diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/lib/schedulers/videos-redundancy-scheduler.ts | 2 | ||||
-rw-r--r-- | server/middlewares/csp.ts | 4 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 11 |
3 files changed, 11 insertions, 6 deletions
diff --git a/server/lib/schedulers/videos-redundancy-scheduler.ts b/server/lib/schedulers/videos-redundancy-scheduler.ts index d9018e606..21fe51156 100644 --- a/server/lib/schedulers/videos-redundancy-scheduler.ts +++ b/server/lib/schedulers/videos-redundancy-scheduler.ts | |||
@@ -200,7 +200,7 @@ export class VideosRedundancyScheduler extends AbstractScheduler { | |||
200 | const tmpPath = await downloadWebTorrentVideo({ magnetUri }, VIDEO_IMPORT_TIMEOUT) | 200 | const tmpPath = await downloadWebTorrentVideo({ magnetUri }, VIDEO_IMPORT_TIMEOUT) |
201 | 201 | ||
202 | const destPath = join(CONFIG.STORAGE.REDUNDANCY_DIR, video.getVideoFilename(file)) | 202 | const destPath = join(CONFIG.STORAGE.REDUNDANCY_DIR, video.getVideoFilename(file)) |
203 | await move(tmpPath, destPath) | 203 | await move(tmpPath, destPath, { overwrite: true }) |
204 | 204 | ||
205 | const createdModel: MVideoRedundancyFileVideo = await VideoRedundancyModel.create({ | 205 | const createdModel: MVideoRedundancyFileVideo = await VideoRedundancyModel.create({ |
206 | expiresOn: this.buildNewExpiration(redundancy.minLifetime), | 206 | expiresOn: this.buildNewExpiration(redundancy.minLifetime), |
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index d484b3021..d11d70790 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts | |||
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({}, | |||
7 | connectSrc: ['*', 'data:'], | 7 | connectSrc: ['*', 'data:'], |
8 | mediaSrc: ["'self'", 'https:', 'blob:'], | 8 | mediaSrc: ["'self'", 'https:', 'blob:'], |
9 | fontSrc: ["'self'", 'data:'], | 9 | fontSrc: ["'self'", 'data:'], |
10 | imgSrc: ["'self'", 'data:'], | 10 | imgSrc: ["'self'", 'data:', 'blob:'], |
11 | scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"], | 11 | scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'], |
12 | styleSrc: ["'self' 'unsafe-inline'"], | 12 | styleSrc: ["'self' 'unsafe-inline'"], |
13 | objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it | 13 | objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it |
14 | formAction: ["'self'"], | 14 | formAction: ["'self'"], |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 40dd0f0e9..d51bc27e6 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -39,7 +39,9 @@ const usersAddValidator = [ | |||
39 | body('email').isEmail().withMessage('Should have a valid email'), | 39 | body('email').isEmail().withMessage('Should have a valid email'), |
40 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 40 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
41 | body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), | 41 | body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), |
42 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | 42 | body('role') |
43 | .customSanitizer(toIntOrNull) | ||
44 | .custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
43 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), | 45 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), |
44 | 46 | ||
45 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 47 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
@@ -51,7 +53,7 @@ const usersAddValidator = [ | |||
51 | const authUser = res.locals.oauth.token.User | 53 | const authUser = res.locals.oauth.token.User |
52 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { | 54 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { |
53 | return res.status(403) | 55 | return res.status(403) |
54 | .json({ error: 'You can only create users (and not administrators or moderators' }) | 56 | .json({ error: 'You can only create users (and not administrators or moderators)' }) |
55 | } | 57 | } |
56 | 58 | ||
57 | return next() | 59 | return next() |
@@ -161,7 +163,10 @@ const usersUpdateValidator = [ | |||
161 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), | 163 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), |
162 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 164 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
163 | body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), | 165 | body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), |
164 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | 166 | body('role') |
167 | .optional() | ||
168 | .customSanitizer(toIntOrNull) | ||
169 | .custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
165 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), | 170 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), |
166 | 171 | ||
167 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 172 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |