aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/activitypub.ts28
-rw-r--r--server/middlewares/validators/follows.ts13
-rw-r--r--server/middlewares/validators/video-channels.ts31
-rw-r--r--server/middlewares/validators/webfinger.ts10
4 files changed, 25 insertions, 57 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 489396447..37b7c42ec 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -3,33 +3,27 @@ import { NextFunction, Request, RequestHandler, Response } from 'express'
3import { ActivityPubSignature } from '../../shared' 3import { ActivityPubSignature } from '../../shared'
4import { isSignatureVerified, logger } from '../helpers' 4import { isSignatureVerified, logger } from '../helpers'
5import { ACCEPT_HEADERS, ACTIVITY_PUB } from '../initializers' 5import { ACCEPT_HEADERS, ACTIVITY_PUB } from '../initializers'
6import { fetchRemoteAccount, saveAccountAndServerIfNotExist } from '../lib/activitypub' 6import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
7import { AccountModel } from '../models/account/account' 7import { ActorModel } from '../models/activitypub/actor'
8 8
9async function checkSignature (req: Request, res: Response, next: NextFunction) { 9async function checkSignature (req: Request, res: Response, next: NextFunction) {
10 const signatureObject: ActivityPubSignature = req.body.signature 10 const signatureObject: ActivityPubSignature = req.body.signature
11 11
12 logger.debug('Checking signature of account %s...', signatureObject.creator) 12 logger.debug('Checking signature of actor %s...', signatureObject.creator)
13 13
14 let account = await AccountModel.loadByUrl(signatureObject.creator) 14 let actor: ActorModel
15 15 try {
16 // We don't have this account in our database, fetch it on remote 16 actor = await getOrCreateActorAndServerAndModel(signatureObject.creator)
17 if (!account) { 17 } catch (err) {
18 account = await fetchRemoteAccount(signatureObject.creator) 18 logger.error('Cannot create remote actor and check signature.', err)
19 19 return res.sendStatus(403)
20 if (!account) {
21 return res.sendStatus(403)
22 }
23
24 // Save our new account and its server in database
25 await saveAccountAndServerIfNotExist(account)
26 } 20 }
27 21
28 const verified = await isSignatureVerified(account, req.body) 22 const verified = await isSignatureVerified(actor, req.body)
29 if (verified === false) return res.sendStatus(403) 23 if (verified === false) return res.sendStatus(403)
30 24
31 res.locals.signature = { 25 res.locals.signature = {
32 account 26 actor
33 } 27 }
34 28
35 return next() 29 return next()
diff --git a/server/middlewares/validators/follows.ts b/server/middlewares/validators/follows.ts
index 10482e5d0..2240d30db 100644
--- a/server/middlewares/validators/follows.ts
+++ b/server/middlewares/validators/follows.ts
@@ -1,10 +1,9 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param } from 'express-validator/check' 2import { body, param } from 'express-validator/check'
3import { getServerAccount, isTestInstance, logger } from '../../helpers' 3import { getServerActor, isTestInstance, logger } from '../../helpers'
4import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' 4import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
5import { isEachUniqueHostValid } from '../../helpers/custom-validators/servers'
6import { CONFIG } from '../../initializers' 5import { CONFIG } from '../../initializers'
7import { AccountFollowModel } from '../../models/account/account-follow' 6import { ActorFollowModel } from '../../models/activitypub/actor-follow'
8import { areValidationErrors } from './utils' 7import { areValidationErrors } from './utils'
9 8
10const followValidator = [ 9const followValidator = [
@@ -29,15 +28,15 @@ const followValidator = [
29] 28]
30 29
31const removeFollowingValidator = [ 30const removeFollowingValidator = [
32 param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'), 31 param('host').custom(isHostValid).withMessage('Should have a valid host'),
33 32
34 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 33 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
35 logger.debug('Checking unfollow parameters', { parameters: req.params }) 34 logger.debug('Checking unfollow parameters', { parameters: req.params })
36 35
37 if (areValidationErrors(req, res)) return 36 if (areValidationErrors(req, res)) return
38 37
39 const serverAccount = await getServerAccount() 38 const serverActor = await getServerActor()
40 const follow = await AccountFollowModel.loadByAccountAndTarget(serverAccount.id, req.params.accountId) 39 const follow = await ActorFollowModel.loadByActorAndTargetHost(serverActor.id, req.params.host)
41 40
42 if (!follow) { 41 if (!follow) {
43 return res.status(404) 42 return res.status(404)
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
index 068fd210f..cc7d54c06 100644
--- a/server/middlewares/validators/video-channels.ts
