From a15871560f80e07386c1dabb8370cd2664ecfd1f Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 31 Jan 2020 16:56:52 +0100 Subject: Move to eslint --- server/middlewares/activitypub.ts | 3 ++- server/middlewares/csp.ts | 30 +++++++++++----------- server/middlewares/dnt.ts | 3 --- server/middlewares/oauth.ts | 1 + server/middlewares/sort.ts | 2 +- server/middlewares/validators/avatar.ts | 4 +-- server/middlewares/validators/config.ts | 2 +- server/middlewares/validators/feeds.ts | 8 +++--- server/middlewares/validators/redundancy.ts | 2 +- server/middlewares/validators/users.ts | 7 +++-- .../validators/videos/video-captions.ts | 10 +++++--- .../validators/videos/video-comments.ts | 2 +- .../middlewares/validators/videos/video-imports.ts | 9 ++++--- .../validators/videos/video-playlists.ts | 9 ++++--- .../middlewares/validators/videos/video-rates.ts | 2 +- server/middlewares/validators/videos/videos.ts | 28 +++++++++----------- 16 files changed, 60 insertions(+), 62 deletions(-) (limited to 'server/middlewares') diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index f3feae41e..ab7d04d25 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts @@ -6,6 +6,7 @@ import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/co import { getOrCreateActorAndServerAndModel } from '../lib/activitypub' import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger' import { isActorDeleteActivityValid } from '@server/helpers/custom-validators/activitypub/actor' +import { getAPId } from '@server/helpers/activitypub' async function checkSignature (req: Request, res: Response, next: NextFunction) { try { @@ -16,7 +17,7 @@ async function checkSignature (req: Request, res: Response, next: NextFunction) // Forwarded activity const bodyActor = req.body.actor - const bodyActorId = bodyActor && bodyActor.id ? bodyActor.id : bodyActor + const bodyActorId = getAPId(bodyActor) if (bodyActorId && bodyActorId !== actor.url) { const jsonLDSignatureChecked = await checkJsonLDSignature(req, res) if (jsonLDSignatureChecked !== true) return diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index d11d70790..f5de69603 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts @@ -3,20 +3,20 @@ import { CONFIG } from '../initializers/config' const baseDirectives = Object.assign({}, { - defaultSrc: ["'none'"], // by default, not specifying default-src = '*' - connectSrc: ['*', 'data:'], - mediaSrc: ["'self'", 'https:', 'blob:'], - fontSrc: ["'self'", 'data:'], - imgSrc: ["'self'", 'data:', 'blob:'], - scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'], - styleSrc: ["'self' 'unsafe-inline'"], - objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it - formAction: ["'self'"], - frameAncestors: ["'none'"], - baseUri: ["'self'"], - manifestSrc: ["'self'"], - frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed - workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src + defaultSrc: [ '\'none\'' ], // by default, not specifying default-src = '*' + connectSrc: [ '*', 'data:' ], + mediaSrc: [ '\'self\'', 'https:', 'blob:' ], + fontSrc: [ '\'self\'', 'data:' ], + imgSrc: [ '\'self\'', 'data:', 'blob:' ], + scriptSrc: [ '\'self\' \'unsafe-inline\' \'unsafe-eval\'', 'blob:' ], + styleSrc: [ '\'self\' \'unsafe-inline\'' ], + objectSrc: [ '\'none\'' ], // only define to allow plugins, else let defaultSrc 'none' block it + formAction: [ '\'self\'' ], + frameAncestors: [ '\'none\'' ], + baseUri: [ '\'self\'' ], + manifestSrc: [ '\'self\'' ], + frameSrc: [ '\'self\'' ], // instead of deprecated child-src / self because of test-embed + workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src }, CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {}, CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {} @@ -29,7 +29,7 @@ const baseCSP = helmet.contentSecurityPolicy({ }) const embedCSP = helmet.contentSecurityPolicy({ - directives: Object.assign({}, baseDirectives, { frameAncestors: ['*'] }), + directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), browserSniff: false, // assumes a modern browser, but allows CDN in front reportOnly: CONFIG.CSP.REPORT_ONLY }) diff --git a/server/middlewares/dnt.ts b/server/middlewares/dnt.ts index 607def855..dd88005dd 100644 --- a/server/middlewares/dnt.ts +++ b/server/middlewares/dnt.ts @@ -1,6 +1,3 @@ -import * as ipaddr from 'ipaddr.js' -import { format } from 'util' - const advertiseDoNotTrack = (_, res, next) => { res.setHeader('Tk', 'N') return next() diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts index 749f5cccd..9eef03bb4 100644 --- a/server/middlewares/oauth.ts +++ b/server/middlewares/oauth.ts @@ -51,6 +51,7 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) { return next() }) + .catch(err => logger.error('Cannot get access token.', { err })) } function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) { diff --git a/server/middlewares/sort.ts b/server/middlewares/sort.ts index 75238228f..fcbb2902c 100644 --- a/server/middlewares/sort.ts +++ b/server/middlewares/sort.ts @@ -8,7 +8,7 @@ const setDefaultVideoRedundanciesSort = setDefaultSortFactory('name') const setDefaultSearchSort = setDefaultSortFactory('-match') function setBlacklistSort (req: express.Request, res: express.Response, next: express.NextFunction) { - let newSort: SortType = { sortModel: undefined, sortValue: '' } + const newSort: SortType = { sortModel: undefined, sortValue: '' } if (!req.query.sort) req.query.sort = '-createdAt' diff --git a/server/middlewares/validators/avatar.ts b/server/middlewares/validators/avatar.ts index 8623d07e8..2acb97483 100644 --- a/server/middlewares/validators/avatar.ts +++ b/server/middlewares/validators/avatar.ts @@ -8,8 +8,8 @@ import { cleanUpReqFiles } from '../../helpers/express-utils' const updateAvatarValidator = [ body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage( - 'This file is not supported or too large. Please, make sure it is of the following type : ' - + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ') + 'This file is not supported or too large. Please, make sure it is of the following type : ' + + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ') ), (req: express.Request, res: express.Response, next: express.NextFunction) => { diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts index 2d1f61947..ceab646c0 100644 --- a/server/middlewares/validators/config.ts +++ b/server/middlewares/validators/config.ts @@ -55,7 +55,7 @@ const customConfigUpdateValidator = [ body('theme.default').custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking customConfigUpdateValidator parameters', { parameters: req.body }) if (areValidationErrors(req, res)) return diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index 29f6c87be..f34c2b174 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts @@ -22,13 +22,13 @@ function setFeedFormatContentType (req: express.Request, res: express.Response, let acceptableContentTypes: string[] if (format === 'atom' || format === 'atom1') { - acceptableContentTypes = ['application/atom+xml', 'application/xml', 'text/xml'] + acceptableContentTypes = [ 'application/atom+xml', 'application/xml', 'text/xml' ] } else if (format === 'json' || format === 'json1') { - acceptableContentTypes = ['application/json'] + acceptableContentTypes = [ 'application/json' ] } else if (format === 'rss' || format === 'rss2') { - acceptableContentTypes = ['application/rss+xml', 'application/xml', 'text/xml'] + acceptableContentTypes = [ 'application/rss+xml', 'application/xml', 'text/xml' ] } else { - acceptableContentTypes = ['application/xml', 'text/xml'] + acceptableContentTypes = [ 'application/xml', 'text/xml' ] } if (req.accepts(acceptableContentTypes)) { diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index 16b42fc0d..8cd3bc33d 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts @@ -106,7 +106,7 @@ const listVideoRedundanciesValidator = [ query('target') .custom(isVideoRedundancyTarget).withMessage('Should have a valid video redundancies target'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoRedundanciesValidator parameters', { parameters: req.query }) if (areValidationErrors(req, res)) return diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index c78c67a8c..5d52b5804 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -36,7 +36,6 @@ import { doesVideoExist } from '../../helpers/middlewares' import { UserRole } from '../../../shared/models/users' import { MUserDefault } from '@server/typings/models' import { Hooks } from '@server/lib/plugins/hooks' -import { isLocalVideoAccepted } from '@server/lib/moderation' const usersAddValidator = [ body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), @@ -149,7 +148,7 @@ const usersBlockingValidator = [ ] const deleteMeValidator = [ - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { const user = res.locals.oauth.token.User if (user.username === 'root') { return res.status(400) @@ -303,7 +302,7 @@ const ensureUserRegistrationAllowed = [ ] const ensureUserRegistrationAllowedForIP = [ - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { const allowed = isSignupAllowedForCurrentIP(req.ip) if (allowed === false) { @@ -410,7 +409,7 @@ const userAutocompleteValidator = [ ] const ensureAuthUserOwnsAccountValidator = [ - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { const user = res.locals.oauth.token.User if (res.locals.account.id !== user.Account.id) { diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts index 7b0cd6f66..872d9c2ab 100644 --- a/server/middlewares/validators/videos/video-captions.ts +++ b/server/middlewares/validators/videos/video-captions.ts @@ -13,10 +13,12 @@ const addVideoCaptionValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), body('captionfile') - .