import { serverFollowsRouter } from './follows'
import { statsRouter } from './stats'
import { serverRedundancyRouter } from './redundancy'
+import { serverBlocklistRouter } from './server-blocklist'
const serverRouter = express.Router()
serverRouter.use('/', serverFollowsRouter)
serverRouter.use('/', serverRedundancyRouter)
serverRouter.use('/', statsRouter)
+serverRouter.use('/', serverBlocklistRouter)
// ---------------------------------------------------------------------------
--- /dev/null
+import * as express from 'express'
+import 'multer'
+import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
+import {
+ asyncMiddleware,
+ asyncRetryTransactionMiddleware,
+ authenticate,
+ ensureUserHasRight,
+ paginationValidator,
+ setDefaultPagination,
+ setDefaultSort
+} from '../../../middlewares'
+import {
+ accountsBlocklistSortValidator,
+ blockAccountValidator,
+ blockServerValidator,
+ serversBlocklistSortValidator,
+ unblockAccountByServerValidator,
+ unblockServerByServerValidator
+} from '../../../middlewares/validators'
+import { AccountModel } from '../../../models/account/account'
+import { AccountBlocklistModel } from '../../../models/account/account-blocklist'
+import { addAccountInBlocklist, addServerInBlocklist, removeAccountFromBlocklist, removeServerFromBlocklist } from '../../../lib/blocklist'
+import { ServerBlocklistModel } from '../../../models/server/server-blocklist'
+import { ServerModel } from '../../../models/server/server'
+import { UserRight } from '../../../../shared/models/users'
+
+const serverBlocklistRouter = express.Router()
+
+serverBlocklistRouter.get('/blocklist/accounts',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
+ paginationValidator,
+ accountsBlocklistSortValidator,
+ setDefaultSort,
+ setDefaultPagination,
+ asyncMiddleware(listBlockedAccounts)
+)
+
+serverBlocklistRouter.post('/blocklist/accounts',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
+ asyncMiddleware(blockAccountValidator),
+ asyncRetryTransactionMiddleware(blockAccount)
+)
+
+serverBlocklistRouter.delete('/blocklist/accounts/:accountName',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
+ asyncMiddleware(unblockAccountByServerValidator),
+ asyncRetryTransactionMiddleware(unblockAccount)
+)
+
+serverBlocklistRouter.get('/blocklist/servers',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
+ paginationValidator,
+ serversBlocklistSortValidator,
+ setDefaultSort,
+ setDefaultPagination,
+ asyncMiddleware(listBlockedServers)
+)
+
+serverBlocklistRouter.post('/blocklist/servers',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
+ asyncMiddleware(blockServerValidator),
+ asyncRetryTransactionMiddleware(blockServer)
+)
+
+serverBlocklistRouter.delete('/blocklist/servers/:host',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
+ asyncMiddleware(unblockServerByServerValidator),
+ asyncRetryTransactionMiddleware(unblockServer)
+)
+
+export {
+ serverBlocklistRouter
+}
+
+// ---------------------------------------------------------------------------
+
+async function listBlockedAccounts (req: express.Request, res: express.Response) {
+ const serverActor = await getServerActor()
+
+ const resultList = await AccountBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
+
+ return res.json(getFormattedObjects(resultList.data, resultList.total))
+}
+
+async function blockAccount (req: express.Request, res: express.Response) {
+ const serverActor = await getServerActor()
+ const accountToBlock: AccountModel = res.locals.account
+
+ await addAccountInBlocklist(serverActor.Account.id, accountToBlock.id)
+
+ return res.status(204).end()
+}
+
+async function unblockAccount (req: express.Request, res: express.Response) {
+ const accountBlock: AccountBlocklistModel = res.locals.accountBlock
+
+ await removeAccountFromBlocklist(accountBlock)
+
+ return res.status(204).end()
+}
+
+async function listBlockedServers (req: express.Request, res: express.Response) {
+ const serverActor = await getServerActor()
+
+ const resultList = await ServerBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
+
+ return res.json(getFormattedObjects(resultList.data, resultList.total))
+}
+
+async function blockServer (req: express.Request, res: express.Response) {
+ const serverActor = await getServerActor()
+ const serverToBlock: ServerModel = res.locals.server
+
+ await addServerInBlocklist(serverActor.Account.id, serverToBlock.id)
+
+ return res.status(204).end()
+}
+
+async function unblockServer (req: express.Request, res: express.Response) {
+ const serverBlock: ServerBlocklistModel = res.locals.serverBlock
+
+ await removeServerFromBlocklist(serverBlock)
+
+ return res.status(204).end()
+}
} from '../../../middlewares'
import {
accountsBlocklistSortValidator,
