From e69219184b1a3262ec5e617d30337b6431c9840c Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 8 Aug 2018 14:58:21 +0200
Subject: Implement user blocking on server side

---
 server/middlewares/validators/users.ts | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'server/middlewares/validators/users.ts')

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 3c207c81f..94d8ab53b 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
   }
 ]
 
+const usersBlockingValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRemove parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+
+    const user = res.locals.user
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'Cannot block the root user' })
+                .end()
+    }
+
+    return next()
+  }
+]
+
 const deleteMeValidator = [
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
   usersAddValidator,
   deleteMeValidator,
   usersRegisterValidator,
+  usersBlockingValidator,
   usersRemoveValidator,
   usersUpdateValidator,
   usersUpdateMeValidator,
-- 
cgit v1.2.3