diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/users/my-blocklist.ts | 4 | ||||
-rw-r--r-- | server/lib/blocklist.ts | 4 | ||||
-rw-r--r-- | server/middlewares/validators/blocklist.ts | 45 | ||||
-rw-r--r-- | server/models/account/account-blocklist.ts | 8 | ||||
-rw-r--r-- | server/models/server/server-blocklist.ts | 4 | ||||
-rw-r--r-- | server/tests/api/check-params/blocklist.ts | 20 | ||||
-rw-r--r-- | server/tests/api/users/account-blocklist.ts | 14 |
7 files changed, 81 insertions, 18 deletions
diff --git a/server/controllers/api/users/my-blocklist.ts b/server/controllers/api/users/my-blocklist.ts index e955ffde9..95a4105ec 100644 --- a/server/controllers/api/users/my-blocklist.ts +++ b/server/controllers/api/users/my-blocklist.ts | |||
@@ -6,7 +6,6 @@ import { | |||
6 | asyncRetryTransactionMiddleware, | 6 | asyncRetryTransactionMiddleware, |
7 | authenticate, | 7 | authenticate, |
8 | paginationValidator, | 8 | paginationValidator, |
9 | serverGetValidator, | ||
10 | setDefaultPagination, | 9 | setDefaultPagination, |
11 | setDefaultSort, | 10 | setDefaultSort, |
12 | unblockAccountByAccountValidator | 11 | unblockAccountByAccountValidator |
@@ -14,6 +13,7 @@ import { | |||
14 | import { | 13 | import { |
15 | accountsBlocklistSortValidator, | 14 | accountsBlocklistSortValidator, |
16 | blockAccountByAccountValidator, | 15 | blockAccountByAccountValidator, |
16 | blockServerByAccountValidator, | ||
17 | serversBlocklistSortValidator, | 17 | serversBlocklistSortValidator, |
18 | unblockServerByAccountValidator | 18 | unblockServerByAccountValidator |
19 | } from '../../../middlewares/validators' | 19 | } from '../../../middlewares/validators' |
@@ -58,7 +58,7 @@ myBlocklistRouter.get('/me/blocklist/servers', | |||
58 | 58 | ||
59 | myBlocklistRouter.post('/me/blocklist/servers', | 59 | myBlocklistRouter.post('/me/blocklist/servers', |
60 | authenticate, | 60 | authenticate, |
61 | asyncMiddleware(serverGetValidator), | 61 | asyncMiddleware(blockServerByAccountValidator), |
62 | asyncRetryTransactionMiddleware(blockServer) | 62 | asyncRetryTransactionMiddleware(blockServer) |
63 | ) | 63 | ) |
64 | 64 | ||
diff --git a/server/lib/blocklist.ts b/server/lib/blocklist.ts index 394c24537..1633e500c 100644 --- a/server/lib/blocklist.ts +++ b/server/lib/blocklist.ts | |||
@@ -4,7 +4,7 @@ import { ServerBlocklistModel } from '../models/server/server-blocklist' | |||
4 | 4 | ||
5 | function addAccountInBlocklist (byAccountId: number, targetAccountId: number) { | 5 | function addAccountInBlocklist (byAccountId: number, targetAccountId: number) { |
6 | return sequelizeTypescript.transaction(async t => { | 6 | return sequelizeTypescript.transaction(async t => { |
7 | return AccountBlocklistModel.create({ | 7 | return AccountBlocklistModel.upsert({ |
8 | accountId: byAccountId, | 8 | accountId: byAccountId, |
9 | targetAccountId: targetAccountId | 9 | targetAccountId: targetAccountId |
10 | }, { transaction: t }) | 10 | }, { transaction: t }) |
@@ -13,7 +13,7 @@ function addAccountInBlocklist (byAccountId: number, targetAccountId: number) { | |||
13 | 13 | ||
14 | function addServerInBlocklist (byAccountId: number, targetServerId: number) { | 14 | function addServerInBlocklist (byAccountId: number, targetServerId: number) { |
15 | return sequelizeTypescript.transaction(async t => { | 15 | return sequelizeTypescript.transaction(async t => { |
16 | return ServerBlocklistModel.create({ | 16 | return ServerBlocklistModel.upsert({ |
17 | accountId: byAccountId, | 17 | accountId: byAccountId, |
18 | targetServerId | 18 | targetServerId |
19 | }, { transaction: t }) | 19 | }, { transaction: t }) |
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 9dbd5e512..25c054d6b 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts | |||
