FORBIDDEN_403) |
158 | .json({ error: 'Cannot get this private video playlist.' }) | 159 | .json({ error: 'Cannot get this private video playlist.' }) |
159 | } | 160 | } |
160 | 161 | ||
@@ -231,7 +232,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ | |||
231 | 232 | ||
232 | const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId) | 233 | const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId) |
233 | if (!videoPlaylistElement) { | 234 | if (!videoPlaylistElement) { |
234 | res.status(404) | 235 | res.status(HttpStatusCode.NOT_FOUND_404) |
235 | .json({ error: 'Video playlist element not found' }) | 236 | .json({ error: 'Video playlist element not found' }) |
236 | .end() | 237 | .end() |
237 | 238 | ||
@@ -261,7 +262,7 @@ const videoPlaylistElementAPGetValidator = [ | |||
261 | 262 | ||
262 | const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId) | 263 | const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId) |
263 | if (!videoPlaylistElement) { | 264 | if (!videoPlaylistElement) { |
264 | res.status(404) | 265 | res.status(HttpStatusCode.NOT_FOUND_404) |
265 | .json({ error: 'Video playlist element not found' }) | 266 | .json({ error: 'Video playlist element not found' }) |
266 | .end() | 267 | .end() |
267 | 268 | ||
@@ -269,7 +270,7 @@ const videoPlaylistElementAPGetValidator = [ | |||
269 | } | 270 | } |
270 | 271 | ||
271 | if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { | 272 | if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { |
272 | return res.status(403).end() | 273 | return res.status(HttpStatusCode.FORBIDDEN_403).end() |
273 | } | 274 | } |
274 | 275 | ||
275 | res.locals.videoPlaylistElementAP = videoPlaylistElement | 276 | res.locals.videoPlaylistElementAP = videoPlaylistElement |
@@ -305,7 +306,7 @@ const videoPlaylistsReorderVideosValidator = [ | |||
305 | const reorderLength: number = req.body.reorderLength | 306 | const reorderLength: number = req.body.reorderLength |
306 | 307 | ||
307 | if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { | 308 | if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { |
308 | res.status(400) | 309 | res.status(HttpStatusCode.BAD_REQUEST_400) |
309 | .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) | 310 | .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) |
310 | .end() | 311 | .end() |
311 | 312 | ||
@@ -313,7 +314,7 @@ const videoPlaylistsReorderVideosValidator = [ | |||
313 | } | 314 | } |
314 | 315 | ||
315 | if (reorderLength && reorderLength + startPosition > nextPosition) { | 316 | if (reorderLength && reorderLength + startPosition > nextPosition) { |
316 | res.status(400) | 317 | res.status(HttpStatusCode.BAD_REQUEST_400) |
317 | .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) | 318 | .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) |
318 | .end() | 319 | .end() |
319 | 320 | ||
@@ -399,7 +400,7 @@ function getCommonPlaylistEditAttributes () { | |||
399 | 400 | ||
400 | function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) { | 401 | function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) { |
401 | if (videoPlaylist.isOwned() === false) { | 402 | if (videoPlaylist.isOwned() === false) { |
402 | res.status(403) | 403 | res.status(HttpStatusCode.FORBIDDEN_403) |
403 | .json({ error: 'Cannot manage video playlist of another server.' }) | 404 | .json({ error: 'Cannot manage video playlist of another server.' }) |
404 | .end() | 405 | .end() |
405 | 406 | ||
@@ -410,7 +411,7 @@ function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: M | |||
410 | // The user can delete it if s/he is an admin | 411 | // The user can delete it if s/he is an admin |
411 | // Or if s/he is the video playlist's owner | 412 | // Or if s/he is the video playlist's owner |
412 | if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) { | 413 | if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) { |
413 | res.status(403) | 414 | res.status(HttpStatusCode.FORBIDDEN_403) |
414 | .json({ error: 'Cannot manage video playlist of another user' }) | 415 | .json({ error: 'Cannot manage video playlist of another user' }) |
415 | .end() | 416 | .end() |
416 | 417 | ||
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 15a8c7983..7dcba15f1 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -9,6 +9,7 @@ import { AccountVideoRateModel } from '../../../models/account/account-video-rat | |||
9 | import { VideoRateType } from '../../../../shared/models/videos' | 9 | import { VideoRateType } from '../../../../shared/models/videos' |
