From 57f6896f67cfc570cf3605dd94b0778101b2d9b9 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 7 Jul 2020 10:57:04 +0200 Subject: Implement abuses check params --- .../validators/videos/video-comments.ts | 70 +++------------------- 1 file changed, 8 insertions(+), 62 deletions(-) (limited to 'server/middlewares/validators/videos') diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ef019fcf9..77f5c6ff3 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -3,13 +3,16 @@ import { body, param } from 'express-validator' import { MUserAccountUrl } from '@server/types/models' import { UserRight } from '../../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' -import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' +import { + doesVideoCommentExist, + doesVideoCommentThreadExist, + isValidVideoCommentText +} from '../../../helpers/custom-validators/video-comments' import { logger } from '../../../helpers/logger' import { doesVideoExist } from '../../../helpers/middlewares' import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' import { Hooks } from '../../../lib/plugins/hooks' -import { VideoCommentModel } from '../../../models/video/video-comment' -import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video' +import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' import { areValidationErrors } from '../utils' const listVideoCommentThreadsValidator = [ @@ -120,67 +123,10 @@ export { // --------------------------------------------------------------------------- -async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { - const id = parseInt(idArg + '', 10) - const videoComment = await VideoCommentModel.loadById(id) - - if (!videoComment) { - res.status(404) - .json({ error: 'Video comment thread not found' }) - .end() - - return false - } - - if (videoComment.videoId !== video.id) { - res.status(400) - .json({ error: 'Video comment is not associated to this video.' }) - .end() - - return false - } - - if (videoComment.inReplyToCommentId !== null) { - res.status(400) - .json({ error: 'Video comment is not a thread.' }) - .end() - - return false - } - - res.locals.videoCommentThread = videoComment - return true -} - -async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { - const id = parseInt(idArg + '', 10) - const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) - - if (!videoComment) { - res.status(404) - .json({ error: 'Video comment thread not found' }) - .end() - - return false - } - - if (videoComment.videoId !== video.id) { - res.status(400) - .json({ error: 'Video comment is not associated to this video.' }) - .end() - - return false - } - - res.locals.videoCommentFull = videoComment - return true -} - function isVideoCommentsEnabled (video: MVideo, res: express.Response) { if (video.commentsEnabled !== true) { res.status(409) .json({ error: 'Video comments are disabled for this video.' }) - .end() return false } @@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC if (videoComment.isDeleted()) { res.status(409) .json({ error: 'This comment is already deleted' }) - .end() + return false } @@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon if (!acceptedResult || acceptedResult.accepted !== true) { logger.info('Refused local comment.', { acceptedResult, acceptParameters }) res.status(403) - .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) + .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) return false } -- cgit v1.2.3