@@ -1,4 +1,4 @@ | |||
1 | import { param, body } from 'express-validator/check' | 1 | import { body, param } from 'express-validator/check' |
2 | import * as express from 'express' | 2 | import * as express from 'express' |
3 | import { logger } from '../../helpers/logger' | 3 | import { logger } from '../../helpers/logger' |
4 | import { areValidationErrors } from './utils' | 4 | import { areValidationErrors } from './utils' |
@@ -7,6 +7,8 @@ import { UserModel } from '../../models/account/user' | |||
7 | import { AccountBlocklistModel } from '../../models/account/account-blocklist' | 7 | import { AccountBlocklistModel } from '../../models/account/account-blocklist' |
8 | import { isHostValid } from '../../helpers/custom-validators/servers' | 8 | import { isHostValid } from '../../helpers/custom-validators/servers' |
9 | import { ServerBlocklistModel } from '../../models/server/server-blocklist' | 9 | import { ServerBlocklistModel } from '../../models/server/server-blocklist' |
10 | import { ServerModel } from '../../models/server/server' | ||
11 | import { CONFIG } from '../../initializers' | ||
10 | 12 | ||
11 | const blockAccountByAccountValidator = [ | 13 | const blockAccountByAccountValidator = [ |
12 | body('accountName').exists().withMessage('Should have an account name with host'), | 14 | body('accountName').exists().withMessage('Should have an account name with host'), |
@@ -17,6 +19,17 @@ const blockAccountByAccountValidator = [ | |||
17 | if (areValidationErrors(req, res)) return | 19 | if (areValidationErrors(req, res)) return |
18 | if (!await isAccountNameWithHostExist(req.body.accountName, res)) return | 20 | if (!await isAccountNameWithHostExist(req.body.accountName, res)) return |
19 | 21 | ||
22 | const user = res.locals.oauth.token.User as UserModel | ||
23 | const accountToBlock = res.locals.account | ||
24 | |||
25 | if (user.Account.id === accountToBlock.id) { | ||
26 | res.status(409) | ||
27 | .send({ error: 'You cannot block yourself.' }) | ||
28 | .end() | ||
29 | |||
30 | return | ||
31 | } | ||
32 | |||
20 | return next() | 33 | return next() |
21 | } | 34 | } |
22 | ] | 35 | ] |
@@ -38,6 +51,35 @@ const unblockAccountByAccountValidator = [ | |||
38 | } | 51 | } |
39 | ] | 52 | ] |
40 | 53 | ||
54 | const blockServerByAccountValidator = [ | ||
55 | body('host').custom(isHostValid).withMessage('Should have a valid host'), | ||
56 | |||
57 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
58 | logger.debug('Checking serverGetValidator parameters', { parameters: req.body }) | ||
59 | |||
60 | if (areValidationErrors(req, res)) return | ||
61 | |||
62 | const host: string = req.body.host | ||
63 | |||
64 | if (host === CONFIG.WEBSERVER.HOST) { | ||
65 | return res.status(409) | ||
66 | .send({ error: 'You cannot block your own server.' }) | ||
67 | .end() | ||
68 | } | ||
69 | |||
70 | const server = await ServerModel.loadByHost(host) | ||
71 | if (!server) { | ||
72 | return res.status(404) | ||
73 | .send({ error: 'Server host not found.' }) | ||
74 | .end() | ||
75 | } | ||
76 | |||
77 | res.locals.server = server | ||
78 | |||
79 | return next() | ||
80 | } | ||
81 | ] | ||
82 | |||
41 | const unblockServerByAccountValidator = [ | 83 | const unblockServerByAccountValidator = [ |
42 | param('host').custom(isHostValid).withMessage('Should have an account name with host'), | 84 | param('host').custom(isHostValid).withMessage('Should have an account name with host'), |
43 | 85 | ||
@@ -56,6 +98,7 @@ const unblockServerByAccountValidator = [ | |||
56 | // --------------------------------------------------------------------------- | 98 | // --------------------------------------------------------------------------- |
57 | 99 | ||