+++ b/server/middlewares/validators/video-channels.ts
@@ -3,7 +3,7 @@ import { body, param } from 'express-validator/check'
3import { UserRight } from '../../../shared' 3import { UserRight } from '../../../shared'
4import { logger } from '../../helpers' 4import { logger } from '../../helpers'
5import { isAccountIdExist } from '../../helpers/custom-validators/accounts' 5import { isAccountIdExist } from '../../helpers/custom-validators/accounts'
6import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' 6import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
7import { 7import {
8 isVideoChannelDescriptionValid, 8 isVideoChannelDescriptionValid,
9 isVideoChannelExist, 9 isVideoChannelExist,
@@ -11,7 +11,6 @@ import {
11} from '../../helpers/custom-validators/video-channels' 11} from '../../helpers/custom-validators/video-channels'
12import { UserModel } from '../../models/account/user' 12import { UserModel } from '../../models/account/user'
13import { VideoChannelModel } from '../../models/video/video-channel' 13import { VideoChannelModel } from '../../models/video/video-channel'
14import { VideoChannelShareModel } from '../../models/video/video-channel-share'
15import { areValidationErrors } from './utils' 14import { areValidationErrors } from './utils'
16 15
17const listVideoAccountChannelsValidator = [ 16const listVideoAccountChannelsValidator = [
@@ -98,28 +97,6 @@ const videoChannelsGetValidator = [
98 } 97 }
99] 98]
100 99
101const videoChannelsShareValidator = [
102 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
103 param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
104
105 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
106 logger.debug('Checking videoChannelShare parameters', { parameters: req.params })
107
108 if (areValidationErrors(req, res)) return
109 if (!await isVideoChannelExist(req.params.id, res)) return
110
111 const share = await VideoChannelShareModel.load(res.locals.video.id, req.params.accountId, undefined)
112 if (!share) {
113 return res.status(404)
114 .end()
115 }
116
117 res.locals.videoChannelShare = share
118
119 return next()
120 }
121]
122
123// --------------------------------------------------------------------------- 100// ---------------------------------------------------------------------------
124 101
125export { 102export {
@@ -127,15 +104,13 @@ export {
127 videoChannelsAddValidator, 104 videoChannelsAddValidator,
128 videoChannelsUpdateValidator, 105 videoChannelsUpdateValidator,
129 videoChannelsRemoveValidator, 106 videoChannelsRemoveValidator,
130 videoChannelsGetValidator, 107 videoChannelsGetValidator
131 videoChannelsShareValidator
132} 108}
133 109
134// --------------------------------------------------------------------------- 110// ---------------------------------------------------------------------------
135 111
136function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) { 112function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
137 // Retrieve the user who did the request 113 if (videoChannel.Actor.isOwned() === false) {
138 if (videoChannel.isOwned() === false) {
139 res.status(403) 114 res.status(403)
140 .json({ error: 'Cannot remove video channel of another server.' }) 115 .json({ error: 'Cannot remove video channel of another server.' })
141 .end() 116 .end()
diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts
index 7903c7400..2c8351799 100644
--- a/server/middlewares/validators/webfinger.ts
+++ b/server/middlewares/validators/webfinger.ts
@@ -2,7 +2,7 @@ import * as express from 'express'
2import { query } from 'express-validator/check' 2import { query } from 'express-validator/check'
3import { logger } from '../../helpers' 3import { logger } from '../../helpers'
4import { isWebfingerResourceValid } from '../../helpers/custom-validators/webfinger' 4import { isWebfingerResourceValid } from '../../helpers/custom-validators/webfinger'
5import { AccountModel } from '../../models/account/account' 5import { ActorModel } from '../../models/activitypub/actor'
6import { areValidationErrors } from './utils' 6import { areValidationErrors } from './utils'
7 7
8const webfingerValidator = [ 8const webfingerValidator = [
@@ -17,14 +17,14 @@ const webfingerValidator = [
17 const nameWithHost = req.query.resource.substr(5) 17 const nameWithHost = req.query.resource.substr(5)
18 const [ name ] = nameWithHost.split('@') 18 const [ name ] = nameWithHost.split('@')
19 19
20 const account = await AccountModel.loadLocalByName(name) 20 const actor = await ActorModel.loadLocalByName(name)
21 if (!account) { 21 if (!actor) {
22 return res.status(404) 22 return res.status(404)
23 .send({ error: 'Account not found' }) 23 .send({ error: 'Actor not found' })
24 .end() 24 .end()
25 } 25 }
26 26
27 res.locals.account = account 27 res.locals.actor = actor
28 return next() 28 return next()
29 } 29 }
30] 30]