From 57f6896f67cfc570cf3605dd94b0778101b2d9b9 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 7 Jul 2020 10:57:04 +0200 Subject: Implement abuses check params --- server/middlewares/validators/abuse.ts | 74 ++++++++++++++-------- .../validators/videos/video-comments.ts | 70 +++----------------- 2 files changed, 57 insertions(+), 87 deletions(-) (limited to 'server/middlewares') diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index f098e2ff9..048dbead0 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts @@ -1,6 +1,7 @@ import * as express from 'express' import { body, param, query } from 'express-validator' import { + isAbuseFilterValid, isAbuseModerationCommentValid, isAbusePredefinedReasonsValid, isAbusePredefinedReasonValid, @@ -11,29 +12,28 @@ import { isAbuseVideoIsValid } from '@server/helpers/custom-validators/abuses' import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' +import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments' import { logger } from '@server/helpers/logger' -import { doesAbuseExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares' +import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares' +import { AbuseCreate } from '@shared/models' import { areValidationErrors } from './utils' const abuseReportValidator = [ - param('videoId') + body('account.id') + .optional() + .custom(isIdValid) + .withMessage('Should have a valid accountId'), + + body('video.id') + .optional() .custom(isIdOrUUIDValid) - .not() - .isEmpty() .withMessage('Should have a valid videoId'), - body('reason') - .custom(isAbuseReasonValid) - .withMessage('Should have a valid reason'), - body('predefinedReasons') - .optional() - .custom(isAbusePredefinedReasonsValid) - .withMessage('Should have a valid list of predefined reasons'), - body('startAt') + body('video.startAt') .optional() .customSanitizer(toIntOrNull) .custom(isAbuseTimestampValid) .withMessage('Should have valid starting time value'), - body('endAt') + body('video.endAt') .optional() .customSanitizer(toIntOrNull) .custom(isAbuseTimestampValid) @@ -42,47 +42,70 @@ const abuseReportValidator = [ .custom(isAbuseTimestampCoherent) .withMessage('Should have a startAt timestamp beginning before endAt'), + body('comment.id') + .optional() + .custom(isIdValid) + .withMessage('Should have a valid commentId'), + + body('reason') + .custom(isAbuseReasonValid) + .withMessage('Should have a valid reason'), + + body('predefinedReasons') + .optional() + .custom(isAbusePredefinedReasonsValid) + .withMessage('Should have a valid list of predefined reasons'), + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking abuseReport parameters', { parameters: req.body }) if (areValidationErrors(req, res)) return - if (!await doesVideoExist(req.params.videoId, res)) return - // TODO: check comment or video (exlusive) + const body: AbuseCreate = req.body + + if (body.video?.id && !await doesVideoExist(body.video.id, res)) return + if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return + if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return + + if (!body.video?.id && !body.account?.id && !body.comment?.id) { + res.status(400) + .json({ error: 'video id or account id or comment id is required.' }) + + return + } return next() } ] const abuseGetValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking abuseGetValidator parameters', { parameters: req.body }) if (areValidationErrors(req, res)) return - // if (!await doesAbuseExist(req.params.id, req.params.videoId, res)) return + if (!await doesAbuseExist(req.params.id, res)) return return next() } ] const abuseUpdateValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), + body('state') .optional() - .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'), + .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), body('moderationComment') .optional() - .custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'), + .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body }) if (areValidationErrors(req, res)) return - // if (!await doesAbuseExist(req.params.id, req.params.videoId, res)) return + if (!await doesAbuseExist(req.params.id, res)) return return next() } @@ -92,6 +115,10 @@ const abuseListValidator = [ query('id') .optional() .custom(isIdValid).withMessage('Should have a valid id'), + query('filter') + .optional() + .custom(isAbuseFilterValid) + .withMessage('Should have a valid filter'), query('predefinedReason') .optional() .custom(isAbusePredefinedReasonValid) @@ -151,10 +178,7 @@ const videoAbuseReportValidator = [ .optional() .customSanitizer(toIntOrNull) .custom(isAbuseTimestampValid) - .withMessage('Should have valid ending time value') - .bail() - .custom(isAbuseTimestampCoherent) - .withMessage('Should have a startAt timestamp beginning before endAt'), + .withMessage('Should have valid ending time value'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ef019fcf9..77f5c6ff3 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -3,13 +3,16 @@ import { body, param } from 'express-validator' import { MUserAccountUrl } from '@server/types/models' import { UserRight } from '../../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' -import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' +import { + doesVideoCommentExist, + doesVideoCommentThreadExist, + isValidVideoCommentText +} from '../../../helpers/custom-validators/video-comments' import { logger } from '../../../helpers/logger' import { doesVideoExist } from '../../../helpers/middlewares' import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' import { Hooks } from '../../../lib/plugins/hooks' -import { VideoCommentModel } from '../../../models/video/video-comment' -import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../types/models/video' +import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' import { areValidationErrors } from '../utils' const listVideoCommentThreadsValidator = [ @@ -120,67 +123,10 @@ export { // --------------------------------------------------------------------------- -async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { - const id = parseInt(idArg + '', 10) - const videoComment = await VideoCommentModel.loadById(id) - - if (!videoComment) { - res.status(404) - .json({ error: 'Video comment thread not found' }) - .end() - - return false - } - - if (videoComment.videoId !== video.id) { - res.status(400) - .json({ error: 'Video comment is not associated to this video.' }) - .end() - - return false - } - - if (videoComment.inReplyToCommentId !== null) { - res.status(400) - .json({ error: 'Video comment is not a thread.' }) - .end() - - return false - } - - res.locals.videoCommentThread = videoComment - return true -} - -async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { - const id = parseInt(idArg + '', 10) - const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) - - if (!videoComment) { - res.status(404) - .json({ error: 'Video comment thread not found' }) - .end() - - return false - } - - if (videoComment.videoId !== video.id) { - res.status(400) - .json({ error: 'Video comment is not associated to this video.' }) - .end() - - return false - } - - res.locals.videoCommentFull = videoComment - return true -} - function isVideoCommentsEnabled (video: MVideo, res: express.Response) { if (video.commentsEnabled !== true) { res.status(409) .json({ error: 'Video comments are disabled for this video.' }) - .end() return false } @@ -192,7 +138,7 @@ function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MC if (videoComment.isDeleted()) { res.status(409) .json({ error: 'This comment is already deleted' }) - .end() + return false } @@ -240,7 +186,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon if (!acceptedResult || acceptedResult.accepted !== true) { logger.info('Refused local comment.', { acceptedResult, acceptParameters }) res.status(403) - .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) + .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) return false } -- cgit v1.2.3