- blockAccountByAccountValidator,
- blockServerByAccountValidator,
+ blockAccountValidator,
+ blockServerValidator,
serversBlocklistSortValidator,
unblockServerByAccountValidator
} from '../../../middlewares/validators'
myBlocklistRouter.post('/me/blocklist/accounts',
authenticate,
- asyncMiddleware(blockAccountByAccountValidator),
+ asyncMiddleware(blockAccountValidator),
asyncRetryTransactionMiddleware(blockAccount)
)
myBlocklistRouter.post('/me/blocklist/servers',
authenticate,
- asyncMiddleware(blockServerByAccountValidator),
+ asyncMiddleware(blockServerValidator),
asyncRetryTransactionMiddleware(blockServer)
)
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { ServerModel } from '../../models/server/server'
import { CONFIG } from '../../initializers'
+import { getServerActor } from '../../helpers/utils'
-const blockAccountByAccountValidator = [
+const blockAccountValidator = [
body('accountName').exists().withMessage('Should have an account name with host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
}
]
-const blockServerByAccountValidator = [
+const unblockAccountByServerValidator = [
+ param('accountName').exists().withMessage('Should have an account name with host'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
+
+ const serverActor = await getServerActor()
+ const targetAccount = res.locals.account
+ if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return
+
+ return next()
+ }
+]
+
+const blockServerValidator = [
body('host').custom(isHostValid).withMessage('Should have a valid host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
}
]
+const unblockServerByServerValidator = [
+ param('host').custom(isHostValid).withMessage('Should have an account name with host'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+
+ const serverActor = await getServerActor()
+ if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return
+
+ return next()
+ }
+]
+
// ---------------------------------------------------------------------------
export {
- blockServerByAccountValidator,
- blockAccountByAccountValidator,
+ blockServerValidator,
+ blockAccountValidator,
unblockAccountByAccountValidator,
- unblockServerByAccountValidator
+ unblockServerByAccountValidator,
+ unblockAccountByServerValidator,
+ unblockServerByServerValidator
}
// ---------------------------------------------------------------------------
const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' +
' UNION ALL ' +
- // 'SELECT "accountId" FROM "accountBlocklist" WHERE "targetAccountId" = user.account.id
- // UNION ALL
'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' +
'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' +
'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')'
makeGetRequest,
makePostBodyRequest,
ServerInfo,
- setAccessTokensToServers
+ setAccessTokensToServers, userLogin
} from '../../utils'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
describe('Test blocklist API validators', function () {
let servers: ServerInfo[]
let server: ServerInfo
+ let userAccessToken: string
before(async function () {
this.timeout(60000)
const user = { username: 'user1', password: 'password' }
await createUser(server.url, server.accessToken, user.username, user.password)
+ userAccessToken = await userLogin(server, user)
+
await doubleFollow(servers[0], servers[1])
})
// ---------------------------------------------------------------
describe('When managing user blocklist', function () {
- const path = '/api/v1/users/me/blocklist/accounts'
describe('When managing user accounts blocklist', function () {
+ const path = '/api/v1/users/me/blocklist/accounts'
describe('When listing blocked accounts', function () {
it('Should fail with an unauthenticated user', async function () {
})
})
+ describe('When managing server blocklist', function () {
+
+ describe('When managing server accounts blocklist', function () {
+ const path = '/api/v1/server/blocklist/accounts'
+
+ describe('When listing blocked accounts', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path,
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path,
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with a bad start pagination', async function () {
+ await checkBadStartPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with a bad count pagination', async function () {
+ await checkBadCountPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with an incorrect sort', async function () {
+ await checkBadSortPagination(server.url, path, server.accessToken)
+ })
+ })
+
+ describe('When blocking an account', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { accountName: 'user1' },
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: userAccessToken,
+ path,
+ fields: { accountName: 'user1' },
