5 files changed, 94 insertions, 10 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
new file mode 100644
index 000000000..bcb60ab95
--- /dev/null
+++ b/server/middlewares/admin.js
@@ -0,0 +1,22 @@
+'use strict'
+const constants = require('../initializers/constants')
+const logger = require('../helpers/logger')
+const adminMiddleware = {
+  ensureIsAdmin: ensureIsAdmin
+}
+function ensureIsAdmin (req, res, next) {
+  const user = res.locals.oauth.token.user
+  if (user.role !== constants.USER_ROLES.ADMIN) {
+    logger.info('A non admin user is trying to access to an admin content.')
+    return res.sendStatus(403)
+  }
+  return next()
+}
+// ---------------------------------------------------------------------------
+module.exports = adminMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
index 0a233e701..1e294de5f 100644
--- a/server/middlewares/index.js
+++ b/server/middlewares/index.js
@@ -1,19 +1,21 @@
 'use strict'
-const oauth = require('./oauth')
+const adminMiddleware = require('./admin')
-const pagination = require('./pagination')
+const oauthMiddleware = require('./oauth')
+const paginationMiddleware = require('./pagination')
 const validatorsMiddleware = require('./validators')
-const search = require('./search')
+const searchMiddleware = require('./search')
-const sort = require('./sort')
+const sortMiddleware = require('./sort')
 const secureMiddleware = require('./secure')
 const middlewares = {
-  oauth: oauth,
+  admin: adminMiddleware,
-  pagination: pagination,
+  oauth: oauthMiddleware,
-  validators: validatorsMiddleware,
+  pagination: paginationMiddleware,
-  search: search,
+  search: searchMiddleware,
-  sort: sort,
+  secure: secureMiddleware,
-  secure: secureMiddleware
+  sort: sortMiddleware,
+  validators: validatorsMiddleware
 }
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js
index 0471b3f92..6c3a9c2b4 100644
--- a/server/middlewares/validators/index.js
+++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
 const podsValidators = require('./pods')
 const remoteValidators = require('./remote')
 const sortValidators = require('./sort')
+const usersValidators = require('./users')
 const videosValidators = require('./videos')
 const validators = {
@@ -11,6 +12,7 @@ const validators = {
  pods: podsValidators,
  remote: remoteValidators,
  sort: sortValidators,
+  users: usersValidators,
  videos: videosValidators
 }
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
new file mode 100644
index 000000000..175d90bcb
--- /dev/null
+++ b/server/middlewares/validators/users.js
@@ -0,0 +1,57 @@
+'use strict'
+const mongoose = require('mongoose')
+const checkErrors = require('./utils').checkErrors
+const logger = require('../../helpers/logger')
+const User = mongoose.model('User')
+const validatorsUsers = {
+  usersAdd: usersAdd,
+  usersRemove: usersRemove,
+  usersUpdate: usersUpdate
+}
+function usersAdd (req, res, next) {
+  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  // TODO: check we don't have already the same username
+  logger.debug('Checking usersAdd parameters', { parameters: req.body })
+  checkErrors(req, res, next)
+}
+function usersRemove (req, res, next) {
+  req.checkParams('username', 'Should have a valid username').isUserUsernameValid()
+  logger.debug('Checking usersRemove parameters', { parameters: req.params })
+  checkErrors(req, res, function () {
+    User.loadByUsername(req.params.username, function (err, user) {
+      if (err) {
+        logger.error('Error in usersRemove request validator.', { error: err })
+        return res.sendStatus(500)
+      }
+      if (!user) return res.status(404).send('User not found')
+      next()
+    })
+  })
+}
+function usersUpdate (req, res, next) {
+  // Add old password verification
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+  checkErrors(req, res, next)
+}
+// ---------------------------------------------------------------------------
+module.exports = validatorsUsers
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 422f3642f..9d21ee16f 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -18,6 +18,7 @@ const validatorsVideos = {
 function videosAdd (req, res, next) {
  req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
+  // TODO: move to constants and function
  req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
  req.checkBody('name', 'Should have a valid name').isVideoNameValid()
  req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()

diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js new file mode 100644 index 000000000..bcb60ab95 --- /dev/null +++ b/server/middlewares/admin.js
@@ -0,0 +1,22 @@
		1	'use strict'
		2
		3	const constants = require('../initializers/constants')
		4	const logger = require('../helpers/logger')
		5
		6	const adminMiddleware = {
		7	ensureIsAdmin: ensureIsAdmin
		8	}
		9
		10	function ensureIsAdmin (req, res, next) {
		11	const user = res.locals.oauth.token.user
		12	if (user.role !== constants.USER_ROLES.ADMIN) {
		13	logger.info('A non admin user is trying to access to an admin content.')
		14	return res.sendStatus(403)
		15	}
		16
		17	return next()
		18	}
		19
		20	// ---------------------------------------------------------------------------
		21
		22	module.exports = adminMiddleware


