diff options
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/validators/config.ts | 16 | ||||
| -rw-r--r-- | server/middlewares/validators/oembed.ts | 7 |
2 files changed, 17 insertions, 6 deletions
diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts index 16a840667..5f1ac89bc 100644 --- a/server/middlewares/validators/config.ts +++ b/server/middlewares/validators/config.ts | |||
| @@ -1,13 +1,14 @@ | |||
| 1 | import express from 'express' | 1 | import express from 'express' |
| 2 | import { body } from 'express-validator' | 2 | import { body } from 'express-validator' |
| 3 | import { isIntOrNull } from '@server/helpers/custom-validators/misc' | 3 | import { isIntOrNull } from '@server/helpers/custom-validators/misc' |
| 4 | import { isEmailEnabled } from '@server/initializers/config' | 4 | import { CONFIG, isEmailEnabled } from '@server/initializers/config' |
| 5 | import { CustomConfig } from '../../../shared/models/server/custom-config.model' | 5 | import { CustomConfig } from '../../../shared/models/server/custom-config.model' |
| 6 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' | 6 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' |
| 7 | import { isUserNSFWPolicyValid, isUserVideoQuotaDailyValid, isUserVideoQuotaValid } from '../../helpers/custom-validators/users' | 7 | import { isUserNSFWPolicyValid, isUserVideoQuotaDailyValid, isUserVideoQuotaValid } from '../../helpers/custom-validators/users' |
| 8 | import { logger } from '../../helpers/logger' | 8 | import { logger } from '../../helpers/logger' |
| 9 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' | 9 | import { isThemeRegistered } from '../../lib/plugins/theme-utils' |
| 10 | import { areValidationErrors } from './shared' | 10 | import { areValidationErrors } from './shared' |
| 11 | import { HttpStatusCode } from '@shared/models/http/http-error-codes' | ||
| 11 | 12 | ||
| 12 | const customConfigUpdateValidator = [ | 13 | const customConfigUpdateValidator = [ |
| 13 | body('instance.name').exists().withMessage('Should have a valid instance name'), | 14 | body('instance.name').exists().withMessage('Should have a valid instance name'), |
| @@ -104,10 +105,21 @@ const customConfigUpdateValidator = [ | |||
| 104 | } | 105 | } |
| 105 | ] | 106 | ] |
| 106 | 107 | ||
| 108 | function ensureConfigIsEditable (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
| 109 | if (!CONFIG.WEBADMIN.CONFIGURATION.EDITS.ALLOWED) { | ||
| 110 | return res.fail({ | ||
| 111 | status: HttpStatusCode.METHOD_NOT_ALLOWED_405, | ||
| 112 | message: 'Server configuration is static and cannot be edited' | ||
| 113 | }) | ||
| 114 | } | ||
| 115 | return next() | ||
| 116 | } | ||
| 117 | |||
| 107 | // --------------------------------------------------------------------------- | 118 | // --------------------------------------------------------------------------- |
| 108 | 119 | ||
| 109 | export { | 120 | export { |
| 110 | customConfigUpdateValidator | 121 | customConfigUpdateValidator, |
| 122 | ensureConfigIsEditable | ||
| 111 | } | 123 | } |
| 112 | 124 | ||
| 113 | function checkInvalidConfigIfEmailDisabled (customConfig: CustomConfig, res: express.Response) { | 125 | function checkInvalidConfigIfEmailDisabled (customConfig: CustomConfig, res: express.Response) { |
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index 96c8adc99..32dd05271 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
| @@ -28,7 +28,6 @@ function buildUrls (paths: string[]) { | |||
| 28 | const startPlaylistURLs = buildUrls(playlistPaths) | 28 | const startPlaylistURLs = buildUrls(playlistPaths) |
| 29 | const startVideoURLs = buildUrls(videoPaths) | 29 | const startVideoURLs = buildUrls(videoPaths) |
| 30 | 30 | ||
| 31 | const watchRegex = /([^/]+)$/ | ||
| 32 | const isURLOptions = { | 31 | const isURLOptions = { |
| 33 | require_host: true, | 32 | require_host: true, |
| 34 | require_tld: true | 33 | require_tld: true |
| @@ -81,9 +80,9 @@ const oembedValidator = [ | |||
| 81 | 80 | ||
| 82 | const startIsOk = isVideo || isPlaylist | 81 | const startIsOk = isVideo || isPlaylist |
| 83 | 82 | ||
| 84 | const matches = watchRegex.exec(urlPath) | 83 | const parts = urlPath.split('/') |
| 85 | 84 | ||
| 86 | if (startIsOk === false || matches === null) { | 85 | if (startIsOk === false || parts.length === 0) { |
| 87 | return res.fail({ | 86 | return res.fail({ |
| 88 | status: HttpStatusCode.BAD_REQUEST_400, | 87 | status: HttpStatusCode.BAD_REQUEST_400, |
| 89 | message: 'Invalid url.', | 88 | message: 'Invalid url.', |
| @@ -93,7 +92,7 @@ const oembedValidator = [ | |||
| 93 | }) | 92 | }) |
| 94 | } | 93 | } |
| 95 | 94 | ||
| 96 | const elementId = toCompleteUUID(matches[1]) | 95 | const elementId = toCompleteUUID(parts.pop()) |
| 97 | if (isIdOrUUIDValid(elementId) === false) { | 96 | if (isIdOrUUIDValid(elementId) === false) { |
| 98 | return res.fail({ message: 'Invalid video or playlist id.' }) | 97 | return res.fail({ message: 'Invalid video or playlist id.' }) |
| 99 | } | 98 | } |