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with an unknown account', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { accountName: 'user2' },
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should fail to block ourselves', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { accountName: 'root' },
+ statusCodeExpected: 409
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { accountName: 'user1' },
+ statusCodeExpected: 204
+ })
+ })
+ })
+
+ describe('When unblocking an account', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/user1',
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/user1',
+ token: userAccessToken,
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with an unknown account block', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/user2',
+ token: server.accessToken,
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/user1',
+ token: server.accessToken,
+ statusCodeExpected: 204
+ })
+ })
+ })
+ })
+
+ describe('When managing server servers blocklist', function () {
+ const path = '/api/v1/server/blocklist/servers'
+
+ describe('When listing blocked servers', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path,
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path,
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with a bad start pagination', async function () {
+ await checkBadStartPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with a bad count pagination', async function () {
+ await checkBadCountPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with an incorrect sort', async function () {
+ await checkBadSortPagination(server.url, path, server.accessToken)
+ })
+ })
+
+ describe('When blocking a server', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { host: 'localhost:9002' },
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: userAccessToken,
+ path,
+ fields: { host: 'localhost:9002' },
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with an unknown server', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { host: 'localhost:9003' },
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should fail with our own server', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { host: 'localhost:9001' },
+ statusCodeExpected: 409
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ token: server.accessToken,
+ path,
+ fields: { host: 'localhost:9002' },
+ statusCodeExpected: 204
+ })
+ })
+ })
+
+ describe('When unblocking a server', function () {
+ it('Should fail with an unauthenticated user', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ statusCodeExpected: 401
+ })
+ })
+
+ it('Should fail with a user without the appropriate rights', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ token: userAccessToken,
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail with an unknown server block', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9003',
+ token: server.accessToken,
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ token: server.accessToken,
+ statusCodeExpected: 204
+ })
+ })
+ })
+ })
+ })
+
after(async function () {
killallServers(servers)
+++ /dev/null
-/* tslint:disable:no-unused-expression */
-
-import * as chai from 'chai'
-import 'mocha'
-import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
-import {
- createUser,
- doubleFollow,
- flushAndRunMultipleServers,
- flushTests,
- killallServers,
- ServerInfo,
- uploadVideo,
- userLogin
-} from '../../utils/index'
-import { setAccessTokensToServers } from '../../utils/users/login'
-import { getVideosListWithToken } from '../../utils/videos/videos'
-import {
- addVideoCommentReply,
- addVideoCommentThread,
- getVideoCommentThreads,
- getVideoThreadComments
-} from '../../utils/videos/video-comments'
-import { waitJobs } from '../../utils/server/jobs'
-import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
-import {
- addAccountToAccountBlocklist,
- addServerToAccountBlocklist,
- getAccountBlocklistByAccount, getServerBlocklistByAccount,
- removeAccountFromAccountBlocklist,
- removeServerFromAccountBlocklist
-} from '../../utils/users/blocklist'
-
-const expect = chai.expect
-
-async function checkAllVideos (url: string, token: string) {
- const res = await getVideosListWithToken(url, token)
-
- expect(res.body.data).to.have.lengthOf(4)
-}
-
-async function checkAllComments (url: string, token: string, videoUUID: string) {
- const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
-
- const threads: VideoComment[] = resThreads.body.data
- expect(threads).to.have.lengthOf(2)
-
- for (const thread of threads) {
- const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
-
- const tree: VideoCommentThreadTree = res.body
- expect(tree.children).to.have.lengthOf(1)
- }