58 | export { | 100 | export { |
101 | blockServerByAccountValidator, | ||
59 | blockAccountByAccountValidator, | 102 | blockAccountByAccountValidator, |
60 | unblockAccountByAccountValidator, | 103 | unblockAccountByAccountValidator, |
61 | unblockServerByAccountValidator | 104 | unblockServerByAccountValidator |
diff --git a/server/models/account/account-blocklist.ts b/server/models/account/account-blocklist.ts index bacd122e8..fa2819235 100644 --- a/server/models/account/account-blocklist.ts +++ b/server/models/account/account-blocklist.ts | |||
@@ -18,7 +18,7 @@ enum ScopeNames { | |||
18 | { | 18 | { |
19 | model: () => AccountModel, | 19 | model: () => AccountModel, |
20 | required: true, | 20 | required: true, |
21 | as: 'AccountBlocked' | 21 | as: 'BlockedAccount' |
22 | } | 22 | } |
23 | ] | 23 | ] |
24 | } | 24 | } |
@@ -67,10 +67,10 @@ export class AccountBlocklistModel extends Model<AccountBlocklistModel> { | |||
67 | name: 'targetAccountId', | 67 | name: 'targetAccountId', |
68 | allowNull: false | 68 | allowNull: false |
69 | }, | 69 | }, |
70 | as: 'AccountBlocked', | 70 | as: 'BlockedAccount', |
71 | onDelete: 'CASCADE' | 71 | onDelete: 'CASCADE' |
72 | }) | 72 | }) |
73 | AccountBlocked: AccountModel | 73 | BlockedAccount: AccountModel |
74 | 74 | ||
75 | static loadByAccountAndTarget (accountId: number, targetAccountId: number) { | 75 | static loadByAccountAndTarget (accountId: number, targetAccountId: number) { |
76 | const query = { | 76 | const query = { |
@@ -104,7 +104,7 @@ export class AccountBlocklistModel extends Model<AccountBlocklistModel> { | |||
104 | toFormattedJSON (): AccountBlock { | 104 | toFormattedJSON (): AccountBlock { |
105 | return { | 105 | return { |
106 | byAccount: this.ByAccount.toFormattedJSON(), | 106 | byAccount: this.ByAccount.toFormattedJSON(), |
107 | accountBlocked: this.AccountBlocked.toFormattedJSON(), | 107 | blockedAccount: this.BlockedAccount.toFormattedJSON(), |
108 | createdAt: this.createdAt | 108 | createdAt: this.createdAt |
109 | } | 109 | } |
110 | } | 110 | } |
diff --git a/server/models/server/server-blocklist.ts b/server/models/server/server-blocklist.ts index 705ed2c6b..450f27152 100644 --- a/server/models/server/server-blocklist.ts +++ b/server/models/server/server-blocklist.ts | |||
@@ -72,7 +72,7 @@ export class ServerBlocklistModel extends Model<ServerBlocklistModel> { | |||
72 | }, | 72 | }, |
73 | onDelete: 'CASCADE' | 73 | onDelete: 'CASCADE' |
74 | }) | 74 | }) |
75 | ServerBlocked: ServerModel | 75 | BlockedServer: ServerModel |
76 | 76 | ||
77 | static loadByAccountAndHost (accountId: number, host: string) { | 77 | static loadByAccountAndHost (accountId: number, host: string) { |
78 | const query = { | 78 | const query = { |
@@ -114,7 +114,7 @@ export class ServerBlocklistModel extends Model<ServerBlocklistModel> { | |||
114 | toFormattedJSON (): ServerBlock { | 114 | toFormattedJSON (): ServerBlock { |
115 | return { | 115 | return { |
116 | byAccount: this.ByAccount.toFormattedJSON(), | 116 | byAccount: this.ByAccount.toFormattedJSON(), |
117 | serverBlocked: this.ServerBlocked.toFormattedJSON(), | 117 | blockedServer: this.BlockedServer.toFormattedJSON(), |
118 | createdAt: this.createdAt | 118 | createdAt: this.createdAt |
119 | } | 119 | } |
120 | } | 120 | } |
diff --git a/server/tests/api/check-params/blocklist.ts b/server/tests/api/check-params/blocklist.ts index 8117c46a6..d24d9323f 100644 --- a/server/tests/api/check-params/blocklist.ts +++ b/server/tests/api/check-params/blocklist.ts | |||
@@ -85,6 +85,16 @@ describe('Test blocklist API validators', function () { | |||
85 | }) | 85 | }) |
86 | }) | 86 | }) |
87 | 87 | ||
88 | it('Should fail to block ourselves', async function () { | ||