10 | import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' | 10 | import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' |
11 | import { doesVideoExist } from '../../../helpers/middlewares' | 11 | import { doesVideoExist } from '../../../helpers/middlewares' |
12 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
12 | 13 | ||
13 | const videoUpdateRateValidator = [ | 14 | const videoUpdateRateValidator = [ |
14 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 15 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
@@ -36,7 +37,7 @@ const getAccountVideoRateValidatorFactory = function (rateType: VideoRateType) { | |||
36 | 37 | ||
37 | const rate = await AccountVideoRateModel.loadLocalAndPopulateVideo(rateType, req.params.name, req.params.videoId) | 38 | const rate = await AccountVideoRateModel.loadLocalAndPopulateVideo(rateType, req.params.name, req.params.videoId) |
38 | if (!rate) { | 39 | if (!rate) { |
39 | return res.status(404) | 40 | return res.status(HttpStatusCode.NOT_FOUND_404) |
40 | .json({ error: 'Video rate not found' }) | 41 | .json({ error: 'Video rate not found' }) |
41 | } | 42 | } |
42 | 43 | ||
diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts index 20fc96243..f0d8e0c36 100644 --- a/server/middlewares/validators/videos/video-shares.ts +++ b/server/middlewares/validators/videos/video-shares.ts | |||
@@ -5,6 +5,7 @@ import { logger } from '../../../helpers/logger' | |||
5 | import { VideoShareModel } from '../../../models/video/video-share' | 5 | import { VideoShareModel } from '../../../models/video/video-share' |
6 | import { areValidationErrors } from '../utils' | 6 | import { areValidationErrors } from '../utils' |
7 | import { doesVideoExist } from '../../../helpers/middlewares' | 7 | import { doesVideoExist } from '../../../helpers/middlewares' |
8 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
8 | 9 | ||
9 | const videosShareValidator = [ | 10 | const videosShareValidator = [ |
10 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 11 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
@@ -20,7 +21,7 @@ const videosShareValidator = [ | |||
20 | 21 | ||
21 | const share = await VideoShareModel.load(req.params.actorId, video.id) | 22 | const share = await VideoShareModel.load(req.params.actorId, video.id) |
22 | if (!share) { | 23 | if (!share) { |
23 | return res.status(404) | 24 | return res.status(HttpStatusCode.NOT_FOUND_404) |
24 | .end() | 25 | .end() |
25 | } | 26 | } |
26 | 27 | ||
diff --git a/server/middlewares/validators/videos/video-watch.ts b/server/middlewares/validators/videos/video-watch.ts index d6ca1d341..29ce0dab6 100644 --- a/server/middlewares/validators/videos/video-watch.ts +++ b/server/middlewares/validators/videos/video-watch.ts | |||
@@ -4,6 +4,7 @@ import { isIdOrUUIDValid, toIntOrNull } from '../../../helpers/custom-validators | |||
4 | import { areValidationErrors } from '../utils' | 4 | import { areValidationErrors } from '../utils' |
5 | import { logger } from '../../../helpers/logger' | 5 | import { logger } from '../../../helpers/logger' |
6 | import { doesVideoExist } from '../../../helpers/middlewares' | 6 | import { doesVideoExist } from '../../../helpers/middlewares' |
7 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
7 | 8 | ||
8 | const videoWatchingValidator = [ | 9 | const videoWatchingValidator = [ |
9 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 10 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
@@ -20,7 +21,7 @@ const videoWatchingValidator = [ | |||
20 | const user = res.locals.oauth.token.User | 21 | const user = res.locals.oauth.token.User |
21 | if (user.videosHistoryEnabled === false) { | 22 | if (user.videosHistoryEnabled === false) { |
22 | logger.warn('Cannot set videos to watch by user %d: videos history is disabled.', user.id) | 23 | logger.warn('Cannot set videos to watch by user %d: videos history is disabled.', user.id) |
23 | return res.status(409).end() | 24 | return res.status(HttpStatusCode.CONFLICT_409).end() |
24 | } | 25 | } |
25 | 26 | ||
26 | return next() | 27 | return next() |
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index af0072d73..9834f714b 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -51,6 +51,7 @@ import { AccountModel } from '../../../models/account/account' | |||
51 | import { VideoModel } from '../../../models/video/video' | 51 | import { VideoModel } from '../../../models/video/video' |