-}
-
-describe('Test accounts blocklist', function () {
- let servers: ServerInfo[]
- let videoUUID1: string
- let videoUUID2: string
- let userToken1: string
- let userToken2: string
-
- before(async function () {
- this.timeout(60000)
-
- await flushTests()
-
- servers = await flushAndRunMultipleServers(2)
- await setAccessTokensToServers(servers)
-
- {
- const user = { username: 'user1', password: 'password' }
- await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
-
- userToken1 = await userLogin(servers[0], user)
- await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
- }
-
- {
- const user = { username: 'user2', password: 'password' }
- await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
-
- userToken2 = await userLogin(servers[1], user)
- await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
- }
-
- {
- const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
- videoUUID1 = res.body.video.uuid
- }
-
- {
- const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
- videoUUID2 = res.body.video.uuid
- }
-
- await doubleFollow(servers[0], servers[1])
-
- {
- const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
- const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
- await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
- }
-
- {
- const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
- await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
- }
-
- await waitJobs(servers)
- })
-
- describe('When managing account blocklist', function () {
- it('Should list all videos', function () {
- return checkAllVideos(servers[0].url, servers[0].accessToken)
- })
-
- it('Should list the comments', function () {
- return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
- })
-
- it('Should block a remote account', async function () {
- await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
- })
-
- it('Should hide its videos', async function () {
- const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
-
- const videos: Video[] = res.body.data
- expect(videos).to.have.lengthOf(3)
-
- const v = videos.find(v => v.name === 'video user 2')
- expect(v).to.be.undefined
- })
-
- it('Should block a local account', async function () {
- await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
- })
-
- it('Should hide its videos', async function () {
- const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
-
- const videos: Video[] = res.body.data
- expect(videos).to.have.lengthOf(2)
-
- const v = videos.find(v => v.name === 'video user 1')
- expect(v).to.be.undefined
- })
-
- it('Should hide its comments', async function () {
- const resThreads = await getVideoCommentThreads(servers[0].url, videoUUID1, 0, 5, '-createdAt', servers[0].accessToken)
-
- const threads: VideoComment[] = resThreads.body.data
- expect(threads).to.have.lengthOf(1)
- expect(threads[0].totalReplies).to.equal(0)
-
- const t = threads.find(t => t.text === 'comment user 1')
- expect(t).to.be.undefined
-
- for (const thread of threads) {
- const res = await getVideoThreadComments(servers[0].url, videoUUID1, thread.id, servers[0].accessToken)
-
- const tree: VideoCommentThreadTree = res.body
- expect(tree.children).to.have.lengthOf(0)
- }
- })
-
- it('Should list all the videos with another user', async function () {
- return checkAllVideos(servers[0].url, userToken1)
- })
-
- it('Should list all the comments with another user', async function () {
- return checkAllComments(servers[0].url, userToken1, videoUUID1)
- })
-
- it('Should list blocked accounts', async function () {
- {
- const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
- const blocks: AccountBlock[] = res.body.data
-
- expect(res.body.total).to.equal(2)
-
- const block = blocks[0]
- expect(block.byAccount.displayName).to.equal('root')
- expect(block.byAccount.name).to.equal('root')
- expect(block.blockedAccount.displayName).to.equal('user2')
- expect(block.blockedAccount.name).to.equal('user2')
- expect(block.blockedAccount.host).to.equal('localhost:9002')
- }
-
- {
- const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
- const blocks: AccountBlock[] = res.body.data
-
- expect(res.body.total).to.equal(2)
-
- const block = blocks[0]
- expect(block.byAccount.displayName).to.equal('root')
- expect(block.byAccount.name).to.equal('root')
- expect(block.blockedAccount.displayName).to.equal('user1')
- expect(block.blockedAccount.name).to.equal('user1')
- expect(block.blockedAccount.host).to.equal('localhost:9001')
- }
- })
-
- it('Should unblock the remote account', async function () {
- await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
- })
-
- it('Should display its videos', async function () {
- const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
-
