diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/sort.ts | 3 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 18 | ||||
-rw-r--r-- | server/middlewares/validators/videos/video-rates.ts | 18 |
3 files changed, 36 insertions, 3 deletions
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts index ea59fbf73..44295c325 100644 --- a/server/middlewares/validators/sort.ts +++ b/server/middlewares/validators/sort.ts | |||
@@ -11,6 +11,7 @@ const SORTABLE_VIDEOS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VI | |||
11 | const SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH) | 11 | const SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH) |
12 | const SORTABLE_VIDEO_IMPORTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_IMPORTS) | 12 | const SORTABLE_VIDEO_IMPORTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_IMPORTS) |
13 | const SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS) | 13 | const SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS) |
14 | const SORTABLE_VIDEO_RATES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_RATES) | ||
14 | const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS) | 15 | const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS) |
15 | const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS) | 16 | const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS) |
16 | const SORTABLE_FOLLOWERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.FOLLOWERS) | 17 | const SORTABLE_FOLLOWERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.FOLLOWERS) |
@@ -30,6 +31,7 @@ const videoImportsSortValidator = checkSort(SORTABLE_VIDEO_IMPORTS_COLUMNS) | |||
30 | const videosSearchSortValidator = checkSort(SORTABLE_VIDEOS_SEARCH_COLUMNS) | 31 | const videosSearchSortValidator = checkSort(SORTABLE_VIDEOS_SEARCH_COLUMNS) |
31 | const videoChannelsSearchSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS) | 32 | const videoChannelsSearchSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS) |
32 | const videoCommentThreadsSortValidator = checkSort(SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS) | 33 | const videoCommentThreadsSortValidator = checkSort(SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS) |
34 | const videoRatesSortValidator = checkSort(SORTABLE_VIDEO_RATES_COLUMNS) | ||
33 | const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS) | 35 | const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS) |
34 | const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS) | 36 | const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS) |
35 | const followersSortValidator = checkSort(SORTABLE_FOLLOWERS_COLUMNS) | 37 | const followersSortValidator = checkSort(SORTABLE_FOLLOWERS_COLUMNS) |
@@ -55,6 +57,7 @@ export { | |||
55 | followingSortValidator, | 57 | followingSortValidator, |
56 | jobsSortValidator, | 58 | jobsSortValidator, |
57 | videoCommentThreadsSortValidator, | 59 | videoCommentThreadsSortValidator, |
60 | videoRatesSortValidator, | ||
58 | userSubscriptionsSortValidator, | 61 | userSubscriptionsSortValidator, |
59 | videoChannelsSearchSortValidator, | 62 | videoChannelsSearchSortValidator, |
60 | accountsBlocklistSortValidator, | 63 | accountsBlocklistSortValidator, |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 4be446732..35f41c450 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -22,6 +22,7 @@ import { logger } from '../../helpers/logger' | |||
22 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' | 22 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' |
23 | import { Redis } from '../../lib/redis' | 23 | import { Redis } from '../../lib/redis' |
24 | import { UserModel } from '../../models/account/user' | 24 | import { UserModel } from '../../models/account/user' |
25 | import { AccountModel } from '../../models/account/account' | ||
25 | import { areValidationErrors } from './utils' | 26 | import { areValidationErrors } from './utils' |
26 | import { ActorModel } from '../../models/activitypub/actor' | 27 | import { ActorModel } from '../../models/activitypub/actor' |
27 | 28 | ||
@@ -317,6 +318,20 @@ const userAutocompleteValidator = [ | |||
317 | param('search').isString().not().isEmpty().withMessage('Should have a search parameter') | 318 | param('search').isString().not().isEmpty().withMessage('Should have a search parameter') |
318 | ] | 319 | ] |
319 | 320 | ||
321 | const ensureAuthUserOwnsAccountValidator = [ | ||
322 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
323 | const user = res.locals.oauth.token.User | ||
324 | |||
325 | if (res.locals.account.id !== user.Account.id) { | ||
326 | return res.status(403) | ||
327 | .send({ error: 'Only owner can access ratings list.' }) | ||
328 | .end() | ||
329 | } | ||
330 | |||
331 | return next() | ||
332 | } | ||
333 | ] | ||
334 | |||
320 | // --------------------------------------------------------------------------- | 335 | // --------------------------------------------------------------------------- |
321 | 336 | ||
322 | export { | 337 | export { |
@@ -335,7 +350,8 @@ export { | |||
335 | usersResetPasswordValidator, | 350 | usersResetPasswordValidator, |
336 | usersAskSendVerifyEmailValidator, | 351 | usersAskSendVerifyEmailValidator, |
337 | usersVerifyEmailValidator, | 352 | usersVerifyEmailValidator, |
338 | userAutocompleteValidator | 353 | userAutocompleteValidator, |
354 | ensureAuthUserOwnsAccountValidator | ||
339 | } | 355 | } |
340 | 356 | ||
341 | // --------------------------------------------------------------------------- | 357 | // --------------------------------------------------------------------------- |
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 280385912..e79d80e97 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -1,7 +1,8 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import 'express-validator' | 2 | import 'express-validator' |
3 | import { body, param } from 'express-validator/check' | 3 | import { body, param, query } from 'express-validator/check' |
4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | 4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' |
5 | import { isRatingValid } from '../../../helpers/custom-validators/video-rates' | ||
5 | import { doesVideoExist, isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' | 6 | import { doesVideoExist, isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' |
6 | import { logger } from '../../../helpers/logger' | 7 | import { logger } from '../../../helpers/logger' |
7 | import { areValidationErrors } from '../utils' | 8 | import { areValidationErrors } from '../utils' |
@@ -47,9 +48,22 @@ const getAccountVideoRateValidator = function (rateType: VideoRateType) { | |||
47 | ] | 48 | ] |
48 | } | 49 | } |
49 | 50 | ||
51 | const videoRatingValidator = [ | ||
52 | query('rating').optional().custom(isRatingValid).withMessage('Value must be one of "like" or "dislike"'), | ||
53 | |||
54 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
55 | logger.debug('Checking rating parameter', { parameters: req.params }) | ||
56 | |||
57 | if (areValidationErrors(req, res)) return | ||
58 | |||
59 | return next() | ||
60 | } | ||
61 | ] | ||
62 | |||
50 | // --------------------------------------------------------------------------- | 63 | // --------------------------------------------------------------------------- |
51 | 64 | ||
52 | export { | 65 | export { |
53 | videoUpdateRateValidator, | 66 | videoUpdateRateValidator, |
54 | getAccountVideoRateValidator | 67 | getAccountVideoRateValidator, |
68 | videoRatingValidator | ||
55 | } | 69 | } |