OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Add ability to mute a user/instance by server in server api

pull/1293/head
Chocobozzz 2018-10-15 13:03:04 +02:00
parent af5767ffae
commit b44164bb56
12 changed files with 1035 additions and 309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/api/server/index.ts
View File

@ -2,12 +2,14 @@ import * as express from 'express'
import { serverFollowsRouter } from './follows'
import { statsRouter } from './stats'
import { serverRedundancyRouter } from './redundancy'
import { serverBlocklistRouter } from './server-blocklist'
const serverRouter = express.Router()
serverRouter.use('/', serverFollowsRouter)
serverRouter.use('/', serverRedundancyRouter)
serverRouter.use('/', statsRouter)
serverRouter.use('/', serverBlocklistRouter)
// ---------------------------------------------------------------------------

132
server/controllers/api/server/server-blocklist.ts Normal file
View File

@ -0,0 +1,132 @@
import * as express from 'express'
import 'multer'
import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
import {
asyncMiddleware,
asyncRetryTransactionMiddleware,
authenticate,
ensureUserHasRight,
paginationValidator,
setDefaultPagination,
setDefaultSort
} from '../../../middlewares'
import {
accountsBlocklistSortValidator,
blockAccountValidator,
blockServerValidator,
serversBlocklistSortValidator,
unblockAccountByServerValidator,
unblockServerByServerValidator
} from '../../../middlewares/validators'
import { AccountModel } from '../../../models/account/account'
import { AccountBlocklistModel } from '../../../models/account/account-blocklist'
import { addAccountInBlocklist, addServerInBlocklist, removeAccountFromBlocklist, removeServerFromBlocklist } from '../../../lib/blocklist'
import { ServerBlocklistModel } from '../../../models/server/server-blocklist'
import { ServerModel } from '../../../models/server/server'
import { UserRight } from '../../../../shared/models/users'
const serverBlocklistRouter = express.Router()
serverBlocklistRouter.get('/blocklist/accounts',
authenticate,
ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
paginationValidator,
accountsBlocklistSortValidator,
setDefaultSort,
setDefaultPagination,
asyncMiddleware(listBlockedAccounts)
)
serverBlocklistRouter.post('/blocklist/accounts',
authenticate,
ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
asyncMiddleware(blockAccountValidator),
asyncRetryTransactionMiddleware(blockAccount)
)
serverBlocklistRouter.delete('/blocklist/accounts/:accountName',
authenticate,
ensureUserHasRight(UserRight.MANAGE_ACCOUNTS_BLOCKLIST),
asyncMiddleware(unblockAccountByServerValidator),
asyncRetryTransactionMiddleware(unblockAccount)
)
serverBlocklistRouter.get('/blocklist/servers',
authenticate,
ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
paginationValidator,
serversBlocklistSortValidator,
setDefaultSort,
setDefaultPagination,
asyncMiddleware(listBlockedServers)
)
serverBlocklistRouter.post('/blocklist/servers',
authenticate,
ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
asyncMiddleware(blockServerValidator),
asyncRetryTransactionMiddleware(blockServer)
)
serverBlocklistRouter.delete('/blocklist/servers/:host',
authenticate,
ensureUserHasRight(UserRight.MANAGE_SERVERS_BLOCKLIST),
asyncMiddleware(unblockServerByServerValidator),
asyncRetryTransactionMiddleware(unblockServer)
)
export {
serverBlocklistRouter
}
// ---------------------------------------------------------------------------
async function listBlockedAccounts (req: express.Request, res: express.Response) {
const serverActor = await getServerActor()
const resultList = await AccountBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
return res.json(getFormattedObjects(resultList.data, resultList.total))
}
async function blockAccount (req: express.Request, res: express.Response) {
const serverActor = await getServerActor()
const accountToBlock: AccountModel = res.locals.account
await addAccountInBlocklist(serverActor.Account.id, accountToBlock.id)
return res.status(204).end()
}
async function unblockAccount (req: express.Request, res: express.Response) {
const accountBlock: AccountBlocklistModel = res.locals.accountBlock
await removeAccountFromBlocklist(accountBlock)
return res.status(204).end()
}
async function listBlockedServers (req: express.Request, res: express.Response) {
const serverActor = await getServerActor()
const resultList = await ServerBlocklistModel.listForApi(serverActor.Account.id, req.query.start, req.query.count, req.query.sort)
return res.json(getFormattedObjects(resultList.data, resultList.total))
}
async function blockServer (req: express.Request, res: express.Response) {
const serverActor = await getServerActor()
const serverToBlock: ServerModel = res.locals.server
await addServerInBlocklist(serverActor.Account.id, serverToBlock.id)
return res.status(204).end()
}
async function unblockServer (req: express.Request, res: express.Response) {
const serverBlock: ServerBlocklistModel = res.locals.serverBlock
await removeServerFromBlocklist(serverBlock)
return res.status(204).end()
}

8
server/controllers/api/users/my-blocklist.ts
View File

@ -12,8 +12,8 @@ import {
} from '../../../middlewares'
import {
accountsBlocklistSortValidator,
blockAccountByAccountValidator,
blockServerByAccountValidator,
blockAccountValidator,
blockServerValidator,
serversBlocklistSortValidator,
unblockServerByAccountValidator
} from '../../../middlewares/validators'
@ -37,7 +37,7 @@ myBlocklistRouter.get('/me/blocklist/accounts',
myBlocklistRouter.post('/me/blocklist/accounts',
authenticate,
asyncMiddleware(blockAccountByAccountValidator),
asyncMiddleware(blockAccountValidator),
asyncRetryTransactionMiddleware(blockAccount)
)
@ -58,7 +58,7 @@ myBlocklistRouter.get('/me/blocklist/servers',
myBlocklistRouter.post('/me/blocklist/servers',
authenticate,
asyncMiddleware(blockServerByAccountValidator),
asyncMiddleware(blockServerValidator),
asyncRetryTransactionMiddleware(blockServer)
)

45
server/middlewares/validators/blocklist.ts
View File

@ -9,8 +9,9 @@ import { isHostValid } from '../../helpers/custom-validators/servers'
import { ServerBlocklistModel } from '../../models/server/server-blocklist'
import { ServerModel } from '../../models/server/server'
import { CONFIG } from '../../initializers'
import { getServerActor } from '../../helpers/utils'
const blockAccountByAccountValidator = [
const blockAccountValidator = [
body('accountName').exists().withMessage('Should have an account name with host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@ -51,7 +52,24 @@ const unblockAccountByAccountValidator = [
}
]
const blockServerByAccountValidator = [
const unblockAccountByServerValidator = [
param('accountName').exists().withMessage('Should have an account name with host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking unblockAccountByServerValidator parameters', { parameters: req.params })
if (areValidationErrors(req, res)) return
if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
const serverActor = await getServerActor()
const targetAccount = res.locals.account
if (!await isUnblockAccountExists(serverActor.Account.id, targetAccount.id, res)) return
return next()
}
]
const blockServerValidator = [
body('host').custom(isHostValid).withMessage('Should have a valid host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@ -95,13 +113,30 @@ const unblockServerByAccountValidator = [
}
]
const unblockServerByServerValidator = [
param('host').custom(isHostValid).withMessage('Should have an account name with host'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking unblockServerByServerValidator parameters', { parameters: req.params })
if (areValidationErrors(req, res)) return
const serverActor = await getServerActor()
if (!await isUnblockServerExists(serverActor.Account.id, req.params.host, res)) return
return next()
}
]
// ---------------------------------------------------------------------------
export {
blockServerByAccountValidator,
blockAccountByAccountValidator,
blockServerValidator,
blockAccountValidator,
unblockAccountByAccountValidator,
unblockServerByAccountValidator
unblockServerByAccountValidator,
unblockAccountByServerValidator,
unblockServerByServerValidator
}
// ---------------------------------------------------------------------------

