aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/admin.js22
-rw-r--r--server/middlewares/index.js24
-rw-r--r--server/middlewares/oauth.js6
-rw-r--r--server/middlewares/pagination.js2
-rw-r--r--server/middlewares/pods.js62
-rw-r--r--server/middlewares/search.js2
-rw-r--r--server/middlewares/secure.js42
-rw-r--r--server/middlewares/sort.js9
-rw-r--r--server/middlewares/validators/index.js2
-rw-r--r--server/middlewares/validators/pagination.js2
-rw-r--r--server/middlewares/validators/pods.js34
-rw-r--r--server/middlewares/validators/remote.js7
-rw-r--r--server/middlewares/validators/sort.js13
-rw-r--r--server/middlewares/validators/users.js67
-rw-r--r--server/middlewares/validators/utils.js2
-rw-r--r--server/middlewares/validators/videos.js16
16 files changed, 252 insertions, 60 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
new file mode 100644
index 000000000..e6d9dc887
--- /dev/null
+++ b/server/middlewares/admin.js
@@ -0,0 +1,22 @@
1'use strict'
2
3const constants = require('../initializers/constants')
4const logger = require('../helpers/logger')
5
6const adminMiddleware = {
7 ensureIsAdmin
8}
9
10function ensureIsAdmin (req, res, next) {
11 const user = res.locals.oauth.token.user
12 if (user.role !== constants.USER_ROLES.ADMIN) {
13 logger.info('A non admin user is trying to access to an admin content.')
14 return res.sendStatus(403)
15 }
16
17 return next()
18}
19
20// ---------------------------------------------------------------------------
21
22module.exports = adminMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
index 0a233e701..3f253e31b 100644
--- a/server/middlewares/index.js
+++ b/server/middlewares/index.js
@@ -1,19 +1,23 @@
1'use strict' 1'use strict'
2 2
3const oauth = require('./oauth') 3const adminMiddleware = require('./admin')
4const pagination = require('./pagination') 4const oauthMiddleware = require('./oauth')
5const paginationMiddleware = require('./pagination')
6const podsMiddleware = require('./pods')
5const validatorsMiddleware = require('./validators') 7const validatorsMiddleware = require('./validators')
6const search = require('./search') 8const searchMiddleware = require('./search')
7const sort = require('./sort') 9const sortMiddleware = require('./sort')
8const secureMiddleware = require('./secure') 10const secureMiddleware = require('./secure')
9 11
10const middlewares = { 12const middlewares = {
11 oauth: oauth, 13 admin: adminMiddleware,
12 pagination: pagination, 14 oauth: oauthMiddleware,
13 validators: validatorsMiddleware, 15 pagination: paginationMiddleware,
14 search: search, 16 pods: podsMiddleware,
15 sort: sort, 17 search: searchMiddleware,
16 secure: secureMiddleware 18 secure: secureMiddleware,
19 sort: sortMiddleware,
20 validators: validatorsMiddleware
17} 21}
18 22
19// --------------------------------------------------------------------------- 23// ---------------------------------------------------------------------------
diff --git a/server/middlewares/oauth.js b/server/middlewares/oauth.js
index 91a990509..3a02b9b48 100644
--- a/server/middlewares/oauth.js
+++ b/server/middlewares/oauth.js
@@ -12,8 +12,8 @@ const oAuthServer = new OAuthServer({
12}) 12})
13 13
14const oAuth = { 14const oAuth = {
15 authenticate: authenticate, 15 authenticate,
16 token: token 16 token
17} 17}
18 18
19function authenticate (req, res, next) { 19function authenticate (req, res, next) {
@@ -23,7 +23,7 @@ function authenticate (req, res, next) {
23 return res.sendStatus(500) 23 return res.sendStatus(500)
24 } 24 }
25 25
26 if (res.statusCode === 401 || res.statusCode === 400) return res.end() 26 if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) return res.end()
27 27
28 return next() 28 return next()
29 }) 29 })
diff --git a/server/middlewares/pagination.js b/server/middlewares/pagination.js
index a571e51f6..a90f60aab 100644
--- a/server/middlewares/pagination.js
+++ b/server/middlewares/pagination.js
@@ -3,7 +3,7 @@
3const constants = require('../initializers/constants') 3const constants = require('../initializers/constants')
4 4
5const paginationMiddleware = { 5const paginationMiddleware = {
6 setPagination: setPagination 6 setPagination
7} 7}
8 8
9function setPagination (req, res, next) { 9function setPagination (req, res, next) {
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js
new file mode 100644
index 000000000..6e0874a76
--- /dev/null
+++ b/server/middlewares/pods.js
@@ -0,0 +1,62 @@
1'use strict'
2
3const urlModule = require('url')
4
5const logger = require('../helpers/logger')
6
7const podsMiddleware = {
8 setBodyUrlsPort,
9 setBodyUrlPort
10}
11
12function setBodyUrlsPort (req, res, next) {
13 for (let i = 0; i < req.body.urls.length; i++) {
14 const urlWithPort = getUrlWithPort(req.body.urls[i])
15
16 // Problem with the url parsing?