- const videos: Video[] = res.body.data
- expect(videos).to.have.lengthOf(3)
-
- const v = videos.find(v => v.name === 'video user 2')
- expect(v).not.to.be.undefined
- })
-
- it('Should unblock the local account', async function () {
- await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
- })
-
- it('Should display its comments', function () {
- return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
- })
- })
-
- describe('When managing server blocklist', function () {
- it('Should list all videos', function () {
- return checkAllVideos(servers[0].url, servers[0].accessToken)
- })
-
- it('Should list the comments', function () {
- return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
- })
-
- it('Should block a remote server', async function () {
- await addServerToAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
- })
-
- it('Should hide its videos', async function () {
- const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
-
- const videos: Video[] = res.body.data
- expect(videos).to.have.lengthOf(2)
-
- const v1 = videos.find(v => v.name === 'video user 2')
- const v2 = videos.find(v => v.name === 'video server 2')
-
- expect(v1).to.be.undefined
- expect(v2).to.be.undefined
- })
-
- it('Should list all the videos with another user', async function () {
- return checkAllVideos(servers[0].url, userToken1)
- })
-
- it('Should hide its comments')
-
- it('Should list blocked servers', async function () {
- const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
- const blocks: ServerBlock[] = res.body.data
-
- expect(res.body.total).to.equal(1)
-
- const block = blocks[0]
- expect(block.byAccount.displayName).to.equal('root')
- expect(block.byAccount.name).to.equal('root')
- expect(block.blockedServer.host).to.equal('localhost:9002')
- })
-
- it('Should unblock the remote server', async function () {
- await removeServerFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
- })
-
- it('Should display its videos', function () {
- return checkAllVideos(servers[0].url, servers[0].accessToken)
- })
-
- it('Should display its comments', function () {
- return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
- })
- })
-
- after(async function () {
- killallServers(servers)
-
- // Keep the logs if the test failed
- if (this[ 'ok' ]) {
- await flushTests()
- }
- })
-})
--- /dev/null
+/* tslint:disable:no-unused-expression */
+
+import * as chai from 'chai'
+import 'mocha'
+import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
+import {
+ createUser,
+ doubleFollow,
+ flushAndRunMultipleServers,
+ flushTests,
+ killallServers,
+ ServerInfo,
+ uploadVideo,
+ userLogin
+} from '../../utils/index'
+import { setAccessTokensToServers } from '../../utils/users/login'
+import { getVideosListWithToken } from '../../utils/videos/videos'
+import {
+ addVideoCommentReply,
+ addVideoCommentThread,
+ getVideoCommentThreads,
+ getVideoThreadComments
+} from '../../utils/videos/video-comments'
+import { waitJobs } from '../../utils/server/jobs'
+import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
+import {
+ addAccountToAccountBlocklist,
+ addAccountToServerBlocklist,
+ addServerToAccountBlocklist,
+ addServerToServerBlocklist,
+ getAccountBlocklistByAccount,
+ getAccountBlocklistByServer,
+ getServerBlocklistByAccount,
+ getServerBlocklistByServer,
+ removeAccountFromAccountBlocklist,
+ removeAccountFromServerBlocklist,
+ removeServerFromAccountBlocklist,
+ removeServerFromServerBlocklist
+} from '../../utils/users/blocklist'
+
+const expect = chai.expect
+
+async function checkAllVideos (url: string, token: string) {
+ const res = await getVideosListWithToken(url, token)
+
+ expect(res.body.data).to.have.lengthOf(4)
+}
+
+async function checkAllComments (url: string, token: string, videoUUID: string) {
+ const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
+
+ const threads: VideoComment[] = resThreads.body.data
+ expect(threads).to.have.lengthOf(2)
+
+ for (const thread of threads) {
+ const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
+
+ const tree: VideoCommentThreadTree = res.body
+ expect(tree.children).to.have.lengthOf(1)
+ }
+}
+
+describe('Test blocklist', function () {
+ let servers: ServerInfo[]
+ let videoUUID1: string
+ let videoUUID2: string
+ let userToken1: string
+ let userModeratorToken: string
+ let userToken2: string
+
+ before(async function () {
+ this.timeout(60000)
+
+ await flushTests()
+
+ servers = await flushAndRunMultipleServers(2)
+ await setAccessTokensToServers(servers)
+
+ {
+ const user = { username: 'user1', password: 'password' }
+ await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
+
+ userToken1 = await userLogin(servers[0], user)
+ await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
+ }
