aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/users/my-blocklist.ts4
-rw-r--r--server/lib/blocklist.ts4
-rw-r--r--server/middlewares/validators/blocklist.ts45
-rw-r--r--server/models/account/account-blocklist.ts8
-rw-r--r--server/models/server/server-blocklist.ts4
-rw-r--r--server/tests/api/check-params/blocklist.ts20
-rw-r--r--server/tests/api/users/account-blocklist.ts14
7 files changed, 81 insertions, 18 deletions
diff --git a/server/controllers/api/users/my-blocklist.ts b/server/controllers/api/users/my-blocklist.ts
index e955ffde9..95a4105ec 100644
--- a/server/controllers/api/users/my-blocklist.ts
+++ b/server/controllers/api/users/my-blocklist.ts
@@ -6,7 +6,6 @@ import {
6 asyncRetryTransactionMiddleware, 6 asyncRetryTransactionMiddleware,
7 authenticate, 7 authenticate,
8 paginationValidator, 8 paginationValidator,
9 serverGetValidator,
10 setDefaultPagination, 9 setDefaultPagination,
11 setDefaultSort, 10 setDefaultSort,
12 unblockAccountByAccountValidator 11 unblockAccountByAccountValidator
@@ -14,6 +13,7 @@ import {
14import { 13import {
15 accountsBlocklistSortValidator, 14 accountsBlocklistSortValidator,
16 blockAccountByAccountValidator, 15 blockAccountByAccountValidator,
16 blockServerByAccountValidator,
17 serversBlocklistSortValidator, 17 serversBlocklistSortValidator,
18 unblockServerByAccountValidator 18 unblockServerByAccountValidator
19} from '../../../middlewares/validators' 19} from '../../../middlewares/validators'
@@ -58,7 +58,7 @@ myBlocklistRouter.get('/me/blocklist/servers',
58 58
59myBlocklistRouter.post('/me/blocklist/servers', 59myBlocklistRouter.post('/me/blocklist/servers',
60 authenticate, 60 authenticate,
61 asyncMiddleware(serverGetValidator), 61 asyncMiddleware(blockServerByAccountValidator),
62 asyncRetryTransactionMiddleware(blockServer) 62 asyncRetryTransactionMiddleware(blockServer)
63) 63)
64 64
diff --git a/server/lib/blocklist.ts b/server/lib/blocklist.ts
index 394c24537..1633e500c 100644
--- a/server/lib/blocklist.ts
+++ b/server/lib/blocklist.ts
@@ -4,7 +4,7 @@ import { ServerBlocklistModel } from '../models/server/server-blocklist'
4 4
5function addAccountInBlocklist (byAccountId: number, targetAccountId: number) { 5function addAccountInBlocklist (byAccountId: number, targetAccountId: number) {
6 return sequelizeTypescript.transaction(async t => { 6 return sequelizeTypescript.transaction(async t => {
7 return AccountBlocklistModel.create({ 7 return AccountBlocklistModel.upsert({
8 accountId: byAccountId, 8 accountId: byAccountId,
9 targetAccountId: targetAccountId 9 targetAccountId: targetAccountId
10 }, { transaction: t }) 10 }, { transaction: t })
@@ -13,7 +13,7 @@ function addAccountInBlocklist (byAccountId: number, targetAccountId: number) {
13 13
14function addServerInBlocklist (byAccountId: number, targetServerId: number) { 14function addServerInBlocklist (byAccountId: number, targetServerId: number) {
15 return sequelizeTypescript.transaction(async t => { 15 return sequelizeTypescript.transaction(async t => {
16 return ServerBlocklistModel.create({ 16 return ServerBlocklistModel.upsert({
17 accountId: byAccountId, 17 accountId: byAccountId,
18 targetServerId 18 targetServerId
19 }, { transaction: t }) 19 }, { transaction: t })
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts
index 9dbd5e512..25c054d6b 100644
--- a/server/middlewares/validators/blocklist.ts
+++ b/server/middlewares/validators/blocklist.ts
@@ -1,4 +1,4 @@
1import { param, body } from 'express-validator/check' 1import { body, param } from 'express-validator/check'
2import * as express from 'express' 2import * as express from 'express'
3import { logger } from '../../helpers/logger' 3import { logger } from '../../helpers/logger'
4import { areValidationErrors } from './utils' 4import { areValidationErrors } from './utils'
@@ -7,6 +7,8 @@ import { UserModel } from '../../models/account/user'
7import { AccountBlocklistModel } from '../../models/account/account-blocklist' 7import { AccountBlocklistModel } from '../../models/account/account-blocklist'
8import { isHostValid } from '../../helpers/custom-validators/servers' 8import { isHostValid } from '../../helpers/custom-validators/servers'
9import { ServerBlocklistModel } from '../../models/server/server-blocklist' 9import { ServerBlocklistModel } from '../../models/server/server-blocklist'
10import { ServerModel } from '../../models/server/server'
11import { CONFIG } from '../../initializers'
