diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/blocklist.ts | 12 | ||||
-rw-r--r-- | server/middlewares/validators/bulk.ts | 41 |
2 files changed, 45 insertions, 8 deletions
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 27224ff9b..c24fa9609 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts | |||
@@ -24,8 +24,7 @@ const blockAccountValidator = [ | |||
24 | 24 | ||
25 | if (user.Account.id === accountToBlock.id) { | 25 | if (user.Account.id === accountToBlock.id) { |
26 | res.status(409) | 26 | res.status(409) |
27 | .send({ error: 'You cannot block yourself.' }) | 27 | .json({ error: 'You cannot block yourself.' }) |
28 | .end() | ||
29 | 28 | ||
30 | return | 29 | return |
31 | } | 30 | } |
@@ -80,8 +79,7 @@ const blockServerValidator = [ | |||
80 | 79 | ||
81 | if (host === WEBSERVER.HOST) { | 80 | if (host === WEBSERVER.HOST) { |
82 | return res.status(409) | 81 | return res.status(409) |
83 | .send({ error: 'You cannot block your own server.' }) | 82 | .json({ error: 'You cannot block your own server.' }) |
84 | .end() | ||
85 | } | 83 | } |
86 | 84 | ||
87 | const server = await ServerModel.loadOrCreateByHost(host) | 85 | const server = await ServerModel.loadOrCreateByHost(host) |
@@ -139,8 +137,7 @@ async function doesUnblockAccountExist (accountId: number, targetAccountId: numb | |||
139 | const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) | 137 | const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) |
140 | if (!accountBlock) { | 138 | if (!accountBlock) { |
141 | res.status(404) | 139 | res.status(404) |
142 | .send({ error: 'Account block entry not found.' }) | 140 | .json({ error: 'Account block entry not found.' }) |
143 | .end() | ||
144 | 141 | ||
145 | return false | 142 | return false |
146 | } | 143 | } |
@@ -154,8 +151,7 @@ async function doesUnblockServerExist (accountId: number, host: string, res: exp | |||
154 | const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) | 151 | const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) |
155 | if (!serverBlock) { | 152 | if (!serverBlock) { |
156 | res.status(404) | 153 | res.status(404) |
157 | .send({ error: 'Server block entry not found.' }) | 154 | .json({ error: 'Server block entry not found.' }) |
158 | .end() | ||
159 | 155 | ||
160 | return false | 156 | return false |
161 | } | 157 | } |
diff --git a/server/middlewares/validators/bulk.ts b/server/middlewares/validators/bulk.ts new file mode 100644 index 000000000..f9b0f565a --- /dev/null +++ b/server/middlewares/validators/bulk.ts | |||
@@ -0,0 +1,41 @@ | |||
1 | import * as express from 'express' | ||
2 | import { body } from 'express-validator' | ||
3 | import { isBulkRemoveCommentsOfScopeValid } from '@server/helpers/custom-validators/bulk' | ||
4 | import { doesAccountNameWithHostExist } from '@server/helpers/middlewares' | ||
5 | import { UserRight } from '@shared/models' | ||
6 | import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' | ||
7 | import { logger } from '../../helpers/logger' | ||
8 | import { areValidationErrors } from './utils' | ||
9 | |||
10 | const bulkRemoveCommentsOfValidator = [ | ||
11 | body('accountName').exists().withMessage('Should have an account name with host'), | ||
12 | body('scope') | ||
13 | .custom(isBulkRemoveCommentsOfScopeValid).withMessage('Should have a valid scope'), | ||
14 | |||
15 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
16 | logger.debug('Checking bulkRemoveCommentsOfValidator parameters', { parameters: req.body }) | ||
17 | |||
18 | if (areValidationErrors(req, res)) return | ||
19 | if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return | ||
20 | |||
21 | const user = res.locals.oauth.token.User | ||
22 | const body = req.body as BulkRemoveCommentsOfBody | ||
23 | |||
24 | if (body.scope === 'instance' && user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) !== true) { | ||
25 | return res.status(403) | ||
26 | .json({ | ||
27 | error: 'User cannot remove any comments of this instance.' | ||
28 | }) | ||
29 | } | ||
30 | |||
31 | return next() | ||
32 | } | ||
33 | ] | ||
34 | |||
35 | // --------------------------------------------------------------------------- | ||
36 | |||
37 | export { | ||
38 | bulkRemoveCommentsOfValidator | ||
39 | } | ||
40 | |||
41 | // --------------------------------------------------------------------------- | ||