16 files changed, 60 insertions, 62 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index f3feae41e..ab7d04d25 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -6,6 +6,7 @@ import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/co
 import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
 import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger'
 import { isActorDeleteActivityValid } from '@server/helpers/custom-validators/activitypub/actor'
+import { getAPId } from '@server/helpers/activitypub'
 async function checkSignature (req: Request, res: Response, next: NextFunction) {
  try {
@@ -16,7 +17,7 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
    // Forwarded activity
    const bodyActor = req.body.actor
-    const bodyActorId = bodyActor && bodyActor.id ? bodyActor.id : bodyActor
+    const bodyActorId = getAPId(bodyActor)
    if (bodyActorId && bodyActorId !== actor.url) {
      const jsonLDSignatureChecked = await checkJsonLDSignature(req, res)
      if (jsonLDSignatureChecked !== true) return
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index d11d70790..f5de69603 100644
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -3,20 +3,20 @@ import { CONFIG } from '../initializers/config'
 const baseDirectives = Object.assign({},
  {
-    defaultSrc: ["'none'"], // by default, not specifying default-src = '*'
+    defaultSrc: [ '\'none\'' ], // by default, not specifying default-src = '*'
-    connectSrc: ['*', 'data:'],
+    connectSrc: [ '*', 'data:' ],
-    mediaSrc: ["'self'", 'https:', 'blob:'],
+    mediaSrc: [ '\'self\'', 'https:', 'blob:' ],
-    fontSrc: ["'self'", 'data:'],
+    fontSrc: [ '\'self\'', 'data:' ],
-    imgSrc: ["'self'", 'data:', 'blob:'],
+    imgSrc: [ '\'self\'', 'data:', 'blob:' ],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
+    scriptSrc: [ '\'self\' \'unsafe-inline\' \'unsafe-eval\'', 'blob:' ],
-    styleSrc: ["'self' 'unsafe-inline'"],
+    styleSrc: [ '\'self\' \'unsafe-inline\'' ],
-    objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
+    objectSrc: [ '\'none\'' ], // only define to allow plugins, else let defaultSrc 'none' block it
-    formAction: ["'self'"],
+    formAction: [ '\'self\'' ],
-    frameAncestors: ["'none'"],
+    frameAncestors: [ '\'none\'' ],
-    baseUri: ["'self'"],
+    baseUri: [ '\'self\'' ],
-    manifestSrc: ["'self'"],
+    manifestSrc: [ '\'self\'' ],
-    frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
+    frameSrc: [ '\'self\'' ], // instead of deprecated child-src / self because of test-embed
-    workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src
+    workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src
  },
  CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {},
  CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
@@ -29,7 +29,7 @@ const baseCSP = helmet.contentSecurityPolicy({
 })
 const embedCSP = helmet.contentSecurityPolicy({
-  directives: Object.assign({}, baseDirectives, { frameAncestors: ['*'] }),
+  directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }),
  browserSniff: false, // assumes a modern browser, but allows CDN in front
  reportOnly: CONFIG.CSP.REPORT_ONLY
 })
diff --git a/server/middlewares/dnt.ts b/server/middlewares/dnt.ts
index 607def855..dd88005dd 100644
--- a/server/middlewares/dnt.ts
+++ b/server/middlewares/dnt.ts
@@ -1,6 +1,3 @@
-import * as ipaddr from 'ipaddr.js'
-import { format } from 'util'
 const advertiseDoNotTrack = (_, res, next) => {
  res.setHeader('Tk', 'N')
  return next()
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index 749f5cccd..9eef03bb4 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -51,6 +51,7 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
      return next()
    })
+    .catch(err => logger.error('Cannot get access token.', { err }))
 }
 function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
diff --git a/server/middlewares/sort.ts b/server/middlewares/sort.ts
index 75238228f..fcbb2902c 100644
--- a/server/middlewares/sort.ts
+++ b/server/middlewares/sort.ts
@@ -8,7 +8,7 @@ const setDefaultVideoRedundanciesSort = setDefaultSortFactory('name')
 const setDefaultSearchSort = setDefaultSortFactory('-match')
 function setBlacklistSort (req: express.Request, res: express.Response, next: express.NextFunction) {
-  let newSort: SortType = { sortModel: undefined, sortValue: '' }
+  const newSort: SortType = { sortModel: undefined, sortValue: '' }
  if (!req.query.sort) req.query.sort = '-createdAt'
diff --git a/server/middlewares/validators/avatar.ts b/server/middlewares/validators/avatar.ts
index 8623d07e8..2acb97483 100644
--- a/server/middlewares/validators/avatar.ts
+++ b/server/middlewares/validators/avatar.ts
@@ -8,8 +8,8 @@ import { cleanUpReqFiles } from '../../helpers/express-utils'
 const updateAvatarValidator = [
  body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
-    'This file is not supported or too large. Please, make sure it is of the following type : '
+    'This file is not supported or too large. Please, make sure it is of the following type : ' +
-    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
+    CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
  ),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts
index 2d1f61947..ceab646c0 100644
--- a/server/middlewares/validators/config.ts
+++ b/server/middlewares/validators/config.ts
@@ -55,7 +55,7 @@ const customConfigUpdateValidator = [
  body('theme.default').custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking customConfigUpdateValidator parameters', { parameters: req.body })
    if (areValidationErrors(req, res)) return
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index 29f6c87be..f34c2b174 100644
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -22,13 +22,13 @@ function setFeedFormatContentType (req: express.Request, res: express.Response,
  let acceptableContentTypes: string[]
  if (format === 'atom' || format === 'atom1') {
-    acceptableContentTypes = ['application/atom+xml', 'application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/atom+xml', 'application/xml', 'text/xml' ]
  } else if (format === 'json' || format === 'json1') {
-    acceptableContentTypes = ['application/json']
+    acceptableContentTypes = [ 'application/json' ]
  } else if (format === 'rss' || format === 'rss2') {
-    acceptableContentTypes = ['application/rss+xml', 'application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/rss+xml', 'application/xml', 'text/xml' ]
  } else {
-    acceptableContentTypes = ['application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/xml', 'text/xml' ]
  }
  if (req.accepts(acceptableContentTypes)) {
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts
index 16b42fc0d..8cd3bc33d 100644
--- a/server/middlewares/validators/redundancy.ts
+++ b/server/middlewares/validators/redundancy.ts
@@ -106,7 +106,7 @@ const listVideoRedundanciesValidator = [
  query('target')
    .custom(isVideoRedundancyTarget).withMessage('Should have a valid video redundancies target'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking listVideoRedundanciesValidator parameters', { parameters: req.query })