10 12
11const blockAccountByAccountValidator = [ 13const blockAccountByAccountValidator = [
12 body('accountName').exists().withMessage('Should have an account name with host'), 14 body('accountName').exists().withMessage('Should have an account name with host'),
@@ -17,6 +19,17 @@ const blockAccountByAccountValidator = [
17 if (areValidationErrors(req, res)) return 19 if (areValidationErrors(req, res)) return
18 if (!await isAccountNameWithHostExist(req.body.accountName, res)) return 20 if (!await isAccountNameWithHostExist(req.body.accountName, res)) return
19 21
22 const user = res.locals.oauth.token.User as UserModel
23 const accountToBlock = res.locals.account
24
25 if (user.Account.id === accountToBlock.id) {
26 res.status(409)
27 .send({ error: 'You cannot block yourself.' })
28 .end()
29
30 return
31 }
32
20 return next() 33 return next()
21 } 34 }
22] 35]
@@ -38,6 +51,35 @@ const unblockAccountByAccountValidator = [
38 } 51 }
39] 52]
40 53
54const blockServerByAccountValidator = [
55 body('host').custom(isHostValid).withMessage('Should have a valid host'),
56
57 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
58 logger.debug('Checking serverGetValidator parameters', { parameters: req.body })
59
60 if (areValidationErrors(req, res)) return
61
62 const host: string = req.body.host
63
64 if (host === CONFIG.WEBSERVER.HOST) {
65 return res.status(409)
66 .send({ error: 'You cannot block your own server.' })
67 .end()
68 }
69
70 const server = await ServerModel.loadByHost(host)
71 if (!server) {
72 return res.status(404)
73 .send({ error: 'Server host not found.' })
74 .end()
75 }
76
77 res.locals.server = server
78
79 return next()
80 }
81]
82
41const unblockServerByAccountValidator = [ 83const unblockServerByAccountValidator = [
42 param('host').custom(isHostValid).withMessage('Should have an account name with host'), 84 param('host').custom(isHostValid).withMessage('Should have an account name with host'),
43 85
@@ -56,6 +98,7 @@ const unblockServerByAccountValidator = [
56// --------------------------------------------------------------------------- 98// ---------------------------------------------------------------------------
57 99
58export { 100export {
101 blockServerByAccountValidator,
59 blockAccountByAccountValidator, 102 blockAccountByAccountValidator,
60 unblockAccountByAccountValidator, 103 unblockAccountByAccountValidator,
61 unblockServerByAccountValidator 104 unblockServerByAccountValidator
diff --git a/server/models/account/account-blocklist.ts b/server/models/account/account-blocklist.ts
index bacd122e8..fa2819235 100644
--- a/server/models/account/account-blocklist.ts
+++ b/server/models/account/account-blocklist.ts
@@ -18,7 +18,7 @@ enum ScopeNames {
18 { 18 {
19 model: () => AccountModel, 19 model: () => AccountModel,
20 required: true, 20 required: true,
21 as: 'AccountBlocked' 21 as: 'BlockedAccount'
22 } 22 }
23 ] 23 ]
24 } 24 }
@@ -67,10 +67,10 @@ export class AccountBlocklistModel extends Model<AccountBlocklistModel> {
67 name: 'targetAccountId', 67 name: 'targetAccountId',
68 allowNull: false 68 allowNull: false
69 }, 69 },
70 as: 'AccountBlocked', 70 as: 'BlockedAccount',
71 onDelete: 'CASCADE' 71 onDelete: 'CASCADE'
72 }) 72 })
73 AccountBlocked: AccountModel 73 BlockedAccount: AccountModel
74 74
75 static loadByAccountAndTarget (accountId: number, targetAccountId: number) { 75 static loadByAccountAndTarget (accountId: number, targetAccountId: number) {
76 const query = { 76 const query = {
@@ -104,7 +104,7 @@ export class AccountBlocklistModel extends Model<AccountBlocklistModel> {
104 toFormattedJSON (): AccountBlock { 104 toFormattedJSON (): AccountBlock {
105 return { 105 return {
106 byAccount: this.ByAccount.toFormattedJSON(), 106 byAccount: this.ByAccount.toFormattedJSON(),
107 accountBlocked: this.AccountBlocked.toFormattedJSON(), 107 blockedAccount: this.BlockedAccount.toFormattedJSON(),
108 createdAt: this.createdAt 108 createdAt: this.createdAt
109 } 109 }
110 } 110 }
diff --git a/server/models/server/server-blocklist.ts b/server/models/server/server-blocklist.ts
index 705ed2c6b..450f27152 100644
--- a/server/models/server/server-blocklist.ts
+++ b/server/models/server/server-blocklist.ts
@@ -72,7 +72,7 @@ export class ServerBlocklistModel extends Model<ServerBlocklistModel> {
72 }, 72 },
73 onDelete: 'CASCADE' 73 onDelete: 'CASCADE'
74 }) 74 })
75 ServerBlocked: ServerModel 75 BlockedServer: ServerModel
