Refactor channel validators

Chocobozzz · Dec 13, 2021 · 1317422 · 1317422
1 parent f24a4c1
commit 1317422
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 58 deletions.
diff --git a/client/src/app/core/routing/redirect.service.ts b/client/src/app/core/routing/redirect.service.ts
@@ -58,7 +58,7 @@ export class RedirectService {
     }
 
     if (fallbackRoute) {
-      this.router.navigate(fallbackRoute)
+      return this.router.navigate(fallbackRoute)
     }
 
     return this.redirectToHomepage()

diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts
@@ -20,7 +20,8 @@ import {
   asyncMiddleware,
   executeIfActivityPub,
   localAccountValidator,
-  localVideoChannelValidator,
+  videoChannelsNameWithHostValidator,
+  ensureIsLocalChannel,
   videosCustomGetValidator,
   videosShareValidator
 } from '../../middlewares'
@@ -123,24 +124,28 @@ activityPubClientRouter.get('/videos/watch/:videoId/comments/:commentId/activity
 )
 
 activityPubClientRouter.get(
-  [ '/video-channels/:name', '/video-channels/:name/videos', '/c/:name', '/c/:name/videos' ],
+  [ '/video-channels/:nameWithHost', '/video-channels/:nameWithHost/videos', '/c/:nameWithHost', '/c/:nameWithHost/videos' ],
   executeIfActivityPub,
-  asyncMiddleware(localVideoChannelValidator),
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   videoChannelController
 )
-activityPubClientRouter.get('/video-channels/:name/followers',
+activityPubClientRouter.get('/video-channels/:nameWithHost/followers',
   executeIfActivityPub,
-  asyncMiddleware(localVideoChannelValidator),
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   asyncMiddleware(videoChannelFollowersController)
 )
-activityPubClientRouter.get('/video-channels/:name/following',
+activityPubClientRouter.get('/video-channels/:nameWithHost/following',
   executeIfActivityPub,
-  asyncMiddleware(localVideoChannelValidator),
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   asyncMiddleware(videoChannelFollowingController)
 )
-activityPubClientRouter.get('/video-channels/:name/playlists',
+activityPubClientRouter.get('/video-channels/:nameWithHost/playlists',
   executeIfActivityPub,
-  asyncMiddleware(localVideoChannelValidator),
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   asyncMiddleware(videoChannelPlaylistsController)
 )
 

diff --git a/server/controllers/activitypub/inbox.ts b/server/controllers/activitypub/inbox.ts
@@ -4,7 +4,14 @@ import { Activity, ActivityPubCollection, ActivityPubOrderedCollection, RootActi
 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
 import { isActivityValid } from '../../helpers/custom-validators/activitypub/activity'
 import { logger } from '../../helpers/logger'
-import { asyncMiddleware, checkSignature, localAccountValidator, localVideoChannelValidator, signatureValidator } from '../../middlewares'
+import {
+  asyncMiddleware,
+  checkSignature,
+  ensureIsLocalChannel,
+  localAccountValidator,
+  signatureValidator,
+  videoChannelsNameWithHostValidator
+} from '../../middlewares'
 import { activityPubValidator } from '../../middlewares/validators/activitypub/activity'
 
 const inboxRouter = express.Router()
@@ -23,10 +30,11 @@ inboxRouter.post('/accounts/:name/inbox',
   asyncMiddleware(activityPubValidator),
   inboxController
 )
-inboxRouter.post('/video-channels/:name/inbox',
+inboxRouter.post('/video-channels/:nameWithHost/inbox',
   signatureValidator,
   asyncMiddleware(checkSignature),
-  asyncMiddleware(localVideoChannelValidator),
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   asyncMiddleware(activityPubValidator),
   inboxController
 )

diff --git a/server/controllers/activitypub/outbox.ts b/server/controllers/activitypub/outbox.ts
@@ -1,15 +1,15 @@
 import express from 'express'
+import { MActorLight } from '@server/types/models'
 import { Activity } from '../../../shared/models/activitypub/activity'
 import { VideoPrivacy } from '../../../shared/models/videos'
 import { activityPubCollectionPagination, activityPubContextify } from '../../helpers/activitypub'
 import { logger } from '../../helpers/logger'
-import { buildAnnounceActivity, buildCreateActivity } from '../../lib/activitypub/send'
 import { buildAudience } from '../../lib/activitypub/audience'
-import { asyncMiddleware, localAccountValidator, localVideoChannelValidator } from '../../middlewares'
+import { buildAnnounceActivity, buildCreateActivity } from '../../lib/activitypub/send'
+import { asyncMiddleware, ensureIsLocalChannel, localAccountValidator, videoChannelsNameWithHostValidator } from '../../middlewares'
+import { apPaginationValidator } from '../../middlewares/validators/activitypub'
 import { VideoModel } from '../../models/video/video'
 import { activityPubResponse } from './utils'
-import { MActorLight } from '@server/types/models'
-import { apPaginationValidator } from '../../middlewares/validators/activitypub'
 
 const outboxRouter = express.Router()
 
@@ -19,9 +19,10 @@ outboxRouter.get('/accounts/:name/outbox',
   asyncMiddleware(outboxController)
 )
 