+
+ {
+ const user = { username: 'moderator', password: 'password' }
+ await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
+
+ userModeratorToken = await userLogin(servers[0], user)
+ }
+
+ {
+ const user = { username: 'user2', password: 'password' }
+ await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
+
+ userToken2 = await userLogin(servers[1], user)
+ await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
+ }
+
+ {
+ const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
+ videoUUID1 = res.body.video.uuid
+ }
+
+ {
+ const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
+ videoUUID2 = res.body.video.uuid
+ }
+
+ await doubleFollow(servers[0], servers[1])
+
+ {
+ const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
+ const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
+ await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
+ }
+
+ {
+ const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
+ await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
+ }
+
+ await waitJobs(servers)
+ })
+
+ describe('User blocklist', function () {
+
+ describe('When managing account blocklist', function () {
+ it('Should list all videos', function () {
+ return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
+ })
+
+ it('Should list the comments', function () {
+ return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
+ })
+
+ it('Should block a remote account', async function () {
+ await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
+ })
+
+ it('Should hide its videos', async function () {
+ const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(3)
+
+ const v = videos.find(v => v.name === 'video user 2')
+ expect(v).to.be.undefined
+ })
+
+ it('Should block a local account', async function () {
+ await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
+ })
+
+ it('Should hide its videos', async function () {
+ const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(2)
+
+ const v = videos.find(v => v.name === 'video user 1')
+ expect(v).to.be.undefined
+ })
+
+ it('Should hide its comments', async function () {
+ const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', servers[ 0 ].accessToken)
+
+ const threads: VideoComment[] = resThreads.body.data
+ expect(threads).to.have.lengthOf(1)
+ expect(threads[ 0 ].totalReplies).to.equal(0)
+
+ const t = threads.find(t => t.text === 'comment user 1')
+ expect(t).to.be.undefined
+
+ for (const thread of threads) {
+ const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, servers[ 0 ].accessToken)
+
+ const tree: VideoCommentThreadTree = res.body
+ expect(tree.children).to.have.lengthOf(0)
+ }
+ })
+
+ it('Should list all the videos with another user', async function () {
+ return checkAllVideos(servers[ 0 ].url, userToken1)
+ })
+
+ it('Should list all the comments with another user', async function () {
+ return checkAllComments(servers[ 0 ].url, userToken1, videoUUID1)
+ })
+
+ it('Should list blocked accounts', async function () {
+ {
+ const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
+ const blocks: AccountBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(2)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('root')
+ expect(block.byAccount.name).to.equal('root')
+ expect(block.blockedAccount.displayName).to.equal('user2')
+ expect(block.blockedAccount.name).to.equal('user2')
+ expect(block.blockedAccount.host).to.equal('localhost:9002')
+ }
+
+ {
+ const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
+ const blocks: AccountBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(2)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('root')
+ expect(block.byAccount.name).to.equal('root')
+ expect(block.blockedAccount.displayName).to.equal('user1')
+ expect(block.blockedAccount.name).to.equal('user1')
+ expect(block.blockedAccount.host).to.equal('localhost:9001')
+ }
+ })
+
+ it('Should unblock the remote account', async function () {
+ await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
+ })
+
+ it('Should display its videos', async function () {
+ const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(3)
+
+ const v = videos.find(v => v.name === 'video user 2')
+ expect(v).not.to.be.undefined
+ })
+
+ it('Should unblock the local account', async function () {
+ await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
+ })
+
+ it('Should display its comments', function () {
+ return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
+ })
+ })
+
+ describe('When managing server blocklist', function () {
+ it('Should list all videos', function () {
+ return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
+ })
+
+ it('Should list the comments', function () {
+ return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