17 if (urlWithPort === null) {
18 return res.sendStatus(500)
19 }
20
21 req.body.urls[i] = urlWithPort
22 }
23
24 return next()
25}
26
27function setBodyUrlPort (req, res, next) {
28 const urlWithPort = getUrlWithPort(req.body.url)
29
30 // Problem with the url parsing?
31 if (urlWithPort === null) {
32 return res.sendStatus(500)
33 }
34
35 req.body.url = urlWithPort
36
37 return next()
38}
39
40// ---------------------------------------------------------------------------
41
42module.exports = podsMiddleware
43
44// ---------------------------------------------------------------------------
45
46function getUrlWithPort (url) {
47 const urlObj = urlModule.parse(url)
48
49 // Add the port if it is not specified
50 if (urlObj.port === null) {
51 if (urlObj.protocol === 'http:') {
52 return url + ':80'
53 } else if (urlObj.protocol === 'https:') {
54 return url + ':443'
55 } else {
56 logger.error('Unknown url protocol: ' + urlObj.protocol)
57 return null
58 }
59 }
60
61 return url
62}
diff --git a/server/middlewares/search.js b/server/middlewares/search.js
index 89302a564..bb88faf54 100644
--- a/server/middlewares/search.js
+++ b/server/middlewares/search.js
@@ -1,7 +1,7 @@
1'use strict' 1'use strict'
2 2
3const searchMiddleware = { 3const searchMiddleware = {
4 setVideosSearch: setVideosSearch 4 setVideosSearch
5} 5}
6 6
7function setVideosSearch (req, res, next) { 7function setVideosSearch (req, res, next) {
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
index 9779c14ac..58f824d14 100644
--- a/server/middlewares/secure.js
+++ b/server/middlewares/secure.js
@@ -7,10 +7,11 @@ const peertubeCrypto = require('../helpers/peertube-crypto')
7const Pod = mongoose.model('Pod') 7const Pod = mongoose.model('Pod')
8 8
9const secureMiddleware = { 9const secureMiddleware = {
10 decryptBody: decryptBody 10 checkSignature,
11 decryptBody
11} 12}
12 13
13function decryptBody (req, res, next) { 14function checkSignature (req, res, next) {
14 const url = req.body.signature.url 15 const url = req.body.signature.url
15 Pod.loadByUrl(url, function (err, pod) { 16 Pod.loadByUrl(url, function (err, pod) {
16 if (err) { 17 if (err) {
@@ -28,21 +29,30 @@ function decryptBody (req, res, next) {
28 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) 29 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
29 30
30 if (signatureOk === true) { 31 if (signatureOk === true) {
31 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { 32 return next()
32 if (err) { 33 }
33 logger.error('Cannot decrypt data.', { error: err }) 34
34 return res.sendStatus(500) 35 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
35 } 36 return res.sendStatus(403)
36 37 })
37 req.body.data = JSON.parse(decrypted) 38}
38 delete req.body.key 39
39 40function decryptBody (req, res, next) {
40 next() 41 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
41 }) 42 if (err) {
42 } else { 43 logger.error('Cannot decrypt data.', { error: err })
43 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) 44 return res.sendStatus(500)
44 return res.sendStatus(403)
45 } 45 }
46
47 try {
48 req.body.data = JSON.parse(decrypted)
49 delete req.body.key
50 } catch (err) {
51 logger.error('Error in JSON.parse', { error: err })
52 return res.sendStatus(500)
53 }
54
55 next()
46 }) 56 })
47} 57}
48 58
diff --git a/server/middlewares/sort.js b/server/middlewares/sort.js
index 9f52290a6..f0b7274eb 100644
--- a/server/middlewares/sort.js
+++ b/server/middlewares/sort.js
@@ -1,7 +1,14 @@
1'use strict' 1'use strict'
2 2
3const sortMiddleware = { 3const sortMiddleware = {
4 setVideosSort: setVideosSort 4 setUsersSort,
5 setVideosSort
6}
7
8function setUsersSort (req, res, next) {
9 if (!req.query.sort) req.query.sort = '-createdDate'
10
11 return next()
5} 12}
6 13
7function setVideosSort (req, res, next) { 14function setVideosSort (req, res, next) {
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js
index 0471b3f92..6c3a9c2b4 100644
--- a/server/middlewares/validators/index.js
+++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
4const podsValidators = require('./pods') 4const podsValidators = require('./pods')
5const remoteValidators = require('./remote') 5const remoteValidators = require('./remote')
6const sortValidators = require('./sort') 6const sortValidators = require('./sort')
7const usersValidators = require('./users')
7const videosValidators = require('./videos') 8const videosValidators = require('./videos')
8 9
9const validators = { 10const validators = {
@@ -11,6 +12,7 @@ const validators = {
11 pods: podsValidators, 12 pods: podsValidators,
12 remote: remoteValidators, 13 remote: remoteValidators,
13 sort: sortValidators, 14 sort: sortValidators,
15 users: usersValidators,
14 videos: videosValidators 16 videos: videosValidators
15} 17}
16 18