2
server/models/utils.ts
View File

@ -72,8 +72,6 @@ function buildBlockedAccountSQL (serverAccountId: number, userAccountId?: number
const query = 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' +
' UNION ALL ' +
// 'SELECT "accountId" FROM "accountBlocklist" WHERE "targetAccountId" = user.account.id
// UNION ALL
'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' +
'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' +
'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')'

256
server/tests/api/check-params/blocklist.ts
View File

@ -12,13 +12,14 @@ import {
makeGetRequest,
makePostBodyRequest,
ServerInfo,
setAccessTokensToServers
setAccessTokensToServers, userLogin
} from '../../utils'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
describe('Test blocklist API validators', function () {
let servers: ServerInfo[]
let server: ServerInfo
let userAccessToken: string
before(async function () {
this.timeout(60000)
@ -33,15 +34,17 @@ describe('Test blocklist API validators', function () {
const user = { username: 'user1', password: 'password' }
await createUser(server.url, server.accessToken, user.username, user.password)
userAccessToken = await userLogin(server, user)
await doubleFollow(servers[0], servers[1])
})
// ---------------------------------------------------------------
describe('When managing user blocklist', function () {
const path = '/api/v1/users/me/blocklist/accounts'
describe('When managing user accounts blocklist', function () {
const path = '/api/v1/users/me/blocklist/accounts'
describe('When listing blocked accounts', function () {
it('Should fail with an unauthenticated user', async function () {
@ -231,6 +234,255 @@ describe('Test blocklist API validators', function () {
})
})
describe('When managing server blocklist', function () {
describe('When managing server accounts blocklist', function () {
const path = '/api/v1/server/blocklist/accounts'
describe('When listing blocked accounts', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeGetRequest({
url: server.url,
token: userAccessToken,
path,
statusCodeExpected: 403
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
fields: { accountName: 'user1' },
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makePostBodyRequest({
url: server.url,
token: userAccessToken,
path,
fields: { accountName: 'user1' },
statusCodeExpected: 403
})
})
it('Should fail with an unknown account', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user2' },
statusCodeExpected: 404
})
})
it('Should fail to block ourselves', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'root' },
statusCodeExpected: 409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user1' },
statusCodeExpected: 204
})
})
})
describe('When unblocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
token: userAccessToken,
statusCodeExpected: 403
})
})
it('Should fail with an unknown account block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user2',
token: server.accessToken,
statusCodeExpected: 404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
token: server.accessToken,
statusCodeExpected: 204
})
})
})
})
describe('When managing server servers blocklist', function () {
const path = '/api/v1/server/blocklist/servers'
describe('When listing blocked servers', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeGetRequest({
url: server.url,
token: userAccessToken,
path,
statusCodeExpected: 403
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
fields: { host: 'localhost:9002' },
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makePostBodyRequest({
url: server.url,
token: userAccessToken,
path,
fields: { host: 'localhost:9002' },
statusCodeExpected: 403
})
})
it('Should fail with an unknown server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { host: 'localhost:9003' },
statusCodeExpected: 404
})
})
it('Should fail with our own server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { host: 'localhost:9001' },
statusCodeExpected: 409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { host: 'localhost:9002' },
statusCodeExpected: 204
})
})
})
describe('When unblocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
statusCodeExpected: 401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
token: userAccessToken,
statusCodeExpected: 403
})
})
it('Should fail with an unknown server block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9003',
token: server.accessToken,
statusCodeExpected: 404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
token: server.accessToken,
statusCodeExpected: 204
})
})
})
})
})
after(async function () {
killallServers(servers)

