diff options
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/csp.ts | 2 | ||||
| -rw-r--r-- | server/middlewares/validators/redundancy.ts | 33 | ||||
| -rw-r--r-- | server/middlewares/validators/users.ts | 2 |
3 files changed, 32 insertions, 5 deletions
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index 8b919af0d..5fa9d1ab5 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts | |||
| @@ -16,7 +16,7 @@ const baseDirectives = Object.assign({}, | |||
| 16 | baseUri: ["'self'"], | 16 | baseUri: ["'self'"], |
| 17 | manifestSrc: ["'self'"], | 17 | manifestSrc: ["'self'"], |
| 18 | frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed | 18 | frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed |
| 19 | workerSrc: ["'self'"] // instead of deprecated child-src | 19 | workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src |
| 20 | }, | 20 | }, |
| 21 | CONFIG.SERVICES['CSP-LOGGER'] ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {}, | 21 | CONFIG.SERVICES['CSP-LOGGER'] ? { reportUri: CONFIG.SERVICES['CSP-LOGGER'] } : {}, |
| 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {} | 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {} |
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index c72ab78b2..329322509 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts | |||
| @@ -13,7 +13,7 @@ import { ActorFollowModel } from '../../models/activitypub/actor-follow' | |||
| 13 | import { SERVER_ACTOR_NAME } from '../../initializers' | 13 | import { SERVER_ACTOR_NAME } from '../../initializers' |
| 14 | import { ServerModel } from '../../models/server/server' | 14 | import { ServerModel } from '../../models/server/server' |
| 15 | 15 | ||
| 16 | const videoRedundancyGetValidator = [ | 16 | const videoFileRedundancyGetValidator = [ |
| 17 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 17 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), |
| 18 | param('resolution') | 18 | param('resolution') |
| 19 | .customSanitizer(toIntOrNull) | 19 | .customSanitizer(toIntOrNull) |
| @@ -24,7 +24,7 @@ const videoRedundancyGetValidator = [ | |||
| 24 | .custom(exists).withMessage('Should have a valid fps'), | 24 | .custom(exists).withMessage('Should have a valid fps'), |
| 25 | 25 | ||
| 26 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 26 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 27 | logger.debug('Checking videoRedundancyGetValidator parameters', { parameters: req.params }) | 27 | logger.debug('Checking videoFileRedundancyGetValidator parameters', { parameters: req.params }) |
| 28 | 28 | ||
| 29 | if (areValidationErrors(req, res)) return | 29 | if (areValidationErrors(req, res)) return |
| 30 | if (!await isVideoExist(req.params.videoId, res)) return | 30 | if (!await isVideoExist(req.params.videoId, res)) return |
| @@ -38,7 +38,31 @@ const videoRedundancyGetValidator = [ | |||
| 38 | res.locals.videoFile = videoFile | 38 | res.locals.videoFile = videoFile |
| 39 | 39 | ||
| 40 | const videoRedundancy = await VideoRedundancyModel.loadLocalByFileId(videoFile.id) | 40 | const videoRedundancy = await VideoRedundancyModel.loadLocalByFileId(videoFile.id) |
| 41 | if (!videoRedundancy)return res.status(404).json({ error: 'Video redundancy not found.' }) | 41 | if (!videoRedundancy) return res.status(404).json({ error: 'Video redundancy not found.' }) |
| 42 | res.locals.videoRedundancy = videoRedundancy | ||
| 43 | |||
| 44 | return next() | ||
| 45 | } | ||
| 46 | ] | ||
| 47 | |||
| 48 | const videoPlaylistRedundancyGetValidator = [ | ||
| 49 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | ||
| 50 | param('streamingPlaylistType').custom(exists).withMessage('Should have a valid streaming playlist type'), | ||
| 51 | |||
| 52 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
| 53 | logger.debug('Checking videoPlaylistRedundancyGetValidator parameters', { parameters: req.params }) | ||
| 54 | |||
| 55 | if (areValidationErrors(req, res)) return | ||
| 56 | if (!await isVideoExist(req.params.videoId, res)) return | ||
| 57 | |||
| 58 | const video: VideoModel = res.locals.video | ||
| 59 | const videoStreamingPlaylist = video.VideoStreamingPlaylists.find(p => p === req.params.streamingPlaylistType) | ||
| 60 | |||
| 61 | if (!videoStreamingPlaylist) return res.status(404).json({ error: 'Video playlist not found.' }) | ||
| 62 | res.locals.videoStreamingPlaylist = videoStreamingPlaylist | ||
| 63 | |||
| 64 | const videoRedundancy = await VideoRedundancyModel.loadLocalByStreamingPlaylistId(videoStreamingPlaylist.id) | ||
| 65 | if (!videoRedundancy) return res.status(404).json({ error: 'Video redundancy not found.' }) | ||
| 42 | res.locals.videoRedundancy = videoRedundancy | 66 | res.locals.videoRedundancy = videoRedundancy |
| 43 | 67 | ||
| 44 | return next() | 68 | return next() |
| @@ -75,6 +99,7 @@ const updateServerRedundancyValidator = [ | |||
| 75 | // --------------------------------------------------------------------------- | 99 | // --------------------------------------------------------------------------- |
| 76 | 100 | ||
| 77 | export { | 101 | export { |
| 78 | videoRedundancyGetValidator, | 102 | videoFileRedundancyGetValidator, |
| 103 | videoPlaylistRedundancyGetValidator, | ||
| 79 | updateServerRedundancyValidator | 104 | updateServerRedundancyValidator |
| 80 | } | 105 | } |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 1bb0bfb1b..a52e3060a 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -113,6 +113,7 @@ const deleteMeValidator = [ | |||
| 113 | 113 | ||
| 114 | const usersUpdateValidator = [ | 114 | const usersUpdateValidator = [ |
| 115 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 115 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
| 116 | body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'), | ||
| 116 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | 117 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
| 117 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), | 118 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), |
| 118 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 119 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
| @@ -233,6 +234,7 @@ const usersAskResetPasswordValidator = [ | |||
| 233 | logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body }) | 234 | logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body }) |
| 234 | 235 | ||
| 235 | if (areValidationErrors(req, res)) return | 236 | if (areValidationErrors(req, res)) return |
| 237 | |||
| 236 | const exists = await checkUserEmailExist(req.body.email, res, false) | 238 | const exists = await checkUserEmailExist(req.body.email, res, false) |
| 237 | if (!exists) { | 239 | if (!exists) { |
| 238 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) | 240 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) |