diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/pods.ts | 6 | ||||
-rw-r--r-- | server/middlewares/validators/users.ts | 36 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 42 |
3 files changed, 64 insertions, 20 deletions
diff --git a/server/middlewares/validators/pods.ts b/server/middlewares/validators/pods.ts index 4d0e054b0..3a0f56f6a 100644 --- a/server/middlewares/validators/pods.ts +++ b/server/middlewares/validators/pods.ts | |||
@@ -11,7 +11,11 @@ import { isTestInstance } from '../../helpers' | |||
11 | function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 11 | function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
12 | // Force https if the administrator wants to make friends | 12 | // Force https if the administrator wants to make friends |
13 | if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') { | 13 | if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') { |
14 | return res.status(400).send('Cannot make friends with a non HTTPS web server.') | 14 | return res.status(400) |
15 | .json({ | ||
16 | error: 'Cannot make friends with a non HTTPS web server.' | ||
17 | }) | ||
18 | .end() | ||
15 | } | 19 | } |
16 | 20 | ||
17 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() | 21 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index aec6324bf..15c07c693 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -45,9 +45,13 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next | |||
45 | return res.sendStatus(500) | 45 | return res.sendStatus(500) |
46 | } | 46 | } |
47 | 47 | ||
48 | if (user.username === 'root') return res.status(400).send('Cannot remove the root user') | 48 | if (user.username === 'root') { |
49 | return res.status(400) | ||
50 | .send({ error: 'Cannot remove the root user' }) | ||
51 | .end() | ||
52 | } | ||
49 | 53 | ||
50 | next() | 54 | return next() |
51 | }) | 55 | }) |
52 | }) | 56 | }) |
53 | } | 57 | } |
@@ -99,9 +103,13 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response, | |||
99 | 103 | ||
100 | videoPromise | 104 | videoPromise |
101 | .then(video => { | 105 | .then(video => { |
102 | if (!video) return res.status(404).send('Video not found') | 106 | if (!video) { |
107 | return res.status(404) | ||
108 | .json({ error: 'Video not found' }) | ||
109 | .end() | ||
110 | } | ||
103 | 111 | ||
104 | next() | 112 | return next() |
105 | }) | 113 | }) |
106 | .catch(err => { | 114 | .catch(err => { |
107 | logger.error('Error in user request validator.', err) | 115 | logger.error('Error in user request validator.', err) |
@@ -113,7 +121,9 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response, | |||
113 | function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { | 121 | function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) { |
114 | isSignupAllowed().then(allowed => { | 122 | isSignupAllowed().then(allowed => { |
115 | if (allowed === false) { | 123 | if (allowed === false) { |
116 | return res.status(403).send('User registration is not enabled or user limit is reached.') | 124 | return res.status(403) |
125 | .send({ error: 'User registration is not enabled or user limit is reached.' }) | ||
126 | .end() | ||
117 | } | 127 | } |
118 | 128 | ||
119 | return next() | 129 | return next() |
@@ -138,10 +148,14 @@ export { | |||
138 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { | 148 | function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) { |
139 | db.User.loadById(id) | 149 | db.User.loadById(id) |
140 | .then(user => { | 150 | .then(user => { |
141 | if (!user) return res.status(404).send('User not found') | 151 | if (!user) { |
152 | return res.status(404) | ||
153 | .send({ error: 'User not found' }) | ||
154 | .end() | ||
155 | } | ||
142 | 156 | ||
143 | res.locals.user = user | 157 | res.locals.user = user |
144 | callback(null, user) | 158 | return callback(null, user) |
145 | }) | 159 | }) |
146 | .catch(err => { | 160 | .catch(err => { |
147 | logger.error('Error in user request validator.', err) | 161 | logger.error('Error in user request validator.', err) |
@@ -152,9 +166,13 @@ function checkUserExists (id: number, res: express.Response, callback: (err: Err | |||
152 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { | 166 | function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) { |
153 | db.User.loadByUsernameOrEmail(username, email) | 167 | db.User.loadByUsernameOrEmail(username, email) |
154 | .then(user => { | 168 | .then(user => { |
155 | if (user) return res.status(409).send('User already exists.') | 169 | if (user) { |
170 | return res.status(409) | ||
171 | .send({ error: 'User already exists.' }) | ||
172 | .end() | ||
173 | } | ||
156 | 174 | ||
157 | callback() | 175 | return callback() |
158 | }) | 176 | }) |
159 | .catch(err => { | 177 | .catch(err => { |
160 | logger.error('Error in usersAdd request validator.', err) | 178 | logger.error('Error in usersAdd request validator.', err) |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 519e3d46c..213b4c46b 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -30,7 +30,9 @@ function videosAddValidator (req: express.Request, res: express.Response, next: | |||
