From c100a6142e6571312db9f6407698a21a08b593fb Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Tue, 9 Apr 2019 11:02:02 +0200 Subject: Add /accounts/:username/ratings endpoint (#1756) * Add /users/me/videos/ratings endpoint * Move ratings endpoint from users to accounts * /accounts/:name/ratings: add support for rating= and sort= * Restrict ratings list to owner * Wording and better way to ensure current account --- server/middlewares/validators/users.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'server/middlewares/validators/users.ts') diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 4be446732..35f41c450 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -22,6 +22,7 @@ import { logger } from '../../helpers/logger' import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' import { Redis } from '../../lib/redis' import { UserModel } from '../../models/account/user' +import { AccountModel } from '../../models/account/account' import { areValidationErrors } from './utils' import { ActorModel } from '../../models/activitypub/actor' @@ -317,6 +318,20 @@ const userAutocompleteValidator = [ param('search').isString().not().isEmpty().withMessage('Should have a search parameter') ] +const ensureAuthUserOwnsAccountValidator = [ + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + const user = res.locals.oauth.token.User + + if (res.locals.account.id !== user.Account.id) { + return res.status(403) + .send({ error: 'Only owner can access ratings list.' }) + .end() + } + + return next() + } +] + // --------------------------------------------------------------------------- export { @@ -335,7 +350,8 @@ export { usersResetPasswordValidator, usersAskSendVerifyEmailValidator, usersVerifyEmailValidator, - userAutocompleteValidator + userAutocompleteValidator, + ensureAuthUserOwnsAccountValidator } // --------------------------------------------------------------------------- -- cgit v1.2.3