52 | import { authenticatePromiseIfNeeded } from '../../oauth' | 52 | import { authenticatePromiseIfNeeded } from '../../oauth' |
53 | import { areValidationErrors } from '../utils' | 53 | import { areValidationErrors } from '../utils' |
54 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
54 | 55 | ||
55 | const videosAddValidator = getCommonVideoEditAttributes().concat([ | 56 | const videosAddValidator = getCommonVideoEditAttributes().concat([ |
56 | body('videofile') | 57 | body('videofile') |
@@ -75,7 +76,7 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
75 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) | 76 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) |
76 | 77 | ||
77 | if (await isAbleToUploadVideo(user.id, videoFile.size) === false) { | 78 | if (await isAbleToUploadVideo(user.id, videoFile.size) === false) { |
78 | res.status(403) | 79 | res.status(HttpStatusCode.FORBIDDEN_403) |
79 | .json({ error: 'The user video quota is exceeded with this video.' }) | 80 | .json({ error: 'The user video quota is exceeded with this video.' }) |
80 | 81 | ||
81 | return cleanUpReqFiles(req) | 82 | return cleanUpReqFiles(req) |
@@ -87,7 +88,7 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
87 | duration = await getDurationFromVideoFile(videoFile.path) | 88 | duration = await getDurationFromVideoFile(videoFile.path) |
88 | } catch (err) { | 89 | } catch (err) { |
89 | logger.error('Invalid input file in videosAddValidator.', { err }) | 90 | logger.error('Invalid input file in videosAddValidator.', { err }) |
90 | res.status(400) | 91 | res.status(HttpStatusCode.BAD_REQUEST_400) |
91 | .json({ error: 'Invalid input file.' }) | 92 | .json({ error: 'Invalid input file.' }) |
92 | 93 | ||
93 | return cleanUpReqFiles(req) | 94 | return cleanUpReqFiles(req) |
@@ -147,7 +148,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R | |||
147 | const serverActor = await getServerActor() | 148 | const serverActor = await getServerActor() |
148 | if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next() | 149 | if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next() |
149 | 150 | ||
150 | return res.status(403) | 151 | return res.status(HttpStatusCode.FORBIDDEN_403) |
151 | .json({ | 152 | .json({ |
152 | errorCode: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS, | 153 | errorCode: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS, |
153 | error: 'Cannot get this video regarding follow constraints.', | 154 | error: 'Cannot get this video regarding follow constraints.', |
@@ -182,7 +183,7 @@ const videosCustomGetValidator = ( | |||
182 | 183 | ||
183 | // Only the owner or a user that have blacklist rights can see the video | 184 | // Only the owner or a user that have blacklist rights can see the video |
184 | if (!user || !user.canGetVideo(videoAll)) { | 185 | if (!user || !user.canGetVideo(videoAll)) { |
185 | return res.status(403) | 186 | return res.status(HttpStatusCode.FORBIDDEN_403) |
186 | .json({ error: 'Cannot get this private/internal or blacklisted video.' }) | 187 | .json({ error: 'Cannot get this private/internal or blacklisted video.' }) |
187 | } | 188 | } |
188 | 189 | ||
@@ -197,7 +198,7 @@ const videosCustomGetValidator = ( | |||
197 | if (isUUIDValid(req.params.id)) return next() | 198 | if (isUUIDValid(req.params.id)) return next() |
198 | 199 | ||
199 | // Don't leak this unlisted video | 200 | // Don't leak this unlisted video |
200 | return res.status(404).end() | 201 | return res.status(HttpStatusCode.NOT_FOUND_404).end() |
201 | } | 202 | } |
202 | } | 203 | } |
203 | ] | 204 | ] |
@@ -250,7 +251,7 @@ const videosChangeOwnershipValidator = [ | |||
250 | 251 | ||
251 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | 252 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) |
252 | if (!nextOwner) { | 253 | if (!nextOwner) { |
253 | res.status(400) | 254 | res.status(HttpStatusCode.BAD_REQUEST_400) |
254 | .json({ error: 'Changing video ownership to a remote account is not supported yet' }) | 255 | .json({ error: 'Changing video ownership to a remote account is not supported yet' }) |
255 | 256 | ||
256 | return | 257 | return |
@@ -276,7 +277,7 @@ const videosTerminateChangeOwnershipValidator = [ | |||
276 | const videoChangeOwnership = res.locals.videoChangeOwnership | 277 | const videoChangeOwnership = res.locals.videoChangeOwnership |
277 | 278 | ||
