From 57f6896f67cfc570cf3605dd94b0778101b2d9b9 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 7 Jul 2020 10:57:04 +0200
Subject: Implement abuses check params

---
 server/helpers/custom-validators/abuses.ts         | 17 +++--
 server/helpers/custom-validators/video-comments.ts | 81 +++++++++++++++++++++-
 server/helpers/middlewares/abuses.ts               | 13 +++-
 server/helpers/middlewares/accounts.ts             |  4 +-
 4 files changed, 104 insertions(+), 11 deletions(-)

(limited to 'server/helpers')

diff --git a/server/helpers/custom-validators/abuses.ts b/server/helpers/custom-validators/abuses.ts
index a6a895c65..c21468caa 100644
--- a/server/helpers/custom-validators/abuses.ts
+++ b/server/helpers/custom-validators/abuses.ts
@@ -1,6 +1,6 @@
 import validator from 'validator'
-import { abusePredefinedReasonsMap, AbusePredefinedReasonsString, AbuseVideoIs } from '@shared/models'
-import { CONSTRAINTS_FIELDS, ABUSE_STATES } from '../../initializers/constants'
+import { AbuseFilter, abusePredefinedReasonsMap, AbusePredefinedReasonsString, AbuseVideoIs, AbuseCreate } from '@shared/models'
+import { ABUSE_STATES, CONSTRAINTS_FIELDS } from '../../initializers/constants'
 import { exists, isArray } from './misc'
 
 const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.ABUSES
@@ -13,7 +13,11 @@ function isAbusePredefinedReasonValid (value: AbusePredefinedReasonsString) {
   return exists(value) && value in abusePredefinedReasonsMap
 }
 
-function isAbusePredefinedReasonsValid (value: AbusePredefinedReasonsString[]) {
+function isAbuseFilterValid (value: AbuseFilter) {
+  return value === 'video' || value === 'comment' || value === 'account'
+}
+
+function areAbusePredefinedReasonsValid (value: AbusePredefinedReasonsString[]) {
   return exists(value) && isArray(value) && value.every(v => v in abusePredefinedReasonsMap)
 }
 
@@ -22,7 +26,9 @@ function isAbuseTimestampValid (value: number) {
 }
 
 function isAbuseTimestampCoherent (endAt: number, { req }) {
-  return exists(req.body.startAt) && endAt > req.body.startAt
+  const startAt = (req.body as AbuseCreate).video.startAt
+
+  return exists(startAt) && endAt > startAt
 }
 
 function isAbuseModerationCommentValid (value: string) {
@@ -44,8 +50,9 @@ function isAbuseVideoIsValid (value: AbuseVideoIs) {
 
 export {
   isAbuseReasonValid,
+  isAbuseFilterValid,
   isAbusePredefinedReasonValid,
-  isAbusePredefinedReasonsValid,
+  areAbusePredefinedReasonsValid as isAbusePredefinedReasonsValid,
   isAbuseTimestampValid,
   isAbuseTimestampCoherent,
   isAbuseModerationCommentValid,
diff --git a/server/helpers/custom-validators/video-comments.ts b/server/helpers/custom-validators/video-comments.ts
index 846f28b17..a01680cbe 100644
--- a/server/helpers/custom-validators/video-comments.ts
+++ b/server/helpers/custom-validators/video-comments.ts
@@ -1,6 +1,8 @@
-import 'multer'
+import * as express from 'express'
 import validator from 'validator'
+import { VideoCommentModel } from '@server/models/video/video-comment'
 import { CONSTRAINTS_FIELDS } from '../../initializers/constants'
+import { MVideoId } from '@server/types/models'
 
 const VIDEO_COMMENTS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_COMMENTS
 
@@ -8,8 +10,83 @@ function isValidVideoCommentText (value: string) {
   return value === null || validator.isLength(value, VIDEO_COMMENTS_CONSTRAINTS_FIELDS.TEXT)
 }
 
+async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) {
+  const id = parseInt(idArg + '', 10)
+  const videoComment = await VideoCommentModel.loadById(id)
+
+  if (!videoComment) {
+    res.status(404)
+      .json({ error: 'Video comment thread not found' })
+      .end()
+
+    return false
+  }
+
+  if (videoComment.videoId !== video.id) {
+    res.status(400)
+      .json({ error: 'Video comment is not associated to this video.' })
+      .end()
+
+    return false
+  }
+
+  if (videoComment.inReplyToCommentId !== null) {
+    res.status(400)
+      .json({ error: 'Video comment is not a thread.' })
+      .end()
+
+    return false
+  }
+
+  res.locals.videoCommentThread = videoComment
+  return true
+}
+
+async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) {
+  const id = parseInt(idArg + '', 10)
+  const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
+
+  if (!videoComment) {
+    res.status(404)
+      .json({ error: 'Video comment thread not found' })
+      .end()
+
+    return false
+  }
+
+  if (videoComment.videoId !== video.id) {
+    res.status(400)
+      .json({ error: 'Video comment is not associated to this video.' })
+      .end()
+
+    return false
+  }
+
+  res.locals.videoCommentFull = videoComment
+  return true
+}
+
+async function doesCommentIdExist (idArg: number | string, res: express.Response) {
+  const id = parseInt(idArg + '', 10)
+  const videoComment = await VideoCommentModel.loadById(id)
+
+  if (!videoComment) {
+    res.status(404)
+      .json({ error: 'Video comment thread not found' })
+
+    return false
+  }
+
+  res.locals.videoComment = videoComment
+
+  return true
+}
+
 // ---------------------------------------------------------------------------
 
 export {
-  isValidVideoCommentText
+  isValidVideoCommentText,
+  doesVideoCommentThreadExist,
+  doesVideoCommentExist,
+  doesCommentIdExist
 }
diff --git a/server/helpers/middlewares/abuses.ts b/server/helpers/middlewares/abuses.ts
index 3906f6760..b102273a2 100644
--- a/server/helpers/middlewares/abuses.ts
+++ b/server/helpers/middlewares/abuses.ts
@@ -17,7 +17,6 @@ async function doesVideoAbuseExist (abuseIdArg: number | string, videoUUID: stri
   if (abuse === null) {
     res.status(404)
        .json({ error: 'Video abuse not found' })
-       .end()
 
     return false
   }
@@ -26,8 +25,18 @@ async function doesVideoAbuseExist (abuseIdArg: number | string, videoUUID: stri
   return true
 }
 
-async function doesAbuseExist (abuseIdArg: number | string, videoUUID: string, res: Response) {
+async function doesAbuseExist (abuseId: number | string, res: Response) {
+  const abuse = await AbuseModel.loadById(parseInt(abuseId + '', 10))
 
+  if (!abuse) {
+    res.status(404)
+       .json({ error: 'Video abuse not found' })
+
+    return false
+  }
+
+  res.locals.abuse = abuse
+  return true
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts
index bddea7eaa..29b4ed1a6 100644
--- a/server/helpers/middlewares/accounts.ts
+++ b/server/helpers/middlewares/accounts.ts
@@ -3,8 +3,8 @@ import { AccountModel } from '../../models/account/account'
 import * as Bluebird from 'bluebird'
 import { MAccountDefault } from '../../types/models'
 
-function doesAccountIdExist (id: number, res: Response, sendNotFound = true) {
-  const promise = AccountModel.load(id)
+function doesAccountIdExist (id: number | string, res: Response, sendNotFound = true) {
+  const promise = AccountModel.load(parseInt(id + '', 10))
 
   return doesAccountExist(promise, res, sendNotFound)
 }
-- 
cgit v1.2.3