aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
Commit message (Collapse)AuthorAgeFilesLines
* add Content Security Policy (#1252)Rigel Kent2018-12-133-1/+48
| | | | | | | | | | | | | | | | | | | | | | * add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support
* enable email verification by admin (#1348)Josh Morel2018-11-211-0/+1
| | | | | | | | | | | | | * enable email verification by admin * rename/label to set email as verified to be more explicit that admin is not sending another email to confirm * add update user emailVerified check-params test * make user.model emailVerified property required
* Check follow constraints when getting a videoChocobozzz2018-11-162-11/+57
|
* Do not host remote AP objectsChocobozzz2018-11-161-0/+7
|
* Improve video upload error handlingChocobozzz2018-11-161-0/+2
|
* Check activities hostChocobozzz2018-11-144-40/+95
|
* Add compatibility with other Linked Signature algorithmsChocobozzz2018-11-141-2/+3
|
* Add HTTP signature check before linked signatureChocobozzz2018-10-192-22/+88
| | | | | | It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation
* Add ability to mute a user/instance by server in server apiChocobozzz2018-10-161-5/+40
|
* Add user/instance block by users in the clientChocobozzz2018-10-161-1/+44
|
* Add ability for users to block an account/instance on server sideChocobozzz2018-10-164-1/+136
|
* Add ability to list all local videosChocobozzz2018-10-102-39/+53
| | | | Including private/unlisted for moderators/admins
* Add explicit error message that changing video ownership only works with ↵Lucas Declercq2018-10-101-9/+4
| | | | | | | | | | | | local accounts (#1214) * Add explicit error message that changing video ownership only works with local accounts * Remove superfluous logger * Remove unneeded end() to error responses * Add a message on client side to prevent transfering ownership to a remote account
* Add user history and resume videosChocobozzz2018-10-0511-66/+98
|
* Check video channel name is unique on our instanceChocobozzz2018-10-012-2/+11
|
* Fix redundancy with videos already duplicated with another instanceChocobozzz2018-10-011-1/+1
|
* Check current password on server sideChocobozzz2018-09-261-2/+19
|
* Refractor videos AP functionsChocobozzz2018-09-191-2/+2
|
* Optimize SQL requests of videos AP endpointsChocobozzz2018-09-192-33/+37
|
* Optimize SQL requests of watch page API endpointsChocobozzz2018-09-193-4/+4
|
* Basic video redundancy implementationChocobozzz2018-09-131-0/+80
|
* Fix feeds with channel filterChocobozzz2018-09-131-1/+1
|
* Users can change ownership of their video [#510] (#888)Gaëtan Rizio2018-09-042-2/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * [#510] Create a new route to get the list of user names To be able to transfer ownership to a user, we need to be able to select him from the list of users. Because the list could be too big, we add a autocomplete feature. This commit does the following: * Add a API endpoint to get a list of user names by searching its name * [#510] The user can choose the next owner of the video To be able to transfer ownership to a user, we need the owner to be able to select the user. The server can autocomplete the name of the user to give the ownership. We add a dialog for the user to actually select it. This commit does the following: * Create a modal for the owner to select the next one * Opens this modal with a button into the menu *more* * Make the dependency injection * [#510] When the user choose the next owner, create a request in database For the change of ownership to happen, we need to store the temporary requests. When the user make the request, save it to database. This commit does the following: * Create the model to persist change ownership requests * Add an API to manage ownership operations * Add a route to persist an ownership request * [#510] A user can fetch its ownership requests sent to him To be able to accept or refuse a change of ownership, the user must be able to fetch them. This commit does the following: * Add an API to list ownership for a user * Add the query to database model * [#510] A user can validate an ownership requests sent to him - server The user can accept or refuse any ownership request that was sent to him. This commit focus only on the server part. This commit does the following: * Add an API for the user to accept or refuse a video ownership * Add validators to ensure security access * Add a query to load a specific video change ownership request * [#510] A user can validate an ownership requests sent to him - web The user can accept or refuse any ownership request that was sent to him. This commit focus only on the web part. This commit does the following: * Add a page to list user ownership changes * Add actions to accept or refuse them * When accepting, show a modal requiring the channel to send the video * Correct lint - to squash * [#510] PR reviews - to squash This commit does the following: * Search parameter for user autocompletion is required from middleware directly * [#510] PR reviews - to squash with creation in database commit This commit does the following: * Add the status attribute in model * Set this attribute on instance creation * Use AccountModel method `loadLocalByName` * [#510] PR reviews - to squash with fetch ownership