diff --git a/server/middlewares/validators/pagination.js b/server/middlewares/validators/pagination.js
index 8e9a01053..16682696e 100644
--- a/server/middlewares/validators/pagination.js
+++ b/server/middlewares/validators/pagination.js
@@ -4,7 +4,7 @@ const checkErrors = require('./utils').checkErrors
4const logger = require('../../helpers/logger') 4const logger = require('../../helpers/logger')
5 5
6const validatorsPagination = { 6const validatorsPagination = {
7 pagination: pagination 7 pagination
8} 8}
9 9
10function pagination (req, res, next) { 10function pagination (req, res, next) {
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index fda2e865f..fd3d1e2f2 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -5,23 +5,29 @@ const friends = require('../../lib/friends')
5const logger = require('../../helpers/logger') 5const logger = require('../../helpers/logger')
6 6
7const validatorsPod = { 7const validatorsPod = {
8 makeFriends: makeFriends, 8 makeFriends,
9 podsAdd: podsAdd 9 podsAdd
10} 10}
11 11
12function makeFriends (req, res, next) { 12function makeFriends (req, res, next) {
13 friends.hasFriends(function (err, hasFriends) { 13 req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid()
14 if (err) { 14
15 logger.error('Cannot know if we have friends.', { error: err }) 15 logger.debug('Checking makeFriends parameters', { parameters: req.body })
16 res.sendStatus(500) 16
17 } 17 checkErrors(req, res, function () {
18 18 friends.hasFriends(function (err, hasFriends) {
19 if (hasFriends === true) { 19 if (err) {
20 // We need to quit our friends before make new ones 20 logger.error('Cannot know if we have friends.', { error: err })
21 res.sendStatus(409) 21 res.sendStatus(500)
22 } else { 22 }
23 return next() 23
24 } 24 if (hasFriends === true) {
25 // We need to quit our friends before make new ones
26 res.sendStatus(409)
27 } else {
28 return next()
29 }
30 })
25 }) 31 })
26} 32}
27 33
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js
index 1be119458..8c29ef8ca 100644
--- a/server/middlewares/validators/remote.js
+++ b/server/middlewares/validators/remote.js
@@ -4,9 +4,9 @@ const checkErrors = require('./utils').checkErrors
4const logger = require('../../helpers/logger') 4const logger = require('../../helpers/logger')
5 5
6const validatorsRemote = { 6const validatorsRemote = {
7 dataToDecrypt: dataToDecrypt, 7 dataToDecrypt,
8 remoteVideos: remoteVideos, 8 remoteVideos,
9 signature: signature 9 signature
10} 10}
11 11
12function dataToDecrypt (req, res, next) { 12function dataToDecrypt (req, res, next) {
@@ -19,7 +19,6 @@ function dataToDecrypt (req, res, next) {
19} 19}
20 20
21function remoteVideos (req, res, next) { 21function remoteVideos (req, res, next) {
22 req.checkBody('data').isArray()
23 req.checkBody('data').isEachRemoteVideosValid() 22 req.checkBody('data').isEachRemoteVideosValid()
24 23
25 logger.debug('Checking remoteVideos parameters', { parameters: req.body }) 24 logger.debug('Checking remoteVideos parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/sort.js b/server/middlewares/validators/sort.js
index 56b63cc8b..431d3fffd 100644
--- a/server/middlewares/validators/sort.js
+++ b/server/middlewares/validators/sort.js
@@ -5,7 +5,18 @@ const constants = require('../../initializers/constants')
5const logger = require('../../helpers/logger') 5const logger = require('../../helpers/logger')
6 6
7const validatorsSort = { 7const validatorsSort = {
8 videosSort: videosSort 8 usersSort,
9 videosSort
10}
11
12function usersSort (req, res, next) {
13 const sortableColumns = constants.SORTABLE_COLUMNS.USERS
14
15 req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns)
16
17 logger.debug('Checking sort parameters', { parameters: req.query })
18
19 checkErrors(req, res, next)
9} 20}
10 21
11function videosSort (req, res, next) { 22function videosSort (req, res, next) {
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
new file mode 100644
index 000000000..d541e9124
--- /dev/null
+++ b/server/middlewares/validators/users.js
@@ -0,0 +1,67 @@
1'use strict'
2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors
6const logger = require('../../helpers/logger')
7
8const User = mongoose.model('User')
9
10const validatorsUsers = {
11 usersAdd,
12 usersRemove,
13 usersUpdate
14}
15
16function usersAdd (req, res, next) {
17 req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
18 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
19
20 logger.debug('Checking usersAdd parameters', { parameters: req.body })
21
22 checkErrors(req, res, function () {
23 User.loadByUsername(req.body.username, function (err, user) {
24 if (err) {
25 logger.error('Error in usersAdd request validator.', { error: err })
26 return res.sendStatus(500)
27 }
28
29 if (user) return res.status(409).send('User already exists.')