diff --git a/server/middlewares/index.js b/server/middlewares/index.js index 0a233e701..1e294de5f 100644 --- a/server/middlewares/index.js +++ b/server/middlewares/index.js
@@ -1,19 +1,21 @@
1	'use strict'	1	'use strict'
2		2
3	const oauth = require('./oauth')	3	const adminMiddleware = require('./admin')
4	const pagination = require('./pagination')	4	const oauthMiddleware = require('./oauth')
		5	const paginationMiddleware = require('./pagination')
5	const validatorsMiddleware = require('./validators')	6	const validatorsMiddleware = require('./validators')
6	const search = require('./search')	7	const searchMiddleware = require('./search')
7	const sort = require('./sort')	8	const sortMiddleware = require('./sort')
8	const secureMiddleware = require('./secure')	9	const secureMiddleware = require('./secure')
9		10
10	const middlewares = {	11	const middlewares = {
11	oauth: oauth,	12	admin: adminMiddleware,
12	pagination: pagination,	13	oauth: oauthMiddleware,
13	validators: validatorsMiddleware,	14	pagination: paginationMiddleware,
14	search: search,	15	search: searchMiddleware,
15	sort: sort,	16	secure: secureMiddleware,
16	secure: secureMiddleware	17	sort: sortMiddleware,
		18	validators: validatorsMiddleware
17	}	19	}
18		20
19	// ---------------------------------------------------------------------------	21	// ---------------------------------------------------------------------------


diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js index 0471b3f92..6c3a9c2b4 100644 --- a/server/middlewares/validators/index.js +++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
4	const podsValidators = require('./pods')	4	const podsValidators = require('./pods')
5	const remoteValidators = require('./remote')	5	const remoteValidators = require('./remote')
6	const sortValidators = require('./sort')	6	const sortValidators = require('./sort')
		7	const usersValidators = require('./users')
7	const videosValidators = require('./videos')	8	const videosValidators = require('./videos')
8		9
9	const validators = {	10	const validators = {
@@ -11,6 +12,7 @@ const validators = {
11	pods: podsValidators,	12	pods: podsValidators,
12	remote: remoteValidators,	13	remote: remoteValidators,
13	sort: sortValidators,	14	sort: sortValidators,
		15	users: usersValidators,
14	videos: videosValidators	16	videos: videosValidators
15	}	17	}
16		18


diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js new file mode 100644 index 000000000..175d90bcb --- /dev/null +++ b/server/middlewares/validators/users.js
@@ -0,0 +1,57 @@
		1	'use strict'
		2
		3	const mongoose = require('mongoose')
		4
		5	const checkErrors = require('./utils').checkErrors
		6	const logger = require('../../helpers/logger')
		7
		8	const User = mongoose.model('User')
		9
		10	const validatorsUsers = {
		11	usersAdd: usersAdd,
		12	usersRemove: usersRemove,
		13	usersUpdate: usersUpdate
		14	}
		15
		16	function usersAdd (req, res, next) {
		17	req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
		18	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
		19
		20	// TODO: check we don't have already the same username
		21
		22	logger.debug('Checking usersAdd parameters', { parameters: req.body })
		23
		24	checkErrors(req, res, next)
		25	}
		26
		27	function usersRemove (req, res, next) {
		28	req.checkParams('username', 'Should have a valid username').isUserUsernameValid()
		29
		30	logger.debug('Checking usersRemove parameters', { parameters: req.params })
		31
		32	checkErrors(req, res, function () {
		33	User.loadByUsername(req.params.username, function (err, user) {
		34	if (err) {
		35	logger.error('Error in usersRemove request validator.', { error: err })
		36	return res.sendStatus(500)
		37	}
		38
		39	if (!user) return res.status(404).send('User not found')
		40
		41	next()
		42	})
		43	})
		44	}
		45
		46	function usersUpdate (req, res, next) {
		47	// Add old password verification
		48	req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
		49
		50	logger.debug('Checking usersUpdate parameters', { parameters: req.body })
		51
		52	checkErrors(req, res, next)
		53	}
		54
		55	// ---------------------------------------------------------------------------
		56
		57	module.exports = validatorsUsers


diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 422f3642f..9d21ee16f 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js
@@ -18,6 +18,7 @@ const validatorsVideos = {
18		18
19	function videosAdd (req, res, next) {	19	function videosAdd (req, res, next) {
20	req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()	20	req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
		21	// TODO: move to constants and function
21	req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)\|(mp4)\|(ogg)/i)	22	req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)\|(mp4)\|(ogg)/i)
22	req.checkBody('name', 'Should have a valid name').isVideoNameValid()	23	req.checkBody('name', 'Should have a valid name').isVideoNameValid()
23	req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()	24	req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()