294
server/tests/api/users/account-blocklist.ts
View File

@ -1,294 +0,0 @@
/* tslint:disable:no-unused-expression */
import * as chai from 'chai'
import 'mocha'
import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
import {
createUser,
doubleFollow,
flushAndRunMultipleServers,
flushTests,
killallServers,
ServerInfo,
uploadVideo,
userLogin
} from '../../utils/index'
import { setAccessTokensToServers } from '../../utils/users/login'
import { getVideosListWithToken } from '../../utils/videos/videos'
import {
addVideoCommentReply,
addVideoCommentThread,
getVideoCommentThreads,
getVideoThreadComments
} from '../../utils/videos/video-comments'
import { waitJobs } from '../../utils/server/jobs'
import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
import {
addAccountToAccountBlocklist,
addServerToAccountBlocklist,
getAccountBlocklistByAccount, getServerBlocklistByAccount,
removeAccountFromAccountBlocklist,
removeServerFromAccountBlocklist
} from '../../utils/users/blocklist'
const expect = chai.expect
async function checkAllVideos (url: string, token: string) {
const res = await getVideosListWithToken(url, token)
expect(res.body.data).to.have.lengthOf(4)
}
async function checkAllComments (url: string, token: string, videoUUID: string) {
const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
const threads: VideoComment[] = resThreads.body.data
expect(threads).to.have.lengthOf(2)
for (const thread of threads) {
const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
const tree: VideoCommentThreadTree = res.body
expect(tree.children).to.have.lengthOf(1)
}
}
describe('Test accounts blocklist', function () {
let servers: ServerInfo[]
let videoUUID1: string
let videoUUID2: string
let userToken1: string
let userToken2: string
before(async function () {
this.timeout(60000)
await flushTests()
servers = await flushAndRunMultipleServers(2)
await setAccessTokensToServers(servers)
{
const user = { username: 'user1', password: 'password' }
await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
userToken1 = await userLogin(servers[0], user)
await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
}
{
const user = { username: 'user2', password: 'password' }
await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
userToken2 = await userLogin(servers[1], user)
await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
}
{
const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
videoUUID1 = res.body.video.uuid
}
{
const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
videoUUID2 = res.body.video.uuid
}
await doubleFollow(servers[0], servers[1])
{
const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
}
{
const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
}
await waitJobs(servers)
})
describe('When managing account blocklist', function () {
it('Should list all videos', function () {
return checkAllVideos(servers[0].url, servers[0].accessToken)
})
it('Should list the comments', function () {
return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
})
it('Should block a remote account', async function () {
await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).to.be.undefined
})
it('Should block a local account', async function () {
await addAccountToAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v = videos.find(v => v.name === 'video user 1')
expect(v).to.be.undefined
})
it('Should hide its comments', async function () {
const resThreads = await getVideoCommentThreads(servers[0].url, videoUUID1, 0, 5, '-createdAt', servers[0].accessToken)
const threads: VideoComment[] = resThreads.body.data
expect(threads).to.have.lengthOf(1)
expect(threads[0].totalReplies).to.equal(0)
const t = threads.find(t => t.text === 'comment user 1')
expect(t).to.be.undefined
for (const thread of threads) {
const res = await getVideoThreadComments(servers[0].url, videoUUID1, thread.id, servers[0].accessToken)
const tree: VideoCommentThreadTree = res.body
expect(tree.children).to.have.lengthOf(0)
}
})
it('Should list all the videos with another user', async function () {
return checkAllVideos(servers[0].url, userToken1)
})
it('Should list all the comments with another user', async function () {
return checkAllComments(servers[0].url, userToken1, videoUUID1)
})
it('Should list blocked accounts', async function () {
{
const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[0]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedAccount.displayName).to.equal('user2')
expect(block.blockedAccount.name).to.equal('user2')
expect(block.blockedAccount.host).to.equal('localhost:9002')
}
{
const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[0]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedAccount.displayName).to.equal('user1')
expect(block.blockedAccount.name).to.equal('user1')
expect(block.blockedAccount.host).to.equal('localhost:9001')
}
})
it('Should unblock the remote account', async function () {
await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user2@localhost:9002')
})
it('Should display its videos', async function () {
const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).not.to.be.undefined
})
it('Should unblock the local account', async function () {
await removeAccountFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'user1')
})
it('Should display its comments', function () {
return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
})
})
describe('When managing server blocklist', function () {
it('Should list all videos', function () {
return checkAllVideos(servers[0].url, servers[0].accessToken)
})
it('Should list the comments', function () {
return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
})
it('Should block a remote server', async function () {
await addServerToAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v1 = videos.find(v => v.name === 'video user 2')
const v2 = videos.find(v => v.name === 'video server 2')
expect(v1).to.be.undefined
expect(v2).to.be.undefined
})
it('Should list all the videos with another user', async function () {
return checkAllVideos(servers[0].url, userToken1)
})
it('Should hide its comments')
it('Should list blocked servers', async function () {
const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: ServerBlock[] = res.body.data
expect(res.body.total).to.equal(1)
const block = blocks[0]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedServer.host).to.equal('localhost:9002')
})
it('Should unblock the remote server', async function () {
await removeServerFromAccountBlocklist(servers[0].url, servers[0].accessToken, 'localhost:9002')
})
it('Should display its videos', function () {
return checkAllVideos(servers[0].url, servers[0].accessToken)
})
it('Should display its comments', function () {
return checkAllComments(servers[0].url, servers[0].accessToken, videoUUID1)
})
})
after(async function () {
killallServers(servers)
// Keep the logs if the test failed
if (this[ 'ok' ]) {
await flushTests()
}
})
})

