a37e9e74ff
* give admins access to edit all channels
closes #4598
* test(channels): +admin update another users channel
* Fix tests
* fix(server): delete another users channel
Since the channel owner isn't necessary the auth user we need to check
the right account whether it's the last video or not.
* REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL
Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.
* user-right: moderator can't manage admins channel
* client: MyVideoChannelCreateComponent > VideoChannelCreateComponent
* client: MyVideoChannelEdit > VideoChannelEdit
* Revert "user-right: moderator can't manage admins channel"
This reverts commit 2c627c154e
.
* server: clean dupl validator functionality
* fix ensureUserCanManageChannel usage
It's not async anymore.
* server: merge channel validator middleares
ensureAuthUserOwnsChannelValidator & ensureUserCanManageChannel gets
merged into one middleware.
* client(VideoChannelEdit): redirect to prev route
* fix(VideoChannels): handle anon users
* client: new routes for create/update channel
* Refactor channel validators
Co-authored-by: Chocobozzz <me@florianbigard.com>
80 lines
2.7 KiB
TypeScript
80 lines
2.7 KiB
TypeScript
import express from 'express'
|
|
import { InboxManager } from '@server/lib/activitypub/inbox-manager'
|
|
import { Activity, ActivityPubCollection, ActivityPubOrderedCollection, RootActivity } from '../../../shared'
|
|
import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
|
|
import { isActivityValid } from '../../helpers/custom-validators/activitypub/activity'
|
|
import { logger } from '../../helpers/logger'
|
|
import {
|
|
asyncMiddleware,
|
|
checkSignature,
|
|
ensureIsLocalChannel,
|
|
localAccountValidator,
|
|
signatureValidator,
|
|
videoChannelsNameWithHostValidator
|
|
} from '../../middlewares'
|
|
import { activityPubValidator } from '../../middlewares/validators/activitypub/activity'
|
|
|
|
const inboxRouter = express.Router()
|
|
|
|
inboxRouter.post('/inbox',
|
|
signatureValidator,
|
|
asyncMiddleware(checkSignature),
|
|
asyncMiddleware(activityPubValidator),
|
|
inboxController
|
|
)
|
|
|
|
inboxRouter.post('/accounts/:name/inbox',
|
|
signatureValidator,
|
|
asyncMiddleware(checkSignature),
|
|
asyncMiddleware(localAccountValidator),
|
|
asyncMiddleware(activityPubValidator),
|
|
inboxController
|
|
)
|
|
inboxRouter.post('/video-channels/:nameWithHost/inbox',
|
|
signatureValidator,
|
|
asyncMiddleware(checkSignature),
|
|
asyncMiddleware(videoChannelsNameWithHostValidator),
|
|
ensureIsLocalChannel,
|
|
asyncMiddleware(activityPubValidator),
|
|
inboxController
|
|
)
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
export {
|
|
inboxRouter
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
function inboxController (req: express.Request, res: express.Response) {
|
|
const rootActivity: RootActivity = req.body
|
|
let activities: Activity[]
|
|
|
|
if ([ 'Collection', 'CollectionPage' ].includes(rootActivity.type)) {
|
|
activities = (rootActivity as ActivityPubCollection).items
|
|
} else if ([ 'OrderedCollection', 'OrderedCollectionPage' ].includes(rootActivity.type)) {
|
|
activities = (rootActivity as ActivityPubOrderedCollection<Activity>).orderedItems
|
|
} else {
|
|
activities = [ rootActivity as Activity ]
|
|
}
|
|
|
|
// Only keep activities we are able to process
|
|
logger.debug('Filtering %d activities...', activities.length)
|
|
activities = activities.filter(a => isActivityValid(a))
|
|
logger.debug('We keep %d activities.', activities.length, { activities })
|
|
|
|
const accountOrChannel = res.locals.account || res.locals.videoChannel
|
|
|
|
logger.info('Receiving inbox requests for %d activities by %s.', activities.length, res.locals.signature.actor.url)
|
|
|
|
InboxManager.Instance.addInboxMessage({
|
|
activities,
|
|
signatureActor: res.locals.signature.actor,
|
|
inboxActor: accountOrChannel
|
|
? accountOrChannel.Actor
|
|
: undefined
|
|
})
|
|
|
|
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
|
}
|