89 | await makePostBodyRequest({ | ||
90 | url: server.url, | ||
91 | token: server.accessToken, | ||
92 | path, | ||
93 | fields: { accountName: 'root' }, | ||
94 | statusCodeExpected: 409 | ||
95 | }) | ||
96 | }) | ||
97 | |||
88 | it('Should succeed with the correct params', async function () { | 98 | it('Should succeed with the correct params', async function () { |
89 | await makePostBodyRequest({ | 99 | await makePostBodyRequest({ |
90 | url: server.url, | 100 | url: server.url, |
@@ -170,6 +180,16 @@ describe('Test blocklist API validators', function () { | |||
170 | }) | 180 | }) |
171 | }) | 181 | }) |
172 | 182 | ||
183 | it('Should fail with our own server', async function () { | ||
184 | await makePostBodyRequest({ | ||
185 | url: server.url, | ||
186 | token: server.accessToken, | ||
187 | path, | ||
188 | fields: { host: 'localhost:9001' }, | ||
189 | statusCodeExpected: 409 | ||
190 | }) | ||
191 | }) | ||
192 | |||
173 | it('Should succeed with the correct params', async function () { | 193 | it('Should succeed with the correct params', async function () { |
174 | await makePostBodyRequest({ | 194 | await makePostBodyRequest({ |
175 | url: server.url, | 195 | url: server.url, |
diff --git a/server/tests/api/users/account-blocklist.ts b/server/tests/api/users/account-blocklist.ts index 00ad51461..026971331 100644 --- a/server/tests/api/users/account-blocklist.ts +++ b/server/tests/api/users/account-blocklist.ts | |||
@@ -183,9 +183,9 @@ describe('Test accounts blocklist', function () { | |||
183 | const block = blocks[0] | 183 | const block = blocks[0] |
184 | expect(block.byAccount.displayName).to.equal('root') | 184 | expect(block.byAccount.displayName).to.equal('root') |
185 | expect(block.byAccount.name).to.equal('root') | 185 | expect(block.byAccount.name).to.equal('root') |
186 | expect(block.accountBlocked.displayName).to.equal('user2') | 186 | expect(block.blockedAccount.displayName).to.equal('user2') |
187 | expect(block.accountBlocked.name).to.equal('user2') | 187 | expect(block.blockedAccount.name).to.equal('user2') |
188 | expect(block.accountBlocked.host).to.equal('localhost:9002') | 188 | expect(block.blockedAccount.host).to.equal('localhost:9002') |
189 | } | 189 | } |
190 | 190 | ||
191 | { | 191 | { |
@@ -197,9 +197,9 @@ describe('Test accounts blocklist', function () { | |||
197 | const block = blocks[0] | 197 | const block = blocks[0] |
198 | expect(block.byAccount.displayName).to.equal('root') | 198 | expect(block.byAccount.displayName).to.equal('root') |
199 | expect(block.byAccount.name).to.equal('root') | 199 | expect(block.byAccount.name).to.equal('root') |
200 | expect(block.accountBlocked.displayName).to.equal('user1') | 200 | expect(block.blockedAccount.displayName).to.equal('user1') |
201 | expect(block.accountBlocked.name).to.equal('user1') | 201 | expect(block.blockedAccount.name).to.equal('user1') |
202 | expect(block.accountBlocked.host).to.equal('localhost:9001') | 202 | expect(block.blockedAccount.host).to.equal('localhost:9001') |
203 | } | 203 | } |
204 | }) | 204 | }) |
205 | 205 | ||
@@ -267,7 +267,7 @@ describe('Test accounts blocklist', function () { | |||
267 | const block = blocks[0] | 267 | const block = blocks[0] |
268 | expect(block.byAccount.displayName).to.equal('root') | 268 | expect(block.byAccount.displayName).to.equal('root') |
269 | expect(block.byAccount.name).to.equal('root') | 269 | expect(block.byAccount.name).to.equal('root') |
270 | expect(block.serverBlocked.host).to.equal('localhost:9002') | 270 | expect(block.blockedServer.host).to.equal('localhost:9002') |
271 | }) | 271 | }) |
272 | 272 | ||
273 | it('Should unblock the remote server', async function () { | 273 | it('Should unblock the remote server', async function () { |