diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/middlewares/validators/pods.ts | 6 | ||||
| -rw-r--r-- | server/middlewares/validators/users.ts | 36 | ||||
| -rw-r--r-- | server/middlewares/validators/videos.ts | 42 |
3 files changed, 64 insertions, 20 deletions
diff --git a/server/middlewares/validators/pods.ts b/server/middlewares/validators/pods.ts index 4d0e054b0..3a0f56f6a 100644 --- a/server/middlewares/validators/pods.ts +++ b/server/middlewares/validators/pods.ts | |||
| @@ -11,7 +11,11 @@ import { isTestInstance } from '../../helpers' | |||
| 11 | function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 11 | function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 12 | // Force https if the administrator wants to make friends | 12 | // Force https if the administrator wants to make friends |
| 13 | if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') { | 13 | if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') { |
| 14 | return res.status(400).send('Cannot make friends with a non HTTPS web server.') | 14 | return res.status(400) |
| 15 | .json({ | ||
| 16 | error: 'Cannot make friends with a non HTTPS web server.' | ||
| 17 | }) | ||
| 18 | .end() | ||
| 15 | } | 19 | } |
| 16 | 20 | ||
| 17 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() | 21 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index aec6324bf..15c07c693 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -45,9 +45,13 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next | |||
| 45 | return res.sendStatus(500) | 45 | return res.sendStatus(500) |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | if (user.username === 'root') return res.status(400).send('Cannot remove the root user') | 48 | if (user.username === 'root') { |
| 49 | return res.status(400) | ||
| 50 | .send({ error: 'Cannot remove the root user' }) | ||
| 51 | .end() | ||
| 52 | } | ||
| 49 | 53 | ||
| 50 | next() | 54 | return next() |
| 51 | }) | 55 | }) |
| 52 | }) | 56 | }) |
| 53 | } | 57 | } |
| @@ -99,9 +103,13 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response, | |||
| 99 | 103 | ||
| 100 | videoPromise | 104 | videoPromise |
| 101 | .then(video => { | 105 | .then(video => { |
| 102 | if (!video) return res.status(404).send('Video not found') | 106 | if (!video) { |
| 107 | return res.status(404) | ||
| 108 | .json({ error: 'Video not found' }) | ||
| 109 | .end() | ||
| 110 | } | ||
| 103 | 111 | ||
| 104 | next() | 112 | return next() |
| 105 | }) | 113 | }) |
| 106 | .catch(err => { | 114 | .catch(err => { |
| 107 | logger.error('Error in user request validator.', err) | 115 | logger.error('Error in user request validator.', err) |
| @@ -113,7 +121,9 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response, | |||
| 113 | function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { | 121 | function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 114 | isSignupAllowed().then(allowed => { | 122 | isSignupAllowed().then(allowed => { |
| 115 | if (allowed === false) { | 123 | if (allowed === false) { |
| 116 | return res.status(403).send('User registration is not enabled or user limit is reached.') | 124 | return res.status(403) |
| 125 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | ||
| 126 | .end() | ||
| 117 | } | 127 | } |
| 118 | 128 | ||
| 119 | return next() | 129 | return next() |
| @@ -138,10 +148,14 @@ export { | |||
| 138 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { | 148 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { |
| 139 | db.User.loadById(id) | 149 | db.User.loadById(id) |
| 140 | .then(user => { | 150 | .then(user => { |
| 141 | if (!user) return res.status(404).send('User not found') | 151 | if (!user) { |
| 152 | return res.status(404) | ||
| 153 | .send({ error: 'User not found' }) | ||
| 154 | .end() | ||
| 155 | } | ||
| 142 | 156 | ||
| 143 | res.locals.user = user | 157 | res.locals.user = user |
| 144 | callback(null, user) | 158 | return callback(null, user) |
| 145 | }) | 159 | }) |
| 146 | .catch(err => { | 160 | .catch(err => { |
| 147 | logger.error('Error in user request validator.', err) | 161 | logger.error('Error in user request validator.', err) |
| @@ -152,9 +166,13 @@ function checkUserExists (id: number, res: express.Response, callback: (err: Err | |||
| 152 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { | 166 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { |
| 153 | db.User.loadByUsernameOrEmail(username, email) | 167 | db.User.loadByUsernameOrEmail(username, email) |
| 154 | .then(user => { | 168 | .then(user => { |
| 155 | if (user) return res.status(409).send('User already exists.') | 169 | if (user) { |
| 170 | return res.status(409) | ||
| 171 | .send({ error: 'User already exists.' }) | ||
| 172 | .end() | ||
| 173 | } | ||
| 156 | 174 | ||
| 157 | callback() | 175 | return callback() |
| 158 | }) | 176 | }) |
| 159 | .catch(err => { | 177 | .catch(err => { |
| 160 | logger.error('Error in usersAdd request validator.', err) | 178 | logger.error('Error in usersAdd request validator.', err) |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 519e3d46c..213b4c46b 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
| @@ -30,7 +30,9 @@ function videosAddValidator (req: express.Request, res: express.Response, next: | |||