This commit does the following: * Add the scope `FULL` for database queries with includes * Add classic pagination middlewares * [#510] PR reviews - to squash with ownership validation - server This commit does the following: * Add a middleware to validate whether a user can validate an ownership * Change the ownership status instead of deleting the row * [#510] PR reviews - to squash with ownership validation - client This commit does the following: * Correct indentation of html files with two-spaces indentation * Use event emitter instead of function for accept event * Update the sort of ownership change table for a decreasing order by creation date * Add the status in ownership change table * Use classic method syntax * code style - to squash * Add new user right - to squash * Move the change to my-account instead of video-watch - to squash As requested in pull-request, move the action to change ownership into my videos page. The rest of the logic was not really changed. This commit does the following: - Move the modal into my video page - Create the generic component `button` to keep some styles and logic * [#510] Add tests for the new feature To avoid regression, we add tests for all api of ownership change. This commit does the following: - Create an end-to-end test for ownership change - Divide it to one test per request * [#510] Do not send twice the same request to avoid spam We can send several time the same request to change ownership. However, it will spam the user. To avoid this, we do not save a request already existing in database. This commit does the following: - Check whether the request exist in database - Add tests to verify this new condition * [#510] Change icons Change icons so they remains logic with the rest of the application. This commit does the following: - Add svg for missing icons - Add icons in `my-button` component - Use these new icons * [#510] Add control about the user quota The user should be able to accept a new video only if his quota allows it. This commit does the following: - Update the middleware to control the quota - Add tests verifying the control * Correct merge - Use new modal system - Move button to new directory `buttons` * PR reviews - to squash
* Add sql trace in error log on sequelize errorChocobozzz2018-08-311-1/+3
|
* add user account email verificiation (#977)Josh Morel2018-08-311-1/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * add user account email verificiation includes server and client code to: * enable verificationRequired via custom config * send verification email with registration * ask for verification email * verify via email * prevent login if not verified and required * conditional client links to ask for new verification email * allow login for verified=null these are users created when verification not required should still be able to login when verification is enabled * refactor email verifcation pr * change naming from verified to emailVerified * change naming from askVerifyEmail to askSendVerifyEmail * undo unrelated automatic prettier formatting on api/config * use redirectService for home * remove redundant success notification on email verified * revert test.yaml smpt host
* Implement daily upload limit (#956)Felix Ableitner2018-08-281-1/+4
| | | | | | | | | | | | | | | | | | | | * Implement daily upload limit (ref #652) * remove duplicate code * review fixes * fix tests? * whitespace fixes, finish leftover todo * fix tests * added some new tests * use different config value for tests * remove todo
* Improve error message on actor name conflictChocobozzz2018-08-271-1/+1
|
* Add ability to search video channelsChocobozzz2018-08-274-10/+40
|
* Add get subscription endpointChocobozzz2018-08-272-5/+5
|
* Add ability to set a name to a channelChocobozzz2018-08-272-15/+19
|
* Add subscriptions endpoints to REST APIChocobozzz2018-08-276-6/+83
|
* Cleanup utils helperChocobozzz2018-08-147-7/+7
|
* Improve blacklist managementChocobozzz2018-08-141-12/+21
|
* Add blacklist reason fieldChocobozzz2018-08-141-31/+24
|
* Add state and moderationComment for abuses on server sideChocobozzz2018-08-103-17/+72
|
* Add reason when banning a userChocobozzz2018-08-081-2/+3
|
* Implement user blocking on server sideChocobozzz2018-08-082-1/+22
|
* Add ability to delete our accountChocobozzz2018-08-081-0/+14
|
* Add import.video.torrent configurationChocobozzz2018-08-082-4/+12
|
* Import torrents with webtorrentChocobozzz2018-08-081-3/+10
|
* Import magnets with webtorrentChocobozzz2018-08-081-2/+16
|
* advertising PeerTube's rather simple DNT policyRigel Kent2018-08-081-0/+13
|
* Add import http enabled configurationChocobozzz2018-08-062-0/+10
|
* Remove ability to delete video importsChocobozzz2018-08-061-25/+4
| | | | Users should remove the linked video instead
* Add ability to list video importsChocobozzz2018-08-061-0/+3
|
* Add ability to remove a video importChocobozzz2018-08-061-3/+11
|
* Add ability to import video with youtube-dlChocobozzz2018-08-063-30/+84
|
* Cleanup req files on bad requestChocobozzz2018-07-314-17/+19
|
* [Server>Middlewares>Follows] Changing error code 400 to 500Jorropo2018-07-271-1/+1
| | | | Follows on http server is a server error not an error of the client.
* expliciting type checks and predicates (server only)Rigel Kent2018-07-251-1/+1
|