aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/pods.js1
-rw-r--r--server/middlewares/secure.js6
-rw-r--r--server/middlewares/sort.js4
-rw-r--r--server/middlewares/validators/users.js13
-rw-r--r--server/middlewares/validators/videos.js17
5 files changed, 16 insertions, 25 deletions
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js
index 487ea1259..e38fb341d 100644
--- a/server/middlewares/pods.js
+++ b/server/middlewares/pods.js
@@ -44,7 +44,6 @@ module.exports = podsMiddleware
44function getHostWithPort (host) { 44function getHostWithPort (host) {
45 const splitted = host.split(':') 45 const splitted = host.split(':')
46 46
47 console.log(splitted)
48 // The port was not specified 47 // The port was not specified
49 if (splitted.length === 1) { 48 if (splitted.length === 1) {
50 if (constants.REMOTE_SCHEME.HTTP === 'https') return host + ':443' 49 if (constants.REMOTE_SCHEME.HTTP === 'https') return host + ':443'
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
index ee836beed..b7b4cdfb4 100644
--- a/server/middlewares/secure.js
+++ b/server/middlewares/secure.js
@@ -1,18 +1,16 @@
1'use strict' 1'use strict'
2 2
3const db = require('../initializers/database')
3const logger = require('../helpers/logger') 4const logger = require('../helpers/logger')
4const mongoose = require('mongoose')
5const peertubeCrypto = require('../helpers/peertube-crypto') 5const peertubeCrypto = require('../helpers/peertube-crypto')
6 6
7const Pod = mongoose.model('Pod')
8
9const secureMiddleware = { 7const secureMiddleware = {
10 checkSignature 8 checkSignature
11} 9}
12 10
13function checkSignature (req, res, next) { 11function checkSignature (req, res, next) {
14 const host = req.body.signature.host 12 const host = req.body.signature.host
15 Pod.loadByHost(host, function (err, pod) { 13 db.Pod.loadByHost(host, function (err, pod) {
16 if (err) { 14 if (err) {
17 logger.error('Cannot get signed host in body.', { error: err }) 15 logger.error('Cannot get signed host in body.', { error: err })
18 return res.sendStatus(500) 16 return res.sendStatus(500)
diff --git a/server/middlewares/sort.js b/server/middlewares/sort.js
index f0b7274eb..477e10571 100644
--- a/server/middlewares/sort.js
+++ b/server/middlewares/sort.js
@@ -6,13 +6,13 @@ const sortMiddleware = {
6} 6}
7 7
8function setUsersSort (req, res, next) { 8function setUsersSort (req, res, next) {
9 if (!req.query.sort) req.query.sort = '-createdDate' 9 if (!req.query.sort) req.query.sort = '-createdAt'
10 10
11 return next() 11 return next()
12} 12}
13 13
14function setVideosSort (req, res, next) { 14function setVideosSort (req, res, next) {
15 if (!req.query.sort) req.query.sort = '-createdDate' 15 if (!req.query.sort) req.query.sort = '-createdAt'
16 16
17 return next() 17 return next()
18} 18}
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
index 02e4f34cb..0629550bc 100644
--- a/server/middlewares/validators/users.js
+++ b/server/middlewares/validators/users.js
@@ -1,12 +1,9 @@
1'use strict' 1'use strict'
2 2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors 3const checkErrors = require('./utils').checkErrors
4const db = require('../../initializers/database')
6const logger = require('../../helpers/logger') 5const logger = require('../../helpers/logger')
7 6
8const User = mongoose.model('User')
9
10const validatorsUsers = { 7const validatorsUsers = {
11 usersAdd, 8 usersAdd,
12 usersRemove, 9 usersRemove,
@@ -20,7 +17,7 @@ function usersAdd (req, res, next) {
20 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 17 logger.debug('Checking usersAdd parameters', { parameters: req.body })
21 18
22 checkErrors(req, res, function () { 19 checkErrors(req, res, function () {
23 User.loadByUsername(req.body.username, function (err, user) { 20 db.User.loadByUsername(req.body.username, function (err, user) {
24 if (err) { 21 if (err) {
25 logger.error('Error in usersAdd request validator.', { error: err }) 22 logger.error('Error in usersAdd request validator.', { error: err })
26 return res.sendStatus(500) 23 return res.sendStatus(500)
@@ -34,12 +31,12 @@ function usersAdd (req, res, next) {
34} 31}
35 32
36function usersRemove (req, res, next) { 33function usersRemove (req, res, next) {
37 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 34 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
38 35
39 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 36 logger.debug('Checking usersRemove parameters', { parameters: req.params })
40 37
41 checkErrors(req, res, function () { 38 checkErrors(req, res, function () {
