diff options
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/index.ts | 1 | ||||
| -rw-r--r-- | server/middlewares/rate-limiter.ts | 31 | ||||
| -rw-r--r-- | server/middlewares/validators/sort.ts | 4 | ||||
| -rw-r--r-- | server/middlewares/validators/users.ts | 2 | ||||
| -rw-r--r-- | server/middlewares/validators/videos/video-view.ts | 13 |
5 files changed, 41 insertions, 10 deletions
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts index d2ed079b6..b40f864ce 100644 --- a/server/middlewares/index.ts +++ b/server/middlewares/index.ts | |||
| @@ -4,6 +4,7 @@ export * from './activitypub' | |||
| 4 | export * from './async' | 4 | export * from './async' |
| 5 | export * from './auth' | 5 | export * from './auth' |
| 6 | export * from './pagination' | 6 | export * from './pagination' |
| 7 | export * from './rate-limiter' | ||
| 7 | export * from './robots' | 8 | export * from './robots' |
| 8 | export * from './servers' | 9 | export * from './servers' |
| 9 | export * from './sort' | 10 | export * from './sort' |
diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts new file mode 100644 index 000000000..bc9513969 --- /dev/null +++ b/server/middlewares/rate-limiter.ts | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | import { UserRole } from '@shared/models' | ||
| 2 | import RateLimit from 'express-rate-limit' | ||
| 3 | import { optionalAuthenticate } from './auth' | ||
| 4 | |||
| 5 | const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ]) | ||
| 6 | |||
| 7 | function buildRateLimiter (options: { | ||
| 8 | windowMs: number | ||
| 9 | max: number | ||
| 10 | skipFailedRequests?: boolean | ||
| 11 | }) { | ||
| 12 | return RateLimit({ | ||
| 13 | windowMs: options.windowMs, | ||
| 14 | max: options.max, | ||
| 15 | skipFailedRequests: options.skipFailedRequests, | ||
| 16 | |||
| 17 | handler: (req, res, next, options) => { | ||
| 18 | return optionalAuthenticate(req, res, () => { | ||
| 19 | if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) { | ||
| 20 | return next() | ||
| 21 | } | ||
| 22 | |||
| 23 | return res.status(options.statusCode).send(options.message) | ||
| 24 | }) | ||
| 25 | } | ||
| 26 | }) | ||
| 27 | } | ||
| 28 | |||
| 29 | export { | ||
| 30 | buildRateLimiter | ||
| 31 | } | ||
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts index 3ba668460..c9978e3b4 100644 --- a/server/middlewares/validators/sort.ts +++ b/server/middlewares/validators/sort.ts | |||
| @@ -28,7 +28,7 @@ function createSortableColumns (sortableColumns: string[]) { | |||
| 28 | return sortableColumns.concat(sortableColumnDesc) | 28 | return sortableColumns.concat(sortableColumnDesc) |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | const usersSortValidator = checkSortFactory(SORTABLE_COLUMNS.USERS) | 31 | const adminUsersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ADMIN_USERS) |
| 32 | const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS) | 32 | const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS) |
| 33 | const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ]) | 33 | const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ]) |
| 34 | const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES) | 34 | const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES) |
| @@ -59,7 +59,7 @@ const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CH | |||
| 59 | // --------------------------------------------------------------------------- | 59 | // --------------------------------------------------------------------------- |
| 60 | 60 | ||
| 61 | export { | 61 | export { |
| 62 | usersSortValidator, | 62 | adminUsersSortValidator, |
| 63 | abusesSortValidator, | 63 | abusesSortValidator, |
| 64 | videoChannelsSortValidator, | 64 | videoChannelsSortValidator, |
| 65 | videoImportsSortValidator, | 65 | videoImportsSortValidator, |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index bc6007c6d..6d306121e 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -486,7 +486,7 @@ const ensureAuthUserOwnsAccountValidator = [ | |||
| 486 | if (res.locals.account.id !== user.Account.id) { | 486 | if (res.locals.account.id !== user.Account.id) { |
| 487 | return res.fail({ | 487 | return res.fail({ |
| 488 | status: HttpStatusCode.FORBIDDEN_403, | 488 | status: HttpStatusCode.FORBIDDEN_403, |
| 489 | message: 'Only owner of this account can access this ressource.' | 489 | message: 'Only owner of this account can access this resource.' |
| 490 | }) | 490 | }) |
| 491 | } | 491 | } |
| 492 | 492 | ||
diff --git a/server/middlewares/validators/videos/video-view.ts b/server/middlewares/validators/videos/video-view.ts index 7a4994e8a..2edcd140f 100644 --- a/server/middlewares/validators/videos/video-view.ts +++ b/server/middlewares/validators/videos/video-view.ts | |||
| @@ -6,6 +6,7 @@ import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' | |||
| 6 | import { exists, isIdValid, isIntOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' | 6 | import { exists, isIdValid, isIntOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' |
| 7 | import { logger } from '../../../helpers/logger' | 7 | import { logger } from '../../../helpers/logger' |
| 8 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' | 8 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' |
| 9 | import { getCachedVideoDuration } from '@server/lib/video' | ||
| 9 | 10 | ||
| 10 | const getVideoLocalViewerValidator = [ | 11 | const getVideoLocalViewerValidator = [ |
| 11 | param('localViewerId') | 12 | param('localViewerId') |
| @@ -42,20 +43,18 @@ const videoViewValidator = [ | |||
| 42 | logger.debug('Checking videoView parameters', { parameters: req.body }) | 43 | logger.debug('Checking videoView parameters', { parameters: req.body }) |
| 43 | 44 | ||
| 44 | if (areValidationErrors(req, res)) return | 45 | if (areValidationErrors(req, res)) return |
| 45 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | 46 | if (!await doesVideoExist(req.params.videoId, res, 'only-immutable-attributes')) return |
| 46 | 47 | ||
| 47 | const video = res.locals.onlyVideo | 48 | const video = res.locals.onlyImmutableVideo |
| 48 | const videoDuration = video.isLive | 49 | const { duration } = await getCachedVideoDuration(video.id) |
| 49 | ? undefined | ||
| 50 | : video.duration | ||
| 51 | 50 | ||
| 52 | if (!exists(req.body.currentTime)) { // TODO: remove in a few versions, introduced in 4.2 | 51 | if (!exists(req.body.currentTime)) { // TODO: remove in a few versions, introduced in 4.2 |
| 53 | req.body.currentTime = Math.min(videoDuration ?? 0, 30) | 52 | req.body.currentTime = Math.min(duration ?? 0, 30) |
| 54 | } | 53 | } |
| 55 | 54 | ||
| 56 | const currentTime: number = req.body.currentTime | 55 | const currentTime: number = req.body.currentTime |
| 57 | 56 | ||
| 58 | if (!isVideoTimeValid(currentTime, videoDuration)) { | 57 | if (!isVideoTimeValid(currentTime, duration)) { |
| 59 | return res.fail({ | 58 | return res.fail({ |
| 60 | status: HttpStatusCode.BAD_REQUEST_400, | 59 | status: HttpStatusCode.BAD_REQUEST_400, |
| 61 | message: 'Current time is invalid' | 60 | message: 'Current time is invalid' |