diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/admin.ts | 20 | ||||
-rw-r--r-- | server/middlewares/index.ts | 2 | ||||
-rw-r--r-- | server/middlewares/user-right.ts | 24 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 5 | ||||
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 6 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 3 |
6 files changed, 35 insertions, 25 deletions
diff --git a/server/middlewares/admin.ts b/server/middlewares/admin.ts deleted file mode 100644 index 812397352..000000000 --- a/server/middlewares/admin.ts +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | import 'express-validator' | ||
2 | import * as express from 'express' | ||
3 | |||
4 | import { logger } from '../helpers' | ||
5 | |||
6 | function ensureIsAdmin (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
7 | const user = res.locals.oauth.token.user | ||
8 | if (user.isAdmin() === false) { | ||
9 | logger.info('A non admin user is trying to access to an admin content.') | ||
10 | return res.sendStatus(403) | ||
11 | } | ||
12 | |||
13 | return next() | ||
14 | } | ||
15 | |||
16 | // --------------------------------------------------------------------------- | ||
17 | |||
18 | export { | ||
19 | ensureIsAdmin | ||
20 | } | ||
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts index 0e2c850e1..cec3e0b2a 100644 --- a/server/middlewares/index.ts +++ b/server/middlewares/index.ts | |||
@@ -1,5 +1,4 @@ | |||
1 | export * from './validators' | 1 | export * from './validators' |
2 | export * from './admin' | ||
3 | export * from './async' | 2 | export * from './async' |
4 | export * from './oauth' | 3 | export * from './oauth' |
5 | export * from './pagination' | 4 | export * from './pagination' |
@@ -7,3 +6,4 @@ export * from './pods' | |||
7 | export * from './search' | 6 | export * from './search' |
8 | export * from './secure' | 7 | export * from './secure' |
9 | export * from './sort' | 8 | export * from './sort' |
9 | export * from './user-right' | ||
diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts new file mode 100644 index 000000000..bcebe9d7f --- /dev/null +++ b/server/middlewares/user-right.ts | |||
@@ -0,0 +1,24 @@ | |||
1 | import 'express-validator' | ||
2 | import * as express from 'express' | ||
3 | |||
4 | import { UserInstance } from '../models' | ||
5 | import { UserRight } from '../../shared' | ||
6 | import { logger } from '../helpers' | ||
7 | |||
8 | function ensureUserHasRight (userRight: UserRight) { | ||
9 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
10 | const user: UserInstance = res.locals.oauth.token.user | ||
11 | if (user.hasRight(userRight) === false) { | ||
12 | logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path) | ||
13 | return res.sendStatus(403) | ||
14 | } | ||
15 | |||
16 | return next() | ||
17 | } | ||
18 | } | ||
19 | |||
20 | // --------------------------------------------------------------------------- | ||
21 | |||
22 | export { | ||
23 | ensureUserHasRight | ||
24 | } | ||
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 1a33cfd8c..0b463acc0 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -13,7 +13,8 @@ import { | |||
13 | isUserPasswordValid, | 13 | isUserPasswordValid, |
14 | isUserVideoQuotaValid, | 14 | isUserVideoQuotaValid, |
15 | isUserDisplayNSFWValid, | 15 | isUserDisplayNSFWValid, |
16 | isIdOrUUIDValid | 16 | isIdOrUUIDValid, |
17 | isUserRoleValid | ||
17 | } from '../../helpers' | 18 | } from '../../helpers' |
18 | import { UserInstance, VideoInstance } from '../../models' | 19 | import { UserInstance, VideoInstance } from '../../models' |
19 | 20 | ||
@@ -22,6 +23,7 @@ const usersAddValidator = [ | |||
22 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | 23 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
23 | body('email').isEmail().withMessage('Should have a valid email'), | 24 | body('email').isEmail().withMessage('Should have a valid email'), |
24 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 25 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
26 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
25 | 27 | ||
26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 28 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
27 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 29 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
@@ -75,6 +77,7 @@ const usersUpdateValidator = [ | |||
75 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 77 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
76 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | 78 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
77 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 79 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
80 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
78 | 81 | ||
79 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 82 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
80 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 83 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) |
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 979fbd34a..7d611728b 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -11,6 +11,8 @@ import { | |||
11 | checkVideoChannelExists, | 11 | checkVideoChannelExists, |
12 | checkVideoAuthorExists | 12 | checkVideoAuthorExists |
13 | } from '../../helpers' | 13 | } from '../../helpers' |
14 | import { UserInstance } from '../../models' | ||
15 | import { UserRight } from '../../../shared' | ||
14 | 16 | ||
15 | const listVideoAuthorChannelsValidator = [ | 17 | const listVideoAuthorChannelsValidator = [ |
16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | 18 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), |
@@ -106,7 +108,7 @@ export { | |||
106 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
107 | 109 | ||
108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | 110 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { |
109 | const user = res.locals.oauth.token.User | 111 | const user: UserInstance = res.locals.oauth.token.User |
110 | 112 | ||
111 | // Retrieve the user who did the request | 113 | // Retrieve the user who did the request |
112 | if (res.locals.videoChannel.isOwned() === false) { | 114 | if (res.locals.videoChannel.isOwned() === false) { |
@@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => | |||
118 | // Check if the user can delete the video channel | 120 | // Check if the user can delete the video channel |
119 | // The user can delete it if s/he is an admin | 121 | // The user can delete it if s/he is an admin |
120 | // Or if s/he is the video channel's author | 122 | // Or if s/he is the video channel's author |
121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | 123 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) { |
122 | return res.status(403) | 124 | return res.status(403) |
123 | .json({ error: 'Cannot remove video channel of another user' }) | 125 | .json({ error: 'Cannot remove video channel of another user' }) |
124 | .end() | 126 | .end() |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a032d14ce..0c07404c5 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -22,6 +22,7 @@ import { | |||
22 | checkVideoExists, | 22 | checkVideoExists, |
23 | isIdValid | 23 | isIdValid |
24 | } from '../../helpers' | 24 | } from '../../helpers' |
25 | import { UserRight } from '../../../shared' | ||
25 | 26 | ||
26 | const videosAddValidator = [ | 27 | const videosAddValidator = [ |
27 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 28 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
231 | // Check if the user can delete the video | 232 | // Check if the user can delete the video |
232 | // The user can delete it if s/he is an admin | 233 | // The user can delete it if s/he is an admin |
233 | // Or if s/he is the video's author | 234 | // Or if s/he is the video's author |
234 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 235 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
235 | return res.status(403) | 236 | return res.status(403) |
236 | .json({ error: 'Cannot remove video of another user' }) | 237 | .json({ error: 'Cannot remove video of another user' }) |
237 | .end() | 238 | .end() |