42 User.loadById(req.params.id, function (err, user) { 39 db.User.loadById(req.params.id, function (err, user) {
43 if (err) { 40 if (err) {
44 logger.error('Error in usersRemove request validator.', { error: err }) 41 logger.error('Error in usersRemove request validator.', { error: err })
45 return res.sendStatus(500) 42 return res.sendStatus(500)
@@ -55,7 +52,7 @@ function usersRemove (req, res, next) {
55} 52}
56 53
57function usersUpdate (req, res, next) { 54function usersUpdate (req, res, next) {
58 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 55 req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
59 // Add old password verification 56 // Add old password verification
60 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 57 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
61 58
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 76e943e77..7e90ca047 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -1,14 +1,11 @@
1'use strict' 1'use strict'
2 2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors 3const checkErrors = require('./utils').checkErrors
6const constants = require('../../initializers/constants') 4const constants = require('../../initializers/constants')
7const customVideosValidators = require('../../helpers/custom-validators').videos 5const customVideosValidators = require('../../helpers/custom-validators').videos
6const db = require('../../initializers/database')
8const logger = require('../../helpers/logger') 7const logger = require('../../helpers/logger')
9 8
10const Video = mongoose.model('Video')
11
12const validatorsVideos = { 9const validatorsVideos = {
13 videosAdd, 10 videosAdd,
14 videosGet, 11 videosGet,
@@ -29,7 +26,7 @@ function videosAdd (req, res, next) {
29 checkErrors(req, res, function () { 26 checkErrors(req, res, function () {
30 const videoFile = req.files.videofile[0] 27 const videoFile = req.files.videofile[0]
31 28
32 Video.getDurationFromFile(videoFile.path, function (err, duration) { 29 db.Video.getDurationFromFile(videoFile.path, function (err, duration) {
33 if (err) { 30 if (err) {
34 return res.status(400).send('Cannot retrieve metadata of the file.') 31 return res.status(400).send('Cannot retrieve metadata of the file.')
35 } 32 }
@@ -45,12 +42,12 @@ function videosAdd (req, res, next) {
45} 42}
46 43
47function videosGet (req, res, next) { 44function videosGet (req, res, next) {
48 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 45 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
49 46
50 logger.debug('Checking videosGet parameters', { parameters: req.params }) 47 logger.debug('Checking videosGet parameters', { parameters: req.params })
51 48
52 checkErrors(req, res, function () { 49 checkErrors(req, res, function () {
53 Video.load(req.params.id, function (err, video) { 50 db.Video.load(req.params.id, function (err, video) {
54 if (err) { 51 if (err) {
55 logger.error('Error in videosGet request validator.', { error: err }) 52 logger.error('Error in videosGet request validator.', { error: err })
56 return res.sendStatus(500) 53 return res.sendStatus(500)
@@ -64,12 +61,12 @@ function videosGet (req, res, next) {
64} 61}
65 62
66function videosRemove (req, res, next) { 63function videosRemove (req, res, next) {
67 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 64 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
68 65
69 logger.debug('Checking videosRemove parameters', { parameters: req.params }) 66 logger.debug('Checking videosRemove parameters', { parameters: req.params })
70 67
71 checkErrors(req, res, function () { 68 checkErrors(req, res, function () {
72 Video.load(req.params.id, function (err, video) { 69 db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) {
73 if (err) { 70 if (err) {
74 logger.error('Error in videosRemove request validator.', { error: err }) 71 logger.error('Error in videosRemove request validator.', { error: err })
75 return res.sendStatus(500) 72 return res.sendStatus(500)
@@ -77,7 +74,7 @@ function videosRemove (req, res, next) {
77 74
78 if (!video) return res.status(404).send('Video not found') 75 if (!video) return res.status(404).send('Video not found')
79 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') 76 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
80 else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') 77 else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
81 78
82 next() 79 next()
83 }) 80 })
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 00:06:18 +0000