    if (areValidationErrors(req, res)) return
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index c78c67a8c..5d52b5804 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -36,7 +36,6 @@ import { doesVideoExist } from '../../helpers/middlewares'
 import { UserRole } from '../../../shared/models/users'
 import { MUserDefault } from '@server/typings/models'
 import { Hooks } from '@server/lib/plugins/hooks'
-import { isLocalVideoAccepted } from '@server/lib/moderation'
 const usersAddValidator = [
  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -149,7 +148,7 @@ const usersBlockingValidator = [
 ]
 const deleteMeValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user = res.locals.oauth.token.User
    if (user.username === 'root') {
      return res.status(400)
@@ -303,7 +302,7 @@ const ensureUserRegistrationAllowed = [
 ]
 const ensureUserRegistrationAllowedForIP = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const allowed = isSignupAllowedForCurrentIP(req.ip)
    if (allowed === false) {
@@ -410,7 +409,7 @@ const userAutocompleteValidator = [
 ]
 const ensureAuthUserOwnsAccountValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user = res.locals.oauth.token.User
    if (res.locals.account.id !== user.Account.id) {
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts
index 7b0cd6f66..872d9c2ab 100644
--- a/server/middlewares/validators/videos/video-captions.ts
+++ b/server/middlewares/validators/videos/video-captions.ts
@@ -13,10 +13,12 @@ const addVideoCaptionValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
  param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'),
  body('captionfile')
-    .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')).withMessage(
+    .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile'))
-    `This caption file is not supported or too large. Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: `
+    .withMessage(
-    + Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ')
+      'This caption file is not supported or too large. ' +
-  ),
+      `Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: ` +
+      Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ')
+    ),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking addVideoCaption parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 77c5f940d..da2fafb10 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -50,7 +50,7 @@ const addVideoCommentThreadValidator = [
    if (areValidationErrors(req, res)) return
    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
-    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll,false)) return
+    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
    return next()
  }
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 318dad100..5dc5db533 100644
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -22,10 +22,11 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
    .optional()
    .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
  body('torrentfile')
-    .custom((value, { req }) => isVideoImportTorrentFile(req.files)).withMessage(
+    .custom((value, { req }) => isVideoImportTorrentFile(req.files))
-    'This torrent file is not supported or too large. Please, make sure it is of the following type: '
+    .withMessage(
-    + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
+      'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
-  ),
+      CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
+    ),
  body('name')
    .optional()
    .custom(isVideoNameValid).withMessage('Should have a valid name'),
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 1d67e8666..6b15c5464 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -384,10 +384,11 @@ export {
 function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
-      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
+      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile'))
-      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
+      .withMessage(
-      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
+        'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
-    ),
+        CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
+      ),
    body('description')
      .optional()
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts
index 5d5fae8aa..cbc144f69 100644
--- a/server/middlewares/validators/videos/video-rates.ts
+++ b/server/middlewares/validators/videos/video-rates.ts
@@ -51,7 +51,7 @@ const getAccountVideoRateValidatorFactory = function (rateType: VideoRateType) {
 const videoRatingValidator = [
  query('rating').optional().custom(isRatingValid).withMessage('Value must be one of "like" or "dislike"'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking rating parameter', { parameters: req.params })
    if (areValidationErrors(req, res)) return
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 6733d9dec..11dd02706 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -49,8 +49,8 @@ import { getVideoWithAttributes } from '../../../helpers/video'
 const videosAddValidator = getCommonVideoEditAttributes().concat([
  body('videofile')
    .custom((value, { req }) => isVideoFile(req.files)).withMessage(
-      'This file is not supported or too large. Please, make sure it is of the following type: '
+      'This file is not supported or too large. Please, make sure it is of the following type: ' +
-      + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
+      CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
    ),
  body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
  body('channelId')
@@ -245,19 +245,15 @@ const videosTerminateChangeOwnershipValidator = [
    // Check if the user who did the request is able to change the ownership of the video
    if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
-    return next()
-  },
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const videoChangeOwnership = res.locals.videoChangeOwnership
-    if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
+    if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
-      return next()
-    } else {
      res.status(403)
-        .json({ error: 'Ownership already accepted or refused' })
+         .json({ error: 'Ownership already accepted or refused' })
      return
    }
+    return next()
  }
 ]
@@ -284,14 +280,14 @@ function getCommonVideoEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
-      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
+        'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
-      + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
+        CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
-    ),
+      ),
    body('previewfile')
      .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
-      'This preview file is not supported or too large. Please, make sure it is of the following type: '
+        'This preview file is not supported or too large. Please, make sure it is of the following type: ' +
-      + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
+        CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
-    ),
+      ),
    body('category')
      .optional()