aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/admin.js22
-rw-r--r--server/middlewares/index.js22
-rw-r--r--server/middlewares/validators/index.js2
-rw-r--r--server/middlewares/validators/users.js57
-rw-r--r--server/middlewares/validators/videos.js1
5 files changed, 94 insertions, 10 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
new file mode 100644
index 000000000..bcb60ab95
--- /dev/null
+++ b/server/middlewares/admin.js
@@ -0,0 +1,22 @@
1'use strict'
2
3const constants = require('../initializers/constants')
4const logger = require('../helpers/logger')
5
6const adminMiddleware = {
7 ensureIsAdmin: ensureIsAdmin
8}
9
10function ensureIsAdmin (req, res, next) {
11 const user = res.locals.oauth.token.user
12 if (user.role !== constants.USER_ROLES.ADMIN) {
13 logger.info('A non admin user is trying to access to an admin content.')
14 return res.sendStatus(403)
15 }
16
17 return next()
18}
19
20// ---------------------------------------------------------------------------
21
22module.exports = adminMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
index 0a233e701..1e294de5f 100644
--- a/server/middlewares/index.js
+++ b/server/middlewares/index.js
@@ -1,19 +1,21 @@
1'use strict' 1'use strict'
2 2
3const oauth = require('./oauth') 3const adminMiddleware = require('./admin')
4const pagination = require('./pagination') 4const oauthMiddleware = require('./oauth')
5const paginationMiddleware = require('./pagination')
5const validatorsMiddleware = require('./validators') 6const validatorsMiddleware = require('./validators')
6const search = require('./search') 7const searchMiddleware = require('./search')
7const sort = require('./sort') 8const sortMiddleware = require('./sort')
8const secureMiddleware = require('./secure') 9const secureMiddleware = require('./secure')
9 10
10const middlewares = { 11const middlewares = {
11 oauth: oauth, 12 admin: adminMiddleware,
12 pagination: pagination, 13 oauth: oauthMiddleware,
13 validators: validatorsMiddleware, 14 pagination: paginationMiddleware,
14 search: search, 15 search: searchMiddleware,
15 sort: sort, 16 secure: secureMiddleware,
16 secure: secureMiddleware 17 sort: sortMiddleware,
18 validators: validatorsMiddleware
17} 19}
18 20
19// --------------------------------------------------------------------------- 21// ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js
index 0471b3f92..6c3a9c2b4 100644
--- a/server/middlewares/validators/index.js
+++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
4const podsValidators = require('./pods') 4const podsValidators = require('./pods')
5const remoteValidators = require('./remote') 5const remoteValidators = require('./remote')
6const sortValidators = require('./sort') 6const sortValidators = require('./sort')
7const usersValidators = require('./users')
7const videosValidators = require('./videos') 8const videosValidators = require('./videos')
8 9
9const validators = { 10const validators = {
@@ -11,6 +12,7 @@ const validators = {
11 pods: podsValidators, 12 pods: podsValidators,
12 remote: remoteValidators, 13 remote: remoteValidators,
13 sort: sortValidators, 14 sort: sortValidators,
15 users: usersValidators,
14 videos: videosValidators 16 videos: videosValidators
15} 17}
16 18
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
new file mode 100644
index 000000000..175d90bcb
--- /dev/null
+++ b/server/middlewares/validators/users.js
@@ -0,0 +1,57 @@
1'use strict'
2
3const mongoose = require('mongoose')
4
5const checkErrors = require('./utils').checkErrors
6const logger = require('../../helpers/logger')
7
8const User = mongoose.model('User')
9
10const validatorsUsers = {
11 usersAdd: usersAdd,
12 usersRemove: usersRemove,
13 usersUpdate: usersUpdate
14}
15
16function usersAdd (req, res, next) {
17 req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
18 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
19
20 // TODO: check we don't have already the same username
21
22 logger.debug('Checking usersAdd parameters', { parameters: req.body })
23
24 checkErrors(req, res, next)
25}
26
27function usersRemove (req, res, next) {
28 req.checkParams('username', 'Should have a valid username').isUserUsernameValid()
29
30 logger.debug('Checking usersRemove parameters', { parameters: req.params })
31
32 checkErrors(req, res, function () {
33 User.loadByUsername(req.params.username, function (err, user) {
34 if (err) {
35 logger.error('Error in usersRemove request validator.', { error: err })
36 return res.sendStatus(500)
37 }
38
39 if (!user) return res.status(404).send('User not found')
40
41 next()
42 })
43 })
44}
45
46function usersUpdate (req, res, next) {
47 // Add old password verification
48 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
49
50 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
51
52 checkErrors(req, res, next)
53}
54
55// ---------------------------------------------------------------------------
56
57module.exports = validatorsUsers
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 422f3642f..9d21ee16f 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -18,6 +18,7 @@ const validatorsVideos = {
18 18
19function videosAdd (req, res, next) { 19function videosAdd (req, res, next) {
20 req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty() 20 req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
21 // TODO: move to constants and function
21 req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) 22 req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
22 req.checkBody('name', 'Should have a valid name').isVideoNameValid() 23 req.checkBody('name', 'Should have a valid name').isVideoNameValid()
23 req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() 24 req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()