+ })
+
+ it('Should block a remote server', async function () {
+ await addServerToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
+ })
+
+ it('Should hide its videos', async function () {
+ const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(2)
+
+ const v1 = videos.find(v => v.name === 'video user 2')
+ const v2 = videos.find(v => v.name === 'video server 2')
+
+ expect(v1).to.be.undefined
+ expect(v2).to.be.undefined
+ })
+
+ it('Should list all the videos with another user', async function () {
+ return checkAllVideos(servers[ 0 ].url, userToken1)
+ })
+
+ it('Should hide its comments')
+
+ it('Should list blocked servers', async function () {
+ const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
+ const blocks: ServerBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(1)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('root')
+ expect(block.byAccount.name).to.equal('root')
+ expect(block.blockedServer.host).to.equal('localhost:9002')
+ })
+
+ it('Should unblock the remote server', async function () {
+ await removeServerFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
+ })
+
+ it('Should display its videos', function () {
+ return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
+ })
+
+ it('Should display its comments', function () {
+ return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
+ })
+ })
+ })
+
+ describe('Server blocklist', function () {
+
+ describe('When managing account blocklist', function () {
+ it('Should list all videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllVideos(servers[ 0 ].url, token)
+ }
+ })
+
+ it('Should list the comments', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllComments(servers[ 0 ].url, token, videoUUID1)
+ }
+ })
+
+ it('Should block a remote account', async function () {
+ await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
+ })
+
+ it('Should hide its videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ const res = await getVideosListWithToken(servers[ 0 ].url, token)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(3)
+
+ const v = videos.find(v => v.name === 'video user 2')
+ expect(v).to.be.undefined
+ }
+ })
+
+ it('Should block a local account', async function () {
+ await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
+ })
+
+ it('Should hide its videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ const res = await getVideosListWithToken(servers[ 0 ].url, token)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(2)
+
+ const v = videos.find(v => v.name === 'video user 1')
+ expect(v).to.be.undefined
+ }
+ })
+
+ it('Should hide its comments', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', token)
+
+ const threads: VideoComment[] = resThreads.body.data
+ expect(threads).to.have.lengthOf(1)
+ expect(threads[ 0 ].totalReplies).to.equal(0)
+
+ const t = threads.find(t => t.text === 'comment user 1')
+ expect(t).to.be.undefined
+
+ for (const thread of threads) {
+ const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, token)
+
+ const tree: VideoCommentThreadTree = res.body
+ expect(tree.children).to.have.lengthOf(0)
+ }
+ }
+ })
+
+ it('Should list blocked accounts', async function () {
+ {
+ const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
+ const blocks: AccountBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(2)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('peertube')
+ expect(block.byAccount.name).to.equal('peertube')
+ expect(block.blockedAccount.displayName).to.equal('user2')
+ expect(block.blockedAccount.name).to.equal('user2')
+ expect(block.blockedAccount.host).to.equal('localhost:9002')
+ }
+
+ {
+ const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
+ const blocks: AccountBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(2)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('peertube')
+ expect(block.byAccount.name).to.equal('peertube')
+ expect(block.blockedAccount.displayName).to.equal('user1')
+ expect(block.blockedAccount.name).to.equal('user1')
+ expect(block.blockedAccount.host).to.equal('localhost:9001')
+ }
+ })
+
+ it('Should unblock the remote account', async function () {
+ await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
+ })
+
+ it('Should display its videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ const res = await getVideosListWithToken(servers[ 0 ].url, token)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(3)
+
+ const v = videos.find(v => v.name === 'video user 2')
+ expect(v).not.to.be.undefined
+ }
+ })
+
+ it('Should unblock the local account', async function () {
+ await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
+ })
+
+ it('Should display its comments', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllComments(servers[ 0 ].url, token, videoUUID1)