278 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { | 279 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { |
279 | res.status(403) | 280 | res.status(HttpStatusCode.FORBIDDEN_403) |
280 | .json({ error: 'Ownership already accepted or refused' }) | 281 | .json({ error: 'Ownership already accepted or refused' }) |
281 | return | 282 | return |
282 | } | 283 | } |
@@ -294,7 +295,7 @@ const videosAcceptChangeOwnershipValidator = [ | |||
294 | const videoChangeOwnership = res.locals.videoChangeOwnership | 295 | const videoChangeOwnership = res.locals.videoChangeOwnership |
295 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) | 296 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) |
296 | if (isAble === false) { | 297 | if (isAble === false) { |
297 | res.status(403) | 298 | res.status(HttpStatusCode.FORBIDDEN_403) |
298 | .json({ error: 'The user video quota is exceeded with this video.' }) | 299 | .json({ error: 'The user video quota is exceeded with this video.' }) |
299 | 300 | ||
300 | return | 301 | return |
@@ -433,7 +434,7 @@ const commonVideosFiltersValidator = [ | |||
433 | (req.query.filter === 'all-local' || req.query.filter === 'all') && | 434 | (req.query.filter === 'all-local' || req.query.filter === 'all') && |
434 | (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) | 435 | (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) |
435 | ) { | 436 | ) { |
436 | res.status(401) | 437 | res.status(HttpStatusCode.UNAUTHORIZED_401) |
437 | .json({ error: 'You are not allowed to see all local videos.' }) | 438 | .json({ error: 'You are not allowed to see all local videos.' }) |
438 | 439 | ||
439 | return | 440 | return |
@@ -473,7 +474,7 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) | |||
473 | if (!req.body.scheduleUpdate.updateAt) { | 474 | if (!req.body.scheduleUpdate.updateAt) { |
474 | logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.') | 475 | logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.') |
475 | 476 | ||
476 | res.status(400) | 477 | res.status(HttpStatusCode.BAD_REQUEST_400) |
477 | .json({ error: 'Schedule update at is mandatory.' }) | 478 | .json({ error: 'Schedule update at is mandatory.' }) |
478 | 479 | ||
479 | return true | 480 | return true |
@@ -498,7 +499,7 @@ async function isVideoAccepted (req: express.Request, res: express.Response, vid | |||
498 | 499 | ||
499 | if (!acceptedResult || acceptedResult.accepted !== true) { | 500 | if (!acceptedResult || acceptedResult.accepted !== true) { |
500 | logger.info('Refused local video.', { acceptedResult, acceptParameters }) | 501 | logger.info('Refused local video.', { acceptedResult, acceptParameters }) |
501 | res.status(403) | 502 | res.status(HttpStatusCode.FORBIDDEN_403) |
502 | .json({ error: acceptedResult.errorMessage || 'Refused local video' }) | 503 | .json({ error: acceptedResult.errorMessage || 'Refused local video' }) |
503 | 504 | ||
504 | return false | 505 | return false |
diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts index 5fe864f8b..a71422ed8 100644 --- a/server/middlewares/validators/webfinger.ts +++ b/server/middlewares/validators/webfinger.ts | |||
@@ -5,6 +5,7 @@ import { logger } from '../../helpers/logger' | |||
5 | import { ActorModel } from '../../models/activitypub/actor' | 5 | import { ActorModel } from '../../models/activitypub/actor' |
6 | import { areValidationErrors } from './utils' | 6 | import { areValidationErrors } from './utils' |
7 | import { getHostWithPort } from '../../helpers/express-utils' | 7 | import { getHostWithPort } from '../../helpers/express-utils' |
8 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
8 | 9 | ||
9 | const webfingerValidator = [ | 10 | const webfingerValidator = [ |
10 | query('resource').custom(isWebfingerLocalResourceValid).withMessage('Should have a valid webfinger resource'), | 11 | query('resource').custom(isWebfingerLocalResourceValid).withMessage('Should have a valid webfinger resource'), |
@@ -20,9 +21,9 @@ const webfingerValidator = [ | |||
20 | 21 | ||
21 | const actor = await ActorModel.loadLocalUrlByName(name) | 22 | const actor = await ActorModel.loadLocalUrlByName(name) |
22 | if (!actor) { | 23 | if (!actor) { |
23 | return res.status(404) | 24 | return res.status(HttpStatusCode.NOT_FOUND_404) |
24 | .send({ error: 'Actor not found' }) | 25 | .send({ error: 'Actor not found' }) |
25 | .end() | 26 | .end() |
26 | } | 27 | } |
27 | 28 | ||
28 | res.locals.actorUrl = actor | 29 | res.locals.actorUrl = actor |