500
server/tests/api/users/blocklist.ts Normal file
View File

@ -0,0 +1,500 @@
/* tslint:disable:no-unused-expression */
import * as chai from 'chai'
import 'mocha'
import { AccountBlock, ServerBlock, Video } from '../../../../shared/index'
import {
createUser,
doubleFollow,
flushAndRunMultipleServers,
flushTests,
killallServers,
ServerInfo,
uploadVideo,
userLogin
} from '../../utils/index'
import { setAccessTokensToServers } from '../../utils/users/login'
import { getVideosListWithToken } from '../../utils/videos/videos'
import {
addVideoCommentReply,
addVideoCommentThread,
getVideoCommentThreads,
getVideoThreadComments
} from '../../utils/videos/video-comments'
import { waitJobs } from '../../utils/server/jobs'
import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
import {
addAccountToAccountBlocklist,
addAccountToServerBlocklist,
addServerToAccountBlocklist,
addServerToServerBlocklist,
getAccountBlocklistByAccount,
getAccountBlocklistByServer,
getServerBlocklistByAccount,
getServerBlocklistByServer,
removeAccountFromAccountBlocklist,
removeAccountFromServerBlocklist,
removeServerFromAccountBlocklist,
removeServerFromServerBlocklist
} from '../../utils/users/blocklist'
const expect = chai.expect
async function checkAllVideos (url: string, token: string) {
const res = await getVideosListWithToken(url, token)
expect(res.body.data).to.have.lengthOf(4)
}
async function checkAllComments (url: string, token: string, videoUUID: string) {
const resThreads = await getVideoCommentThreads(url, videoUUID, 0, 5, '-createdAt', token)
const threads: VideoComment[] = resThreads.body.data
expect(threads).to.have.lengthOf(2)
for (const thread of threads) {
const res = await getVideoThreadComments(url, videoUUID, thread.id, token)
const tree: VideoCommentThreadTree = res.body
expect(tree.children).to.have.lengthOf(1)
}
}
describe('Test blocklist', function () {
let servers: ServerInfo[]
let videoUUID1: string
let videoUUID2: string
let userToken1: string
let userModeratorToken: string
let userToken2: string
before(async function () {
this.timeout(60000)
await flushTests()
servers = await flushAndRunMultipleServers(2)
await setAccessTokensToServers(servers)
{
const user = { username: 'user1', password: 'password' }
await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
userToken1 = await userLogin(servers[0], user)
await uploadVideo(servers[0].url, userToken1, { name: 'video user 1' })
}
{
const user = { username: 'moderator', password: 'password' }
await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
userModeratorToken = await userLogin(servers[0], user)
}
{
const user = { username: 'user2', password: 'password' }
await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
userToken2 = await userLogin(servers[1], user)
await uploadVideo(servers[1].url, userToken2, { name: 'video user 2' })
}
{
const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video server 1' })
videoUUID1 = res.body.video.uuid
}
{
const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video server 2' })
videoUUID2 = res.body.video.uuid
}
await doubleFollow(servers[0], servers[1])
{
const resComment = await addVideoCommentThread(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, 'comment root 1')
const resReply = await addVideoCommentReply(servers[ 0 ].url, userToken1, videoUUID1, resComment.body.comment.id, 'comment user 1')
await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resReply.body.comment.id, 'comment root 1')
}
{
const resComment = await addVideoCommentThread(servers[ 0 ].url, userToken1, videoUUID1, 'comment user 1')
await addVideoCommentReply(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1, resComment.body.comment.id, 'comment root 1')
}
await waitJobs(servers)
})
describe('User blocklist', function () {
describe('When managing account blocklist', function () {
it('Should list all videos', function () {
return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
})
it('Should list the comments', function () {
return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
})
it('Should block a remote account', async function () {
await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).to.be.undefined
})
it('Should block a local account', async function () {
await addAccountToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v = videos.find(v => v.name === 'video user 1')
expect(v).to.be.undefined
})