+ }
+ })
+ })
+
+ describe('When managing server blocklist', function () {
+ it('Should list all videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllVideos(servers[ 0 ].url, token)
+ }
+ })
+
+ it('Should list the comments', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllComments(servers[ 0 ].url, token, videoUUID1)
+ }
+ })
+
+ it('Should block a remote server', async function () {
+ await addServerToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
+ })
+
+ it('Should hide its videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ const res = await getVideosListWithToken(servers[ 0 ].url, token)
+
+ const videos: Video[] = res.body.data
+ expect(videos).to.have.lengthOf(2)
+
+ const v1 = videos.find(v => v.name === 'video user 2')
+ const v2 = videos.find(v => v.name === 'video server 2')
+
+ expect(v1).to.be.undefined
+ expect(v2).to.be.undefined
+ }
+ })
+
+ it('Should hide its comments')
+
+ it('Should list blocked servers', async function () {
+ const res = await getServerBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
+ const blocks: ServerBlock[] = res.body.data
+
+ expect(res.body.total).to.equal(1)
+
+ const block = blocks[ 0 ]
+ expect(block.byAccount.displayName).to.equal('peertube')
+ expect(block.byAccount.name).to.equal('peertube')
+ expect(block.blockedServer.host).to.equal('localhost:9002')
+ })
+
+ it('Should unblock the remote server', async function () {
+ await removeServerFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
+ })
+
+ it('Should list all videos', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllVideos(servers[ 0 ].url, token)
+ }
+ })
+
+ it('Should list the comments', async function () {
+ for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
+ await checkAllComments(servers[ 0 ].url, token, videoUUID1)
+ }
+ })
+ })
+ })
+
+ after(async function () {
+ killallServers(servers)
+
+ // Keep the logs if the test failed
+ if (this[ 'ok' ]) {
+ await flushTests()
+ }
+ })
+})
+import './blocklist'
import './user-subscriptions'
import './users'
import './users-verification'
})
}
+function getAccountBlocklistByServer (
+ url: string,
+ token: string,
+ start: number,
+ count: number,
+ sort = '-createdAt',
+ statusCodeExpected = 200
+) {
+ const path = '/api/v1/server/blocklist/accounts'
+
+ return makeGetRequest({
+ url,
+ token,
+ query: { start, count, sort },
+ path,
+ statusCodeExpected
+ })
+}
+
+function addAccountToServerBlocklist (url: string, token: string, accountToBlock: string, statusCodeExpected = 204) {
+ const path = '/api/v1/server/blocklist/accounts'
+
+ return makePostBodyRequest({
+ url,
+ path,
+ token,
+ fields: {
+ accountName: accountToBlock
+ },
+ statusCodeExpected
+ })
+}
+
+function removeAccountFromServerBlocklist (url: string, token: string, accountToUnblock: string, statusCodeExpected = 204) {
+ const path = '/api/v1/server/blocklist/accounts/' + accountToUnblock
+
+ return makeDeleteRequest({
+ url,
+ path,
+ token,
+ statusCodeExpected
+ })
+}
+
+function getServerBlocklistByServer (
+ url: string,
+ token: string,
+ start: number,
+ count: number,
+ sort = '-createdAt',
+ statusCodeExpected = 200
+) {
+ const path = '/api/v1/server/blocklist/servers'
+
+ return makeGetRequest({
+ url,
+ token,
+ query: { start, count, sort },
+ path,
+ statusCodeExpected
+ })
+}
+
+function addServerToServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
+ const path = '/api/v1/server/blocklist/servers'
+
+ return makePostBodyRequest({
+ url,
+ path,
+ token,
+ fields: {
+ host: serverToBlock
+ },
+ statusCodeExpected
+ })
+}
+
+function removeServerFromServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
+ const path = '/api/v1/server/blocklist/servers/' + serverToBlock
+
+ return makeDeleteRequest({
+ url,
+ path,
+ token,
+ statusCodeExpected
+ })
+}
+
// ---------------------------------------------------------------------------
export {
removeAccountFromAccountBlocklist,
getServerBlocklistByAccount,
addServerToAccountBlocklist,
- removeServerFromAccountBlocklist
+ removeServerFromAccountBlocklist,
+
+ getAccountBlocklistByServer,
+ addAccountToServerBlocklist,
+ removeAccountFromServerBlocklist,
+ getServerBlocklistByServer,
+ addServerToServerBlocklist,
+ removeServerFromServerBlocklist
}
MANAGE_JOBS,
MANAGE_CONFIGURATION,
+ MANAGE_ACCOUNTS_BLOCKLIST,
+ MANAGE_SERVERS_BLOCKLIST,
+
MANAGE_VIDEO_BLACKLIST,
REMOVE_ANY_VIDEO,
UserRight.REMOVE_ANY_VIDEO_CHANNEL,
UserRight.REMOVE_ANY_VIDEO_COMMENT,
UserRight.UPDATE_ANY_VIDEO,
- UserRight.SEE_ALL_VIDEOS
+ UserRight.SEE_ALL_VIDEOS,
+ UserRight.MANAGE_ACCOUNTS_BLOCKLIST,
+ UserRight.MANAGE_SERVERS_BLOCKLIST
],
[UserRole.USER]: []
projects / oweals / peertube.git / commitdiff