30 | user.isAbleToUploadVideo(videoFile) | 30 | user.isAbleToUploadVideo(videoFile) |
31 | .then(isAble => { | 31 | .then(isAble => { |
32 | if (isAble === false) { | 32 | if (isAble === false) { |
33 | res.status(403).send('The user video quota is exceeded with this video.') | 33 | res.status(403) |
34 | .json({ error: 'The user video quota is exceeded with this video.' }) | ||
35 | .end() | ||
34 | 36 | ||
35 | return undefined | 37 | return undefined |
36 | } | 38 | } |
@@ -38,17 +40,23 @@ function videosAddValidator (req: express.Request, res: express.Response, next: | |||
38 | return db.Video.getDurationFromFile(videoFile.path) | 40 | return db.Video.getDurationFromFile(videoFile.path) |
39 | .catch(err => { | 41 | .catch(err => { |
40 | logger.error('Invalid input file in videosAddValidator.', err) | 42 | logger.error('Invalid input file in videosAddValidator.', err) |
41 | res.status(400).send('Invalid input file.') | 43 | res.status(400) |
44 | .json({ error: 'Invalid input file.' }) | ||
45 | .end() | ||
42 | 46 | ||
43 | return undefined | 47 | return undefined |
44 | }) | 48 | }) |
45 | }) | 49 | }) |
46 | .then(duration => { | 50 | .then(duration => { |
47 | // Previous test failed, abort | 51 | // Previous test failed, abort |
48 | if (duration === undefined) return undefined | 52 | if (duration === undefined) return |
49 | 53 | ||
50 | if (!isVideoDurationValid('' + duration)) { | 54 | if (!isVideoDurationValid('' + duration)) { |
51 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | 55 | return res.status(400) |
56 | .json({ | ||
57 | error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).' | ||
58 | }) | ||
59 | .end() | ||
52 | } | 60 | } |
53 | 61 | ||
54 | videoFile['duration'] = duration | 62 | videoFile['duration'] = duration |
@@ -80,11 +88,15 @@ function videosUpdateValidator (req: express.Request, res: express.Response, nex | |||
80 | checkVideoExists(req.params.id, res, () => { | 88 | checkVideoExists(req.params.id, res, () => { |
81 | // We need to make additional checks | 89 | // We need to make additional checks |
82 | if (res.locals.video.isOwned() === false) { | 90 | if (res.locals.video.isOwned() === false) { |
83 | return res.status(403).send('Cannot update video of another pod') | 91 | return res.status(403) |
92 | .json({ error: 'Cannot update video of another pod' }) | ||
93 | .end() | ||
84 | } | 94 | } |
85 | 95 | ||
86 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 96 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
87 | return res.status(403).send('Cannot update video of another user') | 97 | return res.status(403) |
98 | .json({ error: 'Cannot update video of another user' }) | ||
99 | .end() | ||
88 | } | 100 | } |
89 | 101 | ||
90 | next() | 102 | next() |
@@ -188,7 +200,11 @@ function checkVideoExists (id: string, res: express.Response, callback: () => vo | |||
188 | } | 200 | } |
189 | 201 | ||
190 | promise.then(video => { | 202 | promise.then(video => { |
191 | if (!video) return res.status(404).send('Video not found') | 203 | if (!video) { |
204 | return res.status(404) | ||
205 | .json({ error: 'Video not found' }) | ||
206 | .end() | ||
207 | } | ||
192 | 208 | ||
193 | res.locals.video = video | 209 | res.locals.video = video |
194 | callback() | 210 | callback() |
@@ -204,14 +220,18 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
204 | db.User.loadById(userId) | 220 | db.User.loadById(userId) |
205 | .then(user => { | 221 | .then(user => { |
206 | if (res.locals.video.isOwned() === false) { | 222 | if (res.locals.video.isOwned() === false) { |
207 | return res.status(403).send('Cannot remove video of another pod, blacklist it') | 223 | return res.status(403) |
224 | .json({ error: 'Cannot remove video of another pod, blacklist it' }) | ||
225 | .end() | ||
208 | } | 226 | } |
209 | 227 | ||
210 | // Check if the user can delete the video | 228 | // Check if the user can delete the video |
211 | // The user can delete it if s/he is an admin | 229 | // The user can delete it if s/he is an admin |
212 | // Or if s/he is the video's author | 230 | // Or if s/he is the video's author |
213 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 231 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
214 | return res.status(403).send('Cannot remove video of another user') | 232 | return res.status(403) |
233 | .json({ error: 'Cannot remove video of another user' }) | ||
234 | .end() | ||
215 | } | 235 | } |
216 | 236 | ||
217 | // If we reach this comment, we can delete the video | 237 | // If we reach this comment, we can delete the video |
@@ -225,7 +245,9 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
225 | 245 | ||
226 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { | 246 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { |
227 | if (res.locals.video.isOwned() === true) { | 247 | if (res.locals.video.isOwned() === true) { |
228 | return res.status(403).send('Cannot blacklist a local video') | 248 | return res.status(403) |
249 | .json({ error: 'Cannot blacklist a local video' }) | ||
250 | .end() | ||
229 | } | 251 | } |
230 | 252 | ||
231 | callback() | 253 | callback() |