| 30 | user.isAbleToUploadVideo(videoFile) | 30 | user.isAbleToUploadVideo(videoFile) |
| 31 | .then(isAble => { | 31 | .then(isAble => { |
| 32 | if (isAble === false) { | 32 | if (isAble === false) { |
| 33 | res.status(403).send('The user video quota is exceeded with this video.') | 33 | res.status(403) |
| 34 | .json({ error: 'The user video quota is exceeded with this video.' }) | ||
| 35 | .end() | ||
| 34 | 36 | ||
| 35 | return undefined | 37 | return undefined |
| 36 | } | 38 | } |
| @@ -38,17 +40,23 @@ function videosAddValidator (req: express.Request, res: express.Response, next: | |||
| 38 | return db.Video.getDurationFromFile(videoFile.path) | 40 | return db.Video.getDurationFromFile(videoFile.path) |
| 39 | .catch(err => { | 41 | .catch(err => { |
| 40 | logger.error('Invalid input file in videosAddValidator.', err) | 42 | logger.error('Invalid input file in videosAddValidator.', err) |
| 41 | res.status(400).send('Invalid input file.') | 43 | res.status(400) |
| 44 | .json({ error: 'Invalid input file.' }) | ||
| 45 | .end() | ||
| 42 | 46 | ||
| 43 | return undefined | 47 | return undefined |
| 44 | }) | 48 | }) |
| 45 | }) | 49 | }) |
| 46 | .then(duration => { | 50 | .then(duration => { |
| 47 | // Previous test failed, abort | 51 | // Previous test failed, abort |
| 48 | if (duration === undefined) return undefined | 52 | if (duration === undefined) return |
| 49 | 53 | ||
| 50 | if (!isVideoDurationValid('' + duration)) { | 54 | if (!isVideoDurationValid('' + duration)) { |
| 51 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | 55 | return res.status(400) |
| 56 | .json({ | ||
| 57 | error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).' | ||
| 58 | }) | ||
| 59 | .end() | ||
| 52 | } | 60 | } |
| 53 | 61 | ||
| 54 | videoFile['duration'] = duration | 62 | videoFile['duration'] = duration |
| @@ -80,11 +88,15 @@ function videosUpdateValidator (req: express.Request, res: express.Response, nex | |||
| 80 | checkVideoExists(req.params.id, res, () => { | 88 | checkVideoExists(req.params.id, res, () => { |
| 81 | // We need to make additional checks | 89 | // We need to make additional checks |
| 82 | if (res.locals.video.isOwned() === false) { | 90 | if (res.locals.video.isOwned() === false) { |
| 83 | return res.status(403).send('Cannot update video of another pod') | 91 | return res.status(403) |
| 92 | .json({ error: 'Cannot update video of another pod' }) | ||
| 93 | .end() | ||
| 84 | } | 94 | } |
| 85 | 95 | ||
| 86 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 96 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
| 87 | return res.status(403).send('Cannot update video of another user') | 97 | return res.status(403) |
| 98 | .json({ error: 'Cannot update video of another user' }) | ||
| 99 | .end() | ||
| 88 | } | 100 | } |
| 89 | 101 | ||
| 90 | next() | 102 | next() |
| @@ -188,7 +200,11 @@ function checkVideoExists (id: string, res: express.Response, callback: () => vo | |||
| 188 | } | 200 | } |
| 189 | 201 | ||
| 190 | promise.then(video => { | 202 | promise.then(video => { |
| 191 | if (!video) return res.status(404).send('Video not found') | 203 | if (!video) { |
| 204 | return res.status(404) | ||
| 205 | .json({ error: 'Video not found' }) | ||
| 206 | .end() | ||
| 207 | } | ||
| 192 | 208 | ||
| 193 | res.locals.video = video | 209 | res.locals.video = video |
| 194 | callback() | 210 | callback() |
| @@ -204,14 +220,18 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
| 204 | db.User.loadById(userId) | 220 | db.User.loadById(userId) |
| 205 | .then(user => { | 221 | .then(user => { |
| 206 | if (res.locals.video.isOwned() === false) { | 222 | if (res.locals.video.isOwned() === false) { |
| 207 | return res.status(403).send('Cannot remove video of another pod, blacklist it') | 223 | return res.status(403) |
| 224 | .json({ error: 'Cannot remove video of another pod, blacklist it' }) | ||
| 225 | .end() | ||
| 208 | } | 226 | } |
| 209 | 227 | ||
| 210 | // Check if the user can delete the video | 228 | // Check if the user can delete the video |
| 211 | // The user can delete it if s/he is an admin | 229 | // The user can delete it if s/he is an admin |
| 212 | // Or if s/he is the video's author | 230 | // Or if s/he is the video's author |
| 213 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 231 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
| 214 | return res.status(403).send('Cannot remove video of another user') | 232 | return res.status(403) |
| 233 | .json({ error: 'Cannot remove video of another user' }) | ||
| 234 | .end() | ||
| 215 | } | 235 | } |
| 216 | 236 | ||
| 217 | // If we reach this comment, we can delete the video | 237 | // If we reach this comment, we can delete the video |
| @@ -225,7 +245,9 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
| 225 | 245 | ||
| 226 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { | 246 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { |
| 227 | if (res.locals.video.isOwned() === true) { | 247 | if (res.locals.video.isOwned() === true) { |
| 228 | return res.status(403).send('Cannot blacklist a local video') | 248 | return res.status(403) |
| 249 | .json({ error: 'Cannot blacklist a local video' }) | ||
| 250 | .end() | ||
| 229 | } | 251 | } |
| 230 | 252 | ||
| 231 | callback() | 253 | callback() |