8 files changed, 115 insertions, 28 deletions
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js
index 0471b3f92..6c3a9c2b4 100644
--- a/server/middlewares/validators/index.js
+++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
 const podsValidators = require('./pods')
 const remoteValidators = require('./remote')
 const sortValidators = require('./sort')
+const usersValidators = require('./users')
 const videosValidators = require('./videos')
 const validators = {
@@ -11,6 +12,7 @@ const validators = {
  pods: podsValidators,
  remote: remoteValidators,
  sort: sortValidators,
+  users: usersValidators,
  videos: videosValidators
 }
diff --git a/server/middlewares/validators/pagination.js b/server/middlewares/validators/pagination.js
index 8e9a01053..16682696e 100644
--- a/server/middlewares/validators/pagination.js
+++ b/server/middlewares/validators/pagination.js
@@ -4,7 +4,7 @@ const checkErrors = require('./utils').checkErrors
 const logger = require('../../helpers/logger')
 const validatorsPagination = {
-  pagination: pagination
+  pagination
 }
 function pagination (req, res, next) {
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index fda2e865f..fd3d1e2f2 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -5,23 +5,29 @@ const friends = require('../../lib/friends')
 const logger = require('../../helpers/logger')
 const validatorsPod = {
-  makeFriends: makeFriends,
+  makeFriends,
-  podsAdd: podsAdd
+  podsAdd
 }
 function makeFriends (req, res, next) {
-  friends.hasFriends(function (err, hasFriends) {
+  req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid()
-    if (err) {
-      logger.error('Cannot know if we have friends.', { error: err })
+  logger.debug('Checking makeFriends parameters', { parameters: req.body })
-      res.sendStatus(500)
-    }
+  checkErrors(req, res, function () {
+    friends.hasFriends(function (err, hasFriends) {
-    if (hasFriends === true) {
+      if (err) {
-      // We need to quit our friends before make new ones
+        logger.error('Cannot know if we have friends.', { error: err })
-      res.sendStatus(409)
+        res.sendStatus(500)
-    } else {
+      }
-      return next()
-    }
+      if (hasFriends === true) {
+        // We need to quit our friends before make new ones
+        res.sendStatus(409)
+      } else {
+        return next()
+      }
+    })
  })
 }
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js
index 1be119458..8c29ef8ca 100644
--- a/server/middlewares/validators/remote.js
+++ b/server/middlewares/validators/remote.js
@@ -4,9 +4,9 @@ const checkErrors = require('./utils').checkErrors
 const logger = require('../../helpers/logger')
 const validatorsRemote = {
-  dataToDecrypt: dataToDecrypt,
+  dataToDecrypt,
-  remoteVideos: remoteVideos,
+  remoteVideos,
-  signature: signature
+  signature
 }
 function dataToDecrypt (req, res, next) {
@@ -19,7 +19,6 @@ function dataToDecrypt (req, res, next) {
 }
 function remoteVideos (req, res, next) {
-  req.checkBody('data').isArray()
  req.checkBody('data').isEachRemoteVideosValid()
  logger.debug('Checking remoteVideos parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/sort.js b/server/middlewares/validators/sort.js
index 56b63cc8b..431d3fffd 100644
--- a/server/middlewares/validators/sort.js
+++ b/server/middlewares/validators/sort.js
@@ -5,7 +5,18 @@ const constants = require('../../initializers/constants')
 const logger = require('../../helpers/logger')
 const validatorsSort = {
-  videosSort: videosSort
+  usersSort,
+  videosSort
+}
+function usersSort (req, res, next) {
+  const sortableColumns = constants.SORTABLE_COLUMNS.USERS
+  req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns)
+  logger.debug('Checking sort parameters', { parameters: req.query })
+  checkErrors(req, res, next)
 }
 function videosSort (req, res, next) {
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
new file mode 100644
index 000000000..d541e9124
--- /dev/null
+++ b/server/middlewares/validators/users.js
@@ -0,0 +1,67 @@
+'use strict'
+const mongoose = require('mongoose')
+const checkErrors = require('./utils').checkErrors
+const logger = require('../../helpers/logger')
+const User = mongoose.model('User')
+const validatorsUsers = {
+  usersAdd,
+  usersRemove,
+  usersUpdate
+}
+function usersAdd (req, res, next) {
+  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  logger.debug('Checking usersAdd parameters', { parameters: req.body })
+  checkErrors(req, res, function () {
+    User.loadByUsername(req.body.username, function (err, user) {
+      if (err) {
+        logger.error('Error in usersAdd request validator.', { error: err })
+        return res.sendStatus(500)
+      }
+      if (user) return res.status(409).send('User already exists.')
+      next()
+    })
+  })
+}
+function usersRemove (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+  logger.debug('Checking usersRemove parameters', { parameters: req.params })
+  checkErrors(req, res, function () {
+    User.loadById(req.params.id, function (err, user) {
+      if (err) {
+        logger.error('Error in usersRemove request validator.', { error: err })
+        return res.sendStatus(500)
+      }
+      if (!user) return res.status(404).send('User not found')
+      next()
+    })
+  })
+}
+function usersUpdate (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+  // Add old password verification
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+  checkErrors(req, res, next)
+}
+// ---------------------------------------------------------------------------
+module.exports = validatorsUsers
diff --git a/server/middlewares/validators/utils.js b/server/middlewares/validators/utils.js
index f6e5b2b38..3741b84c6 100644
--- a/server/middlewares/validators/utils.js
+++ b/server/middlewares/validators/utils.js
@@ -5,7 +5,7 @@ const util = require('util')
 const logger = require('../../helpers/logger')
 const validatorsUtils = {
-  checkErrors: checkErrors
+  checkErrors
 }
 function checkErrors (req, res, next, statusCode) {
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 3e2af06fb..76e943e77 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -4,20 +4,21 @@ const mongoose = require('mongoose')
 const checkErrors = require('./utils').checkErrors
 const constants = require('../../initializers/constants')
-const customValidators = require('../../helpers/custom-validators')
+const customVideosValidators = require('../../helpers/custom-validators').videos
 const logger = require('../../helpers/logger')
 const Video = mongoose.model('Video')
 const validatorsVideos = {
-  videosAdd: videosAdd,
+  videosAdd,
-  videosGet: videosGet,
+  videosGet,
-  videosRemove: videosRemove,
+  videosRemove,
-  videosSearch: videosSearch
+  videosSearch
 }
 function videosAdd (req, res, next) {
  req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
+  // TODO: move to constants and function
  req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
  req.checkBody('name', 'Should have a valid name').isVideoNameValid()
  req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
@@ -33,8 +34,8 @@ function videosAdd (req, res, next) {
        return res.status(400).send('Cannot retrieve metadata of the file.')
      }
-      if (!customValidators.isVideoDurationValid(duration)) {
+      if (!customVideosValidators.isVideoDurationValid(duration)) {
-        return res.status(400).send('Duration of the video file is too big (max: ' + constants.VIDEOS_CONSTRAINTS_FIELDS.DURATION.max + 's).')
+        return res.status(400).send('Duration of the video file is too big (max: ' + constants.CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
      }
      videoFile.duration = duration
@@ -76,6 +77,7 @@ function videosRemove (req, res, next) {
      if (!video) return res.status(404).send('Video not found')
      else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
+      else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
      next()
    })

diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js index 0471b3f92..6c3a9c2b4 100644 --- a/server/middlewares/validators/index.js +++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
4	const podsValidators = require('./pods')	4	const podsValidators = require('./pods')
5	const remoteValidators = require('./remote')	5	const remoteValidators = require('./remote')
6	const sortValidators = require('./sort')	6	const sortValidators = require('./sort')
		7	const usersValidators = require('./users')
7	const videosValidators = require('./videos')	8	const videosValidators = require('./videos')
8		9
9	const validators = {	10	const validators = {
@@ -11,6 +12,7 @@ const validators = {
11	pods: podsValidators,	12	pods: podsValidators,
12	remote: remoteValidators,	13	remote: remoteValidators,
13	sort: sortValidators,	14	sort: sortValidators,
		15	users: usersValidators,
14	videos: videosValidators	16	videos: videosValidators
15	}	17	}
16		18


diff --git a/server/middlewares/validators/pagination.js b/server/middlewares/validators/pagination.js index 8e9a01053..16682696e 100644 --- a/server/middlewares/validators/pagination.js +++ b/server/middlewares/validators/pagination.js
@@ -4,7 +4,7 @@ const checkErrors = require('./utils').checkErrors
4	const logger = require('../../helpers/logger')	4	const logger = require('../../helpers/logger')
5		5
6	const validatorsPagination = {	6	const validatorsPagination = {
7	pagination: pagination	7	pagination
8	}	8	}
9		9
10	function pagination (req, res, next) {	10	function pagination (req, res, next) {


diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js index fda2e865f..fd3d1e2f2 100644 --- a/server/middlewares/validators/pods.js +++ b/server/middlewares/validators/pods.js
@@ -5,23 +5,29 @@ const friends = require('../../lib/friends')
5	const logger = require('../../helpers/logger')	5	const logger = require('../../helpers/logger')
6		6
7	const validatorsPod = {	7	const validatorsPod = {
8	makeFriends: makeFriends,	8	makeFriends,
9	podsAdd: podsAdd	9	podsAdd
10	}	10	}
11		11
12	function makeFriends (req, res, next) {	12	function makeFriends (req, res, next) {
13	friends.hasFriends(function (err, hasFriends) {	13	req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid()
14	if (err) {	14
15	logger.error('Cannot know if we have friends.', { error: err })	15	logger.debug('Checking makeFriends parameters', { parameters: req.body })
16	res.sendStatus(500)	16
17	}	17	checkErrors(req, res, function () {
18		18	friends.hasFriends(function (err, hasFriends) {
19	if (hasFriends === true) {	19	if (err) {
20	// We need to quit our friends before make new ones	20	logger.error('Cannot know if we have friends.', { error: err })
21	res.sendStatus(409)	21	res.sendStatus(500)
22	} else {	22	}
23	return next()	23
24	}	24	if (hasFriends === true) {
		25	// We need to quit our friends before make new ones
		26	res.sendStatus(409)
		27	} else {
		28	return next()
		29	}
		30	})
25	})	31	})
26	}	32	}
27		33


diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js index 1be119458..8c29ef8ca 100644 --- a/server/middlewares/validators/remote.js +++ b/server/middlewares/validators/remote.js
@@ -4,9 +4,9 @@ const checkErrors = require('./utils').checkErrors
4	const logger = require('../../helpers/logger')	4	const logger = require('../../helpers/logger')
5		5
6	const validatorsRemote = {	6	const validatorsRemote = {
7	dataToDecrypt: dataToDecrypt,	7	dataToDecrypt,
8	remoteVideos: remoteVideos,	8	remoteVideos,
9	signature: signature	9	signature
10	}	10	}
11		11
12	function dataToDecrypt (req, res, next) {	12	function dataToDecrypt (req, res, next) {
@@ -19,7 +19,6 @@ function dataToDecrypt (req, res, next) {
19	}	19	}
20		20
21	function remoteVideos (req, res, next) {	21	function remoteVideos (req, res, next) {
22	req.checkBody('data').isArray()
23	req.checkBody('data').isEachRemoteVideosValid()	22	req.checkBody('data').isEachRemoteVideosValid()
24		23
25	logger.debug('Checking remoteVideos parameters', { parameters: req.body })	24	logger.debug('Checking remoteVideos parameters', { parameters: req.body })


diff --git a/server/middlewares/validators/sort.js b/server/middlewares/validators/sort.js index 56b63cc8b..431d3fffd 100644 --- a/server/middlewares/validators/sort.js +++ b/server/middlewares/validators/sort.js
@@ -5,7 +5,18 @@ const constants = require('../../initializers/constants')
5	const logger = require('../../helpers/logger')	5	const logger = require('../../helpers/logger')
6		6
7	const validatorsSort = {	7	const validatorsSort = {
8	videosSort: videosSort	8	usersSort,
		9	videosSort
		10	}
		11
		12	function usersSort (req, res, next) {
		13	const sortableColumns = constants.SORTABLE_COLUMNS.USERS
		14
		15	req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns)
		16
		17	logger.debug('Checking sort parameters', { parameters: req.query })
		18
		19	checkErrors(req, res, next)
9	}	20	}
10		21
11	function videosSort (req, res, next) {	22	function videosSort (req, res, next) {


diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js new file mode 100644 index 000000000..d541e9124 --- /dev/null +++ b/server/middlewares/validators/users.js
@@ -0,0 +1,67 @@
		1	'use strict'
		2
		3	const mongoose = require('mongoose')
		4
		5	const checkErrors = require('./utils').checkErrors
		6	const logger = require('../../helpers/logger')
		7
		8	const User = mongoose.model('User')
		9
		10	const validatorsUsers = {
		11	usersAdd,
		12	usersRemove,
		13	usersUpdate
		14	}
		15
		16	function usersAdd (req, res, next) {
		17	req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
		18	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
		19
		20	logger.debug('Checking usersAdd parameters', { parameters: req.body })
		21
		22	checkErrors(req, res, function () {
		23	User.loadByUsername(req.body.username, function (err, user) {
		24	if (err) {
		25	logger.error('Error in usersAdd request validator.', { error: err })
		26	return res.sendStatus(500)
		27	}
		28
		29	if (user) return res.status(409).send('User already exists.')
		30
		31	next()
		32	})
		33	})
		34	}
		35
		36	function usersRemove (req, res, next) {
		37	req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
		38
		39	logger.debug('Checking usersRemove parameters', { parameters: req.params })
		40
		41	checkErrors(req, res, function () {
		42	User.loadById(req.params.id, function (err, user) {
		43	if (err) {
		44	logger.error('Error in usersRemove request validator.', { error: err })
		45	return res.sendStatus(500)
		46	}
		47
		48	if (!user) return res.status(404).send('User not found')
		49
		50	next()
		51	})
		52	})
		53	}
		54
		55	function usersUpdate (req, res, next) {
		56	req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
		57	// Add old password verification
		58	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
		59
		60	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
		61
		62	checkErrors(req, res, next)
		63	}
		64
		65	// ---------------------------------------------------------------------------
		66
		67	module.exports = validatorsUsers


diff --git a/server/middlewares/validators/utils.js b/server/middlewares/validators/utils.js index f6e5b2b38..3741b84c6 100644 --- a/server/middlewares/validators/utils.js +++ b/server/middlewares/validators/utils.js
@@ -5,7 +5,7 @@ const util = require('util')
5	const logger = require('../../helpers/logger')	5	const logger = require('../../helpers/logger')
6		6
7	const validatorsUtils = {	7	const validatorsUtils = {
8	checkErrors: checkErrors	8	checkErrors
9	}	9	}
10		10
11	function checkErrors (req, res, next, statusCode) {	11	function checkErrors (req, res, next, statusCode) {


diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 3e2af06fb..76e943e77 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js
@@ -4,20 +4,21 @@ const mongoose = require('mongoose')
4		4
5	const checkErrors = require('./utils').checkErrors	5	const checkErrors = require('./utils').checkErrors
6	const constants = require('../../initializers/constants')	6	const constants = require('../../initializers/constants')
7	const customValidators = require('../../helpers/custom-validators')	7	const customVideosValidators = require('../../helpers/custom-validators').videos
8	const logger = require('../../helpers/logger')	8	const logger = require('../../helpers/logger')
9		9
10	const Video = mongoose.model('Video')	10	const Video = mongoose.model('Video')
11		11
12	const validatorsVideos = {	12	const validatorsVideos = {
13	videosAdd: videosAdd,	13	videosAdd,
14	videosGet: videosGet,	14	videosGet,
15	videosRemove: videosRemove,	15	videosRemove,
16	videosSearch: videosSearch	16	videosSearch
17	}	17	}
18		18
19	function videosAdd (req, res, next) {	19	function videosAdd (req, res, next) {
20	req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()	20	req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
		21	// TODO: move to constants and function
21	req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)\|(mp4)\|(ogg)/i)	22	req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)\|(mp4)\|(ogg)/i)
22	req.checkBody('name', 'Should have a valid name').isVideoNameValid()	23	req.checkBody('name', 'Should have a valid name').isVideoNameValid()
23	req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()	24	req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
@@ -33,8 +34,8 @@ function videosAdd (req, res, next) {
33	return res.status(400).send('Cannot retrieve metadata of the file.')	34	return res.status(400).send('Cannot retrieve metadata of the file.')
34	}	35	}
35		36
36	if (!customValidators.isVideoDurationValid(duration)) {	37	if (!customVideosValidators.isVideoDurationValid(duration)) {
37	return res.status(400).send('Duration of the video file is too big (max: ' + constants.VIDEOS_CONSTRAINTS_FIELDS.DURATION.max + 's).')	38	return res.status(400).send('Duration of the video file is too big (max: ' + constants.CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
38	}	39	}
39		40
40	videoFile.duration = duration	41	videoFile.duration = duration
@@ -76,6 +77,7 @@ function videosRemove (req, res, next) {
76		77
77	if (!video) return res.status(404).send('Video not found')	78	if (!video) return res.status(404).send('Video not found')
78	else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')	79	else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
		80	else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
79		81
80	next()	82	next()
81	})	83	})