Improve blacklist management

[oweals/peertube.git] / server / middlewares / validators / users.ts

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 3c207c81fa9b04e98beaa7c2aece996cc50c3bdb..771c414a023d10e8b5403938e751247e72d497db 100644 (file)
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -5,7 +5,7 @@ import { body, param } from 'express-validator/check'
 import { omit } from 'lodash'
 import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
 import {
-  isUserAutoPlayVideoValid,
+  isUserAutoPlayVideoValid, isUserBlockedReasonValid,
   isUserDescriptionValid,
   isUserDisplayNameValid,
   isUserNSFWPolicyValid,
@@ -74,6 +74,27 @@ const usersRemoveValidator = [
   }
 ]
 
+const usersBlockingValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  body('reason').optional().custom(isUserBlockedReasonValid).withMessage('Should have a valid blocking reason'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersBlocking parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+
+    const user = res.locals.user
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'Cannot block the root user' })
+                .end()
+    }
+
+    return next()
+  }
+]
+
 const deleteMeValidator = [
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +251,7 @@ export {
   usersAddValidator,
   deleteMeValidator,
   usersRegisterValidator,
+  usersBlockingValidator,
   usersRemoveValidator,
   usersUpdateValidator,
   usersUpdateMeValidator,