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')).withMessage( - `This caption file is not supported or too large. Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: ` - + Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ') - ), + .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')) + .withMessage( + 'This caption file is not supported or too large. ' + + `Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: ` + + Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ') + ), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking addVideoCaption parameters', { parameters: req.body }) diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index 77c5f940d..da2fafb10 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -50,7 +50,7 @@ const addVideoCommentThreadValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return - if (!await isVideoCommentAccepted(req, res, res.locals.videoAll,false)) return + if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return return next() } diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts index 318dad100..5dc5db533 100644 --- a/server/middlewares/validators/videos/video-imports.ts +++ b/server/middlewares/validators/videos/video-imports.ts @@ -22,10 +22,11 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ .optional() .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'), body('torrentfile') - .custom((value, { req }) => isVideoImportTorrentFile(req.files)).withMessage( - 'This torrent file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ') - ), + .custom((value, { req }) => isVideoImportTorrentFile(req.files)) + .withMessage( + 'This torrent file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ') + ), body('name') .optional() .custom(isVideoNameValid).withMessage('Should have a valid name'), diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 1d67e8666..6b15c5464 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -384,10 +384,11 @@ export { function getCommonPlaylistEditAttributes () { return [ body('thumbnailfile') - .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( - 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') - ), + .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')) + .withMessage( + 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') + ), body('description') .optional() diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 5d5fae8aa..cbc144f69 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts @@ -51,7 +51,7 @@ const getAccountVideoRateValidatorFactory = function (rateType: VideoRateType) { const videoRatingValidator = [ query('rating').optional().custom(isRatingValid).withMessage('Value must be one of "like" or "dislike"'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { + (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking rating parameter', { parameters: req.params }) if (areValidationErrors(req, res)) return diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 6733d9dec..11dd02706 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -49,8 +49,8 @@ import { getVideoWithAttributes } from '../../../helpers/video' const videosAddValidator = getCommonVideoEditAttributes().concat([ body('videofile') .custom((value, { req }) => isVideoFile(req.files)).withMessage( - 'This file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') + 'This file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') ), body('name').custom(isVideoNameValid).withMessage('Should have a valid name'), body('channelId') @@ -245,19 +245,15 @@ const videosTerminateChangeOwnershipValidator = [ // Check if the user who did the request is able to change the ownership of the video if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return - return next() - }, - async (req: express.Request, res: express.Response, next: express.NextFunction) => { const videoChangeOwnership = res.locals.videoChangeOwnership - if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) { - return next() - } else { + if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { res.status(403) - .json({ error: 'Ownership already accepted or refused' }) - + .json({ error: 'Ownership already accepted or refused' }) return } + + return next() } ] @@ -284,14 +280,14 @@ function getCommonVideoEditAttributes () { return [ body('thumbnailfile') .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( - 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') - ), + 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') + ), body('previewfile') .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( - 'This preview file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') - ), + 'This preview file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') + ), body('category') .optional() -- cgit v1.2.3