-outboxRouter.get('/video-channels/:name/outbox',
+outboxRouter.get('/video-channels/:nameWithHost/outbox',
   apPaginationValidator,
-  localVideoChannelValidator,
+  asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
   asyncMiddleware(outboxController)
 )
 

diff --git a/server/controllers/api/video-channel.ts b/server/controllers/api/video-channel.ts
@@ -24,7 +24,7 @@ import {
   asyncRetryTransactionMiddleware,
   authenticate,
   commonVideosFiltersValidator,
-  ensureUserCanManageChannel,
+  ensureCanManageChannel,
   optionalAuthenticate,
   paginationValidator,
   setDefaultPagination,
@@ -37,6 +37,7 @@ import {
   videoPlaylistsSortValidator
 } from '../../middlewares'
 import {
+  ensureIsLocalChannel,
   videoChannelsFollowersSortValidator,
   videoChannelsListValidator,
   videoChannelsNameWithHostValidator,
@@ -74,7 +75,8 @@ videoChannelRouter.post('/:nameWithHost/avatar/pick',
   authenticate,
   reqAvatarFile,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   updateAvatarValidator,
   asyncMiddleware(updateVideoChannelAvatar)
 )
@@ -83,38 +85,43 @@ videoChannelRouter.post('/:nameWithHost/banner/pick',
   authenticate,
   reqBannerFile,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   updateBannerValidator,
   asyncMiddleware(updateVideoChannelBanner)
 )
 
 videoChannelRouter.delete('/:nameWithHost/avatar',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   asyncMiddleware(deleteVideoChannelAvatar)
 )
 
 videoChannelRouter.delete('/:nameWithHost/banner',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   asyncMiddleware(deleteVideoChannelBanner)
 )
 
 videoChannelRouter.put('/:nameWithHost',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   videoChannelsUpdateValidator,
   asyncRetryTransactionMiddleware(updateVideoChannel)
 )
 
 videoChannelRouter.delete('/:nameWithHost',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
+  ensureIsLocalChannel,
+  ensureCanManageChannel,
   asyncMiddleware(videoChannelsRemoveValidator),
-  ensureUserCanManageChannel,
   asyncRetryTransactionMiddleware(removeVideoChannel)
 )
 
@@ -147,7 +154,7 @@ videoChannelRouter.get('/:nameWithHost/videos',
 videoChannelRouter.get('/:nameWithHost/followers',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  ensureCanManageChannel,
   paginationValidator,
   videoChannelsFollowersSortValidator,
   setDefaultSort,

diff --git a/server/middlewares/validators/shared/video-channels.ts b/server/middlewares/validators/shared/video-channels.ts
@@ -3,12 +3,6 @@ import { VideoChannelModel } from '@server/models/video/video-channel'
 import { MChannelBannerAccountDefault } from '@server/types/models'
 import { HttpStatusCode } from '@shared/models'
 
-async function doesLocalVideoChannelNameExist (name: string, res: express.Response) {
-  const videoChannel = await VideoChannelModel.loadLocalByNameAndPopulateAccount(name)
-
-  return processVideoChannelExist(videoChannel, res)
-}
-
 async function doesVideoChannelIdExist (id: number, res: express.Response) {
   const videoChannel = await VideoChannelModel.loadAndPopulateAccount(+id)
 
@@ -24,7 +18,6 @@ async function doesVideoChannelNameWithHostExist (nameWithDomain: string, res: e
 // ---------------------------------------------------------------------------
 
 export {
-  doesLocalVideoChannelNameExist,
   doesVideoChannelIdExist,
   doesVideoChannelNameWithHostExist
 }

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
@@ -490,21 +490,23 @@ const ensureAuthUserOwnsAccountValidator = [
   }
 ]
 
-function ensureUserCanManageChannel (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const user = res.locals.oauth.token.user
-  const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+const ensureCanManageChannel = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const user = res.locals.oauth.token.user
+    const isUserOwner = res.locals.videoChannel.Account.userId === user.id
 
-  if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
-    const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
+    if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
+      const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
 
-    return res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message
-    })
-  }
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message
+      })
+    }
 
-  return next()
-}
+    return next()
+  }
+]
 
 const ensureCanManageUser = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -544,7 +546,7 @@ export {
   userAutocompleteValidator,
   ensureAuthUserOwnsAccountValidator,
   ensureCanManageUser,
-  ensureUserCanManageChannel
+  ensureCanManageChannel
 }
 
 // ---------------------------------------------------------------------------

diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts
@@ -1,5 +1,6 @@
 import express from 'express'
 import { body, param, query } from 'express-validator'
+import { CONFIG } from '@server/initializers/config'
 import { MChannelAccountDefault } from '@server/types/models'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { isBooleanValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
@@ -12,8 +13,7 @@ import {
 import { logger } from '../../../helpers/logger'
 import { ActorModel } from '../../../models/actor/actor'
 import { VideoChannelModel } from '../../../models/video/video-channel'
-import { areValidationErrors, doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../shared'
-import { CONFIG } from '@server/initializers/config'
+import { areValidationErrors, doesVideoChannelNameWithHostExist } from '../shared'
 
 const videoChannelsAddValidator = [
   body('name').custom(isVideoChannelUsernameValid).withMessage('Should have a valid channel name'),
@@ -93,14 +93,14 @@ const videoChannelsNameWithHostValidator = [
   }
 ]
 
-const localVideoChannelValidator = [
-  param('name').custom(isVideoChannelDisplayNameValid).withMessage('Should have a valid video channel name'),
-
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking localVideoChannelValidator parameters', { parameters: req.params })
-
-    if (areValidationErrors(req, res)) return
-    if (!await doesLocalVideoChannelNameExist(req.params.name, res)) return
+const ensureIsLocalChannel = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (res.locals.videoChannel.Actor.isOwned() === false) {
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'This channel is not owned.'
+      })
+    }
 
     return next()
   }
@@ -137,8 +137,8 @@ export {
   videoChannelsUpdateValidator,
   videoChannelsRemoveValidator,
   videoChannelsNameWithHostValidator,
+  ensureIsLocalChannel,
   videoChannelsListValidator,
-  localVideoChannelValidator,
   videoChannelStatsValidator
 }