76 76
77 static loadByAccountAndHost (accountId: number, host: string) { 77 static loadByAccountAndHost (accountId: number, host: string) {
78 const query = { 78 const query = {
@@ -114,7 +114,7 @@ export class ServerBlocklistModel extends Model<ServerBlocklistModel> {
114 toFormattedJSON (): ServerBlock { 114 toFormattedJSON (): ServerBlock {
115 return { 115 return {
116 byAccount: this.ByAccount.toFormattedJSON(), 116 byAccount: this.ByAccount.toFormattedJSON(),
117 serverBlocked: this.ServerBlocked.toFormattedJSON(), 117 blockedServer: this.BlockedServer.toFormattedJSON(),
118 createdAt: this.createdAt 118 createdAt: this.createdAt
119 } 119 }
120 } 120 }
diff --git a/server/tests/api/check-params/blocklist.ts b/server/tests/api/check-params/blocklist.ts
index 8117c46a6..d24d9323f 100644
--- a/server/tests/api/check-params/blocklist.ts
+++ b/server/tests/api/check-params/blocklist.ts
@@ -85,6 +85,16 @@ describe('Test blocklist API validators', function () {
85 }) 85 })
86 }) 86 })
87 87
88 it('Should fail to block ourselves', async function () {
89 await makePostBodyRequest({
90 url: server.url,
91 token: server.accessToken,
92 path,
93 fields: { accountName: 'root' },
94 statusCodeExpected: 409
95 })
96 })
97
88 it('Should succeed with the correct params', async function () { 98 it('Should succeed with the correct params', async function () {
89 await makePostBodyRequest({ 99 await makePostBodyRequest({
90 url: server.url, 100 url: server.url,
@@ -170,6 +180,16 @@ describe('Test blocklist API validators', function () {
170 }) 180 })
171 }) 181 })
172 182
183 it('Should fail with our own server', async function () {
184 await makePostBodyRequest({
185 url: server.url,
186 token: server.accessToken,
187 path,
188 fields: { host: 'localhost:9001' },
189 statusCodeExpected: 409
190 })
191 })
192
173 it('Should succeed with the correct params', async function () { 193 it('Should succeed with the correct params', async function () {
174 await makePostBodyRequest({ 194 await makePostBodyRequest({
175 url: server.url, 195 url: server.url,
diff --git a/server/tests/api/users/account-blocklist.ts b/server/tests/api/users/account-blocklist.ts
index 00ad51461..026971331 100644
--- a/server/tests/api/users/account-blocklist.ts
+++ b/server/tests/api/users/account-blocklist.ts
@@ -183,9 +183,9 @@ describe('Test accounts blocklist', function () {
183 const block = blocks[0] 183 const block = blocks[0]
184 expect(block.byAccount.displayName).to.equal('root') 184 expect(block.byAccount.displayName).to.equal('root')
185 expect(block.byAccount.name).to.equal('root') 185 expect(block.byAccount.name).to.equal('root')
186 expect(block.accountBlocked.displayName).to.equal('user2') 186 expect(block.blockedAccount.displayName).to.equal('user2')
187 expect(block.accountBlocked.name).to.equal('user2') 187 expect(block.blockedAccount.name).to.equal('user2')
188 expect(block.accountBlocked.host).to.equal('localhost:9002') 188 expect(block.blockedAccount.host).to.equal('localhost:9002')
189 } 189 }
190 190
191 { 191 {
@@ -197,9 +197,9 @@ describe('Test accounts blocklist', function () {
197 const block = blocks[0] 197 const block = blocks[0]
198 expect(block.byAccount.displayName).to.equal('root') 198 expect(block.byAccount.displayName).to.equal('root')
199 expect(block.byAccount.name).to.equal('root') 199 expect(block.byAccount.name).to.equal('root')
200 expect(block.accountBlocked.displayName).to.equal('user1') 200 expect(block.blockedAccount.displayName).to.equal('user1')
201 expect(block.accountBlocked.name).to.equal('user1') 201 expect(block.blockedAccount.name).to.equal('user1')
202 expect(block.accountBlocked.host).to.equal('localhost:9001') 202 expect(block.blockedAccount.host).to.equal('localhost:9001')
203 } 203 }
204 }) 204 })
205 205
@@ -267,7 +267,7 @@ describe('Test accounts blocklist', function () {
267 const block = blocks[0] 267 const block = blocks[0]
268 expect(block.byAccount.displayName).to.equal('root') 268 expect(block.byAccount.displayName).to.equal('root')
269 expect(block.byAccount.name).to.equal('root') 269 expect(block.byAccount.name).to.equal('root')
270 expect(block.serverBlocked.host).to.equal('localhost:9002') 270 expect(block.blockedServer.host).to.equal('localhost:9002')
271 }) 271 })
272 272
273 it('Should unblock the remote server', async function () { 273 it('Should unblock the remote server', async function () {