aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/sort.ts3
-rw-r--r--server/middlewares/validators/users.ts18
-rw-r--r--server/middlewares/validators/videos/video-rates.ts18
3 files changed, 36 insertions, 3 deletions
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index ea59fbf73..44295c325 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -11,6 +11,7 @@ const SORTABLE_VIDEOS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VI
11const SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH) 11const SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS_SEARCH)
12const SORTABLE_VIDEO_IMPORTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_IMPORTS) 12const SORTABLE_VIDEO_IMPORTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_IMPORTS)
13const SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS) 13const SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_COMMENT_THREADS)
14const SORTABLE_VIDEO_RATES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_RATES)
14const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS) 15const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS)
15const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS) 16const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS)
16const SORTABLE_FOLLOWERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.FOLLOWERS) 17const SORTABLE_FOLLOWERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.FOLLOWERS)
@@ -30,6 +31,7 @@ const videoImportsSortValidator = checkSort(SORTABLE_VIDEO_IMPORTS_COLUMNS)
30const videosSearchSortValidator = checkSort(SORTABLE_VIDEOS_SEARCH_COLUMNS) 31const videosSearchSortValidator = checkSort(SORTABLE_VIDEOS_SEARCH_COLUMNS)
31const videoChannelsSearchSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS) 32const videoChannelsSearchSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_SEARCH_COLUMNS)
32const videoCommentThreadsSortValidator = checkSort(SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS) 33const videoCommentThreadsSortValidator = checkSort(SORTABLE_VIDEO_COMMENT_THREADS_COLUMNS)
34const videoRatesSortValidator = checkSort(SORTABLE_VIDEO_RATES_COLUMNS)
33const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS) 35const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS)
34const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS) 36const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS)
35const followersSortValidator = checkSort(SORTABLE_FOLLOWERS_COLUMNS) 37const followersSortValidator = checkSort(SORTABLE_FOLLOWERS_COLUMNS)
@@ -55,6 +57,7 @@ export {
55 followingSortValidator, 57 followingSortValidator,
56 jobsSortValidator, 58 jobsSortValidator,
57 videoCommentThreadsSortValidator, 59 videoCommentThreadsSortValidator,
60 videoRatesSortValidator,
58 userSubscriptionsSortValidator, 61 userSubscriptionsSortValidator,
59 videoChannelsSearchSortValidator, 62 videoChannelsSearchSortValidator,
60 accountsBlocklistSortValidator, 63 accountsBlocklistSortValidator,
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 4be446732..35f41c450 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -22,6 +22,7 @@ import { logger } from '../../helpers/logger'
22import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' 22import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup'
23import { Redis } from '../../lib/redis' 23import { Redis } from '../../lib/redis'
24import { UserModel } from '../../models/account/user' 24import { UserModel } from '../../models/account/user'
25import { AccountModel } from '../../models/account/account'
25import { areValidationErrors } from './utils' 26import { areValidationErrors } from './utils'
26import { ActorModel } from '../../models/activitypub/actor' 27import { ActorModel } from '../../models/activitypub/actor'
27 28
@@ -317,6 +318,20 @@ const userAutocompleteValidator = [
317 param('search').isString().not().isEmpty().withMessage('Should have a search parameter') 318 param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
318] 319]
319 320
321const ensureAuthUserOwnsAccountValidator = [
322 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
323 const user = res.locals.oauth.token.User
324
325 if (res.locals.account.id !== user.Account.id) {
326 return res.status(403)
327 .send({ error: 'Only owner can access ratings list.' })
328 .end()
329 }
330
331 return next()
332 }
333]
334
320// --------------------------------------------------------------------------- 335// ---------------------------------------------------------------------------
321 336
322export { 337export {
@@ -335,7 +350,8 @@ export {
335 usersResetPasswordValidator, 350 usersResetPasswordValidator,
336 usersAskSendVerifyEmailValidator, 351 usersAskSendVerifyEmailValidator,
337 usersVerifyEmailValidator, 352 usersVerifyEmailValidator,
338 userAutocompleteValidator 353 userAutocompleteValidator,
354 ensureAuthUserOwnsAccountValidator
339} 355}
340 356
341// --------------------------------------------------------------------------- 357// ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts
index 280385912..e79d80e97 100644
--- a/server/middlewares/validators/videos/video-rates.ts
+++ b/server/middlewares/validators/videos/video-rates.ts
@@ -1,7 +1,8 @@
1import * as express from 'express' 1import * as express from 'express'
2import 'express-validator' 2import 'express-validator'
3import { body, param } from 'express-validator/check' 3import { body, param, query } from 'express-validator/check'
4import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' 4import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
5import { isRatingValid } from '../../../helpers/custom-validators/video-rates'
5import { doesVideoExist, isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' 6import { doesVideoExist, isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos'
6import { logger } from '../../../helpers/logger' 7import { logger } from '../../../helpers/logger'
7import { areValidationErrors } from '../utils' 8import { areValidationErrors } from '../utils'
@@ -47,9 +48,22 @@ const getAccountVideoRateValidator = function (rateType: VideoRateType) {
47 ] 48 ]
48} 49}
49 50
51const videoRatingValidator = [
52 query('rating').optional().custom(isRatingValid).withMessage('Value must be one of "like" or "dislike"'),
53
54 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
55 logger.debug('Checking rating parameter', { parameters: req.params })
56
57 if (areValidationErrors(req, res)) return
58
59 return next()
60 }
61]
62
50// --------------------------------------------------------------------------- 63// ---------------------------------------------------------------------------
51 64
52export { 65export {
53 videoUpdateRateValidator, 66 videoUpdateRateValidator,
54 getAccountVideoRateValidator 67 getAccountVideoRateValidator,
68 videoRatingValidator
55} 69}