OWEALs
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179
							import express from 'express'
import { body, param, query } from 'express-validator'
import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
import { getServerActor } from '@server/models/application/application'
import { arrayify } from '@shared/core-utils'
import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
import { WEBSERVER } from '../../initializers/constants'
import { AccountBlocklistModel } from '../../models/account/account-blocklist'
import { ServerModel } from '../../models/server/server'
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { areValidationErrors, doesAccountNameWithHostExist } from './shared'

const blockAccountValidator = [
  body('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return

    const user = res.locals.oauth.token.User
    const accountToBlock = res.locals.account

    if (user.Account.id === accountToBlock.id) {
      res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block yourself.'
      })
      return
    }

    return next()
  }
]

const unblockAccountByAccountValidator = [
  param('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const user = res.locals.oauth.token.User
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(user.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const unblockAccountByServerValidator = [
  param('accountName')
    .exists(),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!await doesAccountNameWithHostExist(req.params.accountName, res)) return

    const serverActor = await getServerActor()
    const targetAccount = res.locals.account
    if (!await doesUnblockAccountExist(serverActor.Account.id, targetAccount.id, res)) return

    return next()
  }
]

const blockServerValidator = [
  body('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const host: string = req.body.host

    if (host === WEBSERVER.HOST) {
      return res.fail({
        status: HttpStatusCode.CONFLICT_409,
        message: 'You cannot block your own server.'
      })
    }

    const server = await ServerModel.loadOrCreateByHost(host)

    res.locals.server = server

    return next()
  }
]

const unblockServerByAccountValidator = [
  param('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const user = res.locals.oauth.token.User
    if (!await doesUnblockServerExist(user.Account.id, req.params.host, res)) return

    return next()
  }
]

const unblockServerByServerValidator = [
  param('host')
    .custom(isHostValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const serverActor = await getServerActor()
    if (!await doesUnblockServerExist(serverActor.Account.id, req.params.host, res)) return

    return next()
  }
]

const blocklistStatusValidator = [
  query('hosts')
    .optional()
    .customSanitizer(arrayify)
    .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),

  query('accounts')
    .optional()
    .customSanitizer(arrayify)
    .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  blockServerValidator,
  blockAccountValidator,
  unblockAccountByAccountValidator,
  unblockServerByAccountValidator,
  unblockAccountByServerValidator,
  unblockServerByServerValidator,
  blocklistStatusValidator
}

// ---------------------------------------------------------------------------

async function doesUnblockAccountExist (accountId: number, targetAccountId: number, res: express.Response) {
  const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId)
  if (!accountBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Account block entry not found.'
    })
    return false
  }

  res.locals.accountBlock = accountBlock
  return true
}

async function doesUnblockServerExist (accountId: number, host: string, res: express.Response) {
  const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host)
  if (!serverBlock) {
    res.fail({
      status: HttpStatusCode.NOT_FOUND_404,
      message: 'Server block entry not found.'
    })
    return false
  }

  res.locals.serverBlock = serverBlock
  return true
}