From a3ce4ae847b749d4cb2ebebb4134264b7c58dcc5 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 29 Nov 2019 16:35:27 +0100 Subject: Limit channel numbers We can't load too much channels in selects and it helps to prevent actor name squatting --- server/initializers/constants.ts | 5 +++++ server/middlewares/validators/videos/video-channels.ts | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index a1538f3ca..0473b48c0 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -431,6 +431,10 @@ const OVERVIEWS = { } } +const VIDEO_CHANNELS = { + MAX_PER_USER: 20 +} + // --------------------------------------------------------------------------- const SERVER_ACTOR_NAME = 'peertube' @@ -725,6 +729,7 @@ export { VIDEO_TRANSCODING_FPS, FFMPEG_NICE, VIDEO_ABUSE_STATES, + VIDEO_CHANNELS, LRU_CACHE, JOB_REQUEST_TIMEOUT, USER_PASSWORD_RESET_LIFETIME, diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts index d21274527..ce2d61d49 100644 --- a/server/middlewares/validators/videos/video-channels.ts +++ b/server/middlewares/validators/videos/video-channels.ts @@ -14,6 +14,7 @@ import { ActorModel } from '../../../models/activitypub/actor' import { isBooleanValid } from '../../../helpers/custom-validators/misc' import { doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../../../helpers/middlewares' import { MChannelAccountDefault, MUser } from '@server/typings/models' +import { VIDEO_CHANNELS } from '@server/initializers/constants' const videoChannelsAddValidator = [ body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'), @@ -34,6 +35,14 @@ const videoChannelsAddValidator = [ return false } + const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) + if (count > VIDEO_CHANNELS.MAX_PER_USER) { + res.status(400) + .send({ error: `You cannot create more than ${VIDEO_CHANNELS.MAX_PER_USER} channels` }) + .end() + return false + } + return next() } ] -- cgit v1.2.3