30
31 next()
32 })
33 })
34}
35
36function usersRemove (req, res, next) {
37 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
38
39 logger.debug('Checking usersRemove parameters', { parameters: req.params })
40
41 checkErrors(req, res, function () {
42 User.loadById(req.params.id, function (err, user) {
43 if (err) {
44 logger.error('Error in usersRemove request validator.', { error: err })
45 return res.sendStatus(500)
46 }
47
48 if (!user) return res.status(404).send('User not found')
49
50 next()
51 })
52 })
53}
54
55function usersUpdate (req, res, next) {
56 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
57 // Add old password verification
58 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
59
60 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
61
62 checkErrors(req, res, next)
63}
64
65// ---------------------------------------------------------------------------
66
67module.exports = validatorsUsers
diff --git a/server/middlewares/validators/utils.js b/server/middlewares/validators/utils.js
index f6e5b2b38..3741b84c6 100644
--- a/server/middlewares/validators/utils.js
+++ b/server/middlewares/validators/utils.js
@@ -5,7 +5,7 @@ const util = require('util')
5const logger = require('../../helpers/logger') 5const logger = require('../../helpers/logger')
6 6
7const validatorsUtils = { 7const validatorsUtils = {
8 checkErrors: checkErrors 8 checkErrors
9} 9}
10 10
11function checkErrors (req, res, next, statusCode) { 11function checkErrors (req, res, next, statusCode) {
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 3e2af06fb..76e943e77 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -4,20 +4,21 @@ const mongoose = require('mongoose')
4 4
5const checkErrors = require('./utils').checkErrors 5const checkErrors = require('./utils').checkErrors
6const constants = require('../../initializers/constants') 6const constants = require('../../initializers/constants')
7const customValidators = require('../../helpers/custom-validators') 7const customVideosValidators = require('../../helpers/custom-validators').videos
8const logger = require('../../helpers/logger') 8const logger = require('../../helpers/logger')
9 9
10const Video = mongoose.model('Video') 10const Video = mongoose.model('Video')
11 11
12const validatorsVideos = { 12const validatorsVideos = {
13 videosAdd: videosAdd, 13 videosAdd,
14 videosGet: videosGet, 14 videosGet,
15 videosRemove: videosRemove, 15 videosRemove,
16 videosSearch: videosSearch 16 videosSearch
17} 17}
18 18
19function videosAdd (req, res, next) { 19function videosAdd (req, res, next) {
20 req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty() 20 req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
21 // TODO: move to constants and function
21 req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) 22 req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
22 req.checkBody('name', 'Should have a valid name').isVideoNameValid() 23 req.checkBody('name', 'Should have a valid name').isVideoNameValid()
23 req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() 24 req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
@@ -33,8 +34,8 @@ function videosAdd (req, res, next) {
33 return res.status(400).send('Cannot retrieve metadata of the file.') 34 return res.status(400).send('Cannot retrieve metadata of the file.')
34 } 35 }
35 36
36 if (!customValidators.isVideoDurationValid(duration)) { 37 if (!customVideosValidators.isVideoDurationValid(duration)) {
37 return res.status(400).send('Duration of the video file is too big (max: ' + constants.VIDEOS_CONSTRAINTS_FIELDS.DURATION.max + 's).') 38 return res.status(400).send('Duration of the video file is too big (max: ' + constants.CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
38 } 39 }
39 40
40 videoFile.duration = duration 41 videoFile.duration = duration
@@ -76,6 +77,7 @@ function videosRemove (req, res, next) {
76 77
77 if (!video) return res.status(404).send('Video not found') 78 if (!video) return res.status(404).send('Video not found')
78 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') 79 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
80 else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
79 81
80 next() 82 next()
81 }) 83 })