2024-05-23 09:42:14 +00:00
|
|
|
// SPDX-FileCopyrightText: 2024 John Livingston <https://www.john-livingston.fr/>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2023-08-09 14:16:02 +00:00
|
|
|
import type { RegisterServerOptions } from '@peertube/peertube-types'
|
|
|
|
import type { Request, Response, NextFunction } from 'express'
|
|
|
|
import type { RequestPromiseHandler } from '../async'
|
|
|
|
import { getChannelInfosById } from '../../database/channel'
|
|
|
|
import { isUserAdminOrModerator } from '../../helpers'
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns a middleware handler to get the channelInfos from the channel parameter.
|
2023-09-06 13:23:39 +00:00
|
|
|
* This is used in api related to channel configuration options.
|
2023-08-09 14:16:02 +00:00
|
|
|
* @param options Peertube server options
|
|
|
|
* @returns middleware function
|
|
|
|
*/
|
2024-06-04 14:39:25 +00:00
|
|
|
function getCheckConfigurationChannelMiddleware (options: RegisterServerOptions): RequestPromiseHandler {
|
2023-08-09 14:16:02 +00:00
|
|
|
return async (req: Request, res: Response, next: NextFunction) => {
|
|
|
|
const logger = options.peertubeHelpers.logger
|
|
|
|
const channelId = req.params.channelId
|
|
|
|
const currentUser = await options.peertubeHelpers.user.getAuthUser(res)
|
|
|
|
|
|
|
|
if (!channelId || !/^\d+$/.test(channelId)) {
|
|
|
|
res.sendStatus(400)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
const channelInfos = await getChannelInfosById(options, parseInt(channelId), true)
|
|
|
|
if (!channelInfos) {
|
|
|
|
logger.warn(`Channel ${channelId} not found`)
|
|
|
|
res.sendStatus(404)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-06-04 14:39:25 +00:00
|
|
|
// To access this page, you must either be:
|
|
|
|
// - the channel owner,
|
|
|
|
// - an instance modo/admin
|
|
|
|
// - TODO: a channel chat moderator, as defined in this page.
|
|
|
|
if (channelInfos.ownerAccountId === currentUser.Account.id) {
|
|
|
|
logger.debug('Current user is the channel owner')
|
|
|
|
} else if (await isUserAdminOrModerator(options, res)) {
|
|
|
|
logger.debug('Current user is an instance moderator or admin')
|
|
|
|
} else {
|
2024-07-10 09:55:54 +00:00
|
|
|
logger.warn('Current user tries to access a channel for which they has no right.')
|
2024-06-04 14:39:25 +00:00
|
|
|
res.sendStatus(403)
|
|
|
|
return
|
2023-08-09 14:16:02 +00:00
|
|
|
}
|
|
|
|
|
2023-09-06 13:23:39 +00:00
|
|
|
logger.debug('User can access the configuration channel api.')
|
2023-08-09 14:16:02 +00:00
|
|
|
res.locals.channelInfos = channelInfos
|
|
|
|
next()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
export {
|
2023-09-06 13:23:39 +00:00
|
|
|
getCheckConfigurationChannelMiddleware
|
2023-08-09 14:16:02 +00:00
|
|
|
}
|