it('Should hide its comments', async function () {
const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', servers[ 0 ].accessToken)
const threads: VideoComment[] = resThreads.body.data
expect(threads).to.have.lengthOf(1)
expect(threads[ 0 ].totalReplies).to.equal(0)
const t = threads.find(t => t.text === 'comment user 1')
expect(t).to.be.undefined
for (const thread of threads) {
const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, servers[ 0 ].accessToken)
const tree: VideoCommentThreadTree = res.body
expect(tree.children).to.have.lengthOf(0)
}
})
it('Should list all the videos with another user', async function () {
return checkAllVideos(servers[ 0 ].url, userToken1)
})
it('Should list all the comments with another user', async function () {
return checkAllComments(servers[ 0 ].url, userToken1, videoUUID1)
})
it('Should list blocked accounts', async function () {
{
const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedAccount.displayName).to.equal('user2')
expect(block.blockedAccount.name).to.equal('user2')
expect(block.blockedAccount.host).to.equal('localhost:9002')
}
{
const res = await getAccountBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedAccount.displayName).to.equal('user1')
expect(block.blockedAccount.name).to.equal('user1')
expect(block.blockedAccount.host).to.equal('localhost:9001')
}
})
it('Should unblock the remote account', async function () {
await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
})
it('Should display its videos', async function () {
const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).not.to.be.undefined
})
it('Should unblock the local account', async function () {
await removeAccountFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
})
it('Should display its comments', function () {
return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
})
})
describe('When managing server blocklist', function () {
it('Should list all videos', function () {
return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
})
it('Should list the comments', function () {
return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
})
it('Should block a remote server', async function () {
await addServerToAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
})
it('Should hide its videos', async function () {
const res = await getVideosListWithToken(servers[ 0 ].url, servers[ 0 ].accessToken)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v1 = videos.find(v => v.name === 'video user 2')
const v2 = videos.find(v => v.name === 'video server 2')
expect(v1).to.be.undefined
expect(v2).to.be.undefined
})
it('Should list all the videos with another user', async function () {
return checkAllVideos(servers[ 0 ].url, userToken1)
})
it('Should hide its comments')
it('Should list blocked servers', async function () {
const res = await getServerBlocklistByAccount(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: ServerBlock[] = res.body.data
expect(res.body.total).to.equal(1)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('root')
expect(block.byAccount.name).to.equal('root')
expect(block.blockedServer.host).to.equal('localhost:9002')
})
it('Should unblock the remote server', async function () {
await removeServerFromAccountBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
})
it('Should display its videos', function () {
return checkAllVideos(servers[ 0 ].url, servers[ 0 ].accessToken)
})
it('Should display its comments', function () {
return checkAllComments(servers[ 0 ].url, servers[ 0 ].accessToken, videoUUID1)
})
})
})
describe('Server blocklist', function () {
describe('When managing account blocklist', function () {
it('Should list all videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllVideos(servers[ 0 ].url, token)
}
})
it('Should list the comments', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllComments(servers[ 0 ].url, token, videoUUID1)
}
})
it('Should block a remote account', async function () {
await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
})
it('Should hide its videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
const res = await getVideosListWithToken(servers[ 0 ].url, token)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).to.be.undefined
}
})
it('Should block a local account', async function () {
await addAccountToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
})
it('Should hide its videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
