1
0
Fork 0
peertube/server/controllers/activitypub/inbox.ts
kontrollanten a37e9e74ff
Give moderators access to edit channels (#4608)
* give admins access to edit all channels

closes #4598

* test(channels): +admin update another users channel

* Fix tests

* fix(server): delete another users channel

Since the channel owner isn't necessary the auth user we need to check
the right account whether it's the last video or not.

* REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL

Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.

* user-right: moderator can't manage admins channel

* client: MyVideoChannelCreateComponent > VideoChannelCreateComponent

* client: MyVideoChannelEdit > VideoChannelEdit

* Revert "user-right: moderator can't manage admins channel"

This reverts commit 2c627c154e.

* server: clean dupl validator functionality

* fix ensureUserCanManageChannel usage

It's not async anymore.

* server: merge channel validator middleares

ensureAuthUserOwnsChannelValidator & ensureUserCanManageChannel gets
merged into one middleware.

* client(VideoChannelEdit): redirect to prev route

* fix(VideoChannels): handle anon users

* client: new routes for create/update channel

* Refactor channel validators

Co-authored-by: Chocobozzz <me@florianbigard.com>
2021-12-13 15:29:13 +01:00

80 lines
2.7 KiB
TypeScript

import express from 'express'
import { InboxManager } from '@server/lib/activitypub/inbox-manager'
import { Activity, ActivityPubCollection, ActivityPubOrderedCollection, RootActivity } from '../../../shared'
import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
import { isActivityValid } from '../../helpers/custom-validators/activitypub/activity'
import { logger } from '../../helpers/logger'
import {
asyncMiddleware,
checkSignature,
ensureIsLocalChannel,
localAccountValidator,
signatureValidator,
videoChannelsNameWithHostValidator
} from '../../middlewares'
import { activityPubValidator } from '../../middlewares/validators/activitypub/activity'
const inboxRouter = express.Router()
inboxRouter.post('/inbox',
signatureValidator,
asyncMiddleware(checkSignature),
asyncMiddleware(activityPubValidator),
inboxController
)
inboxRouter.post('/accounts/:name/inbox',
signatureValidator,
asyncMiddleware(checkSignature),
asyncMiddleware(localAccountValidator),
asyncMiddleware(activityPubValidator),
inboxController
)
inboxRouter.post('/video-channels/:nameWithHost/inbox',
signatureValidator,
asyncMiddleware(checkSignature),
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
asyncMiddleware(activityPubValidator),
inboxController
)
// ---------------------------------------------------------------------------
export {
inboxRouter
}
// ---------------------------------------------------------------------------
function inboxController (req: express.Request, res: express.Response) {
const rootActivity: RootActivity = req.body
let activities: Activity[]
if ([ 'Collection', 'CollectionPage' ].includes(rootActivity.type)) {
activities = (rootActivity as ActivityPubCollection).items
} else if ([ 'OrderedCollection', 'OrderedCollectionPage' ].includes(rootActivity.type)) {
activities = (rootActivity as ActivityPubOrderedCollection<Activity>).orderedItems
} else {
activities = [ rootActivity as Activity ]
}
// Only keep activities we are able to process
logger.debug('Filtering %d activities...', activities.length)
activities = activities.filter(a => isActivityValid(a))
logger.debug('We keep %d activities.', activities.length, { activities })
const accountOrChannel = res.locals.account || res.locals.videoChannel
logger.info('Receiving inbox requests for %d activities by %s.', activities.length, res.locals.signature.actor.url)
InboxManager.Instance.addInboxMessage({
activities,
signatureActor: res.locals.signature.actor,
inboxActor: accountOrChannel
? accountOrChannel.Actor
: undefined
})
return res.status(HttpStatusCode.NO_CONTENT_204).end()
}