const res = await getVideosListWithToken(servers[ 0 ].url, token)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v = videos.find(v => v.name === 'video user 1')
expect(v).to.be.undefined
}
})
it('Should hide its comments', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
const resThreads = await getVideoCommentThreads(servers[ 0 ].url, videoUUID1, 0, 5, '-createdAt', token)
const threads: VideoComment[] = resThreads.body.data
expect(threads).to.have.lengthOf(1)
expect(threads[ 0 ].totalReplies).to.equal(0)
const t = threads.find(t => t.text === 'comment user 1')
expect(t).to.be.undefined
for (const thread of threads) {
const res = await getVideoThreadComments(servers[ 0 ].url, videoUUID1, thread.id, token)
const tree: VideoCommentThreadTree = res.body
expect(tree.children).to.have.lengthOf(0)
}
}
})
it('Should list blocked accounts', async function () {
{
const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('peertube')
expect(block.byAccount.name).to.equal('peertube')
expect(block.blockedAccount.displayName).to.equal('user2')
expect(block.blockedAccount.name).to.equal('user2')
expect(block.blockedAccount.host).to.equal('localhost:9002')
}
{
const res = await getAccountBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 1, 2, 'createdAt')
const blocks: AccountBlock[] = res.body.data
expect(res.body.total).to.equal(2)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('peertube')
expect(block.byAccount.name).to.equal('peertube')
expect(block.blockedAccount.displayName).to.equal('user1')
expect(block.blockedAccount.name).to.equal('user1')
expect(block.blockedAccount.host).to.equal('localhost:9001')
}
})
it('Should unblock the remote account', async function () {
await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user2@localhost:9002')
})
it('Should display its videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
const res = await getVideosListWithToken(servers[ 0 ].url, token)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(3)
const v = videos.find(v => v.name === 'video user 2')
expect(v).not.to.be.undefined
}
})
it('Should unblock the local account', async function () {
await removeAccountFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'user1')
})
it('Should display its comments', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllComments(servers[ 0 ].url, token, videoUUID1)
}
})
})
describe('When managing server blocklist', function () {
it('Should list all videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllVideos(servers[ 0 ].url, token)
}
})
it('Should list the comments', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllComments(servers[ 0 ].url, token, videoUUID1)
}
})
it('Should block a remote server', async function () {
await addServerToServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
})
it('Should hide its videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
const res = await getVideosListWithToken(servers[ 0 ].url, token)
const videos: Video[] = res.body.data
expect(videos).to.have.lengthOf(2)
const v1 = videos.find(v => v.name === 'video user 2')
const v2 = videos.find(v => v.name === 'video server 2')
expect(v1).to.be.undefined
expect(v2).to.be.undefined
}
})
it('Should hide its comments')
it('Should list blocked servers', async function () {
const res = await getServerBlocklistByServer(servers[ 0 ].url, servers[ 0 ].accessToken, 0, 1, 'createdAt')
const blocks: ServerBlock[] = res.body.data
expect(res.body.total).to.equal(1)
const block = blocks[ 0 ]
expect(block.byAccount.displayName).to.equal('peertube')
expect(block.byAccount.name).to.equal('peertube')
expect(block.blockedServer.host).to.equal('localhost:9002')
})
it('Should unblock the remote server', async function () {
await removeServerFromServerBlocklist(servers[ 0 ].url, servers[ 0 ].accessToken, 'localhost:9002')
})
it('Should list all videos', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllVideos(servers[ 0 ].url, token)
}
})
it('Should list the comments', async function () {
for (const token of [ userModeratorToken, servers[ 0 ].accessToken ]) {
await checkAllComments(servers[ 0 ].url, token, videoUUID1)
}
})
})
})
after(async function () {
killallServers(servers)
// Keep the logs if the test failed
if (this[ 'ok' ]) {
await flushTests()
}
})
})

1
server/tests/api/users/index.ts
View File

@ -1,3 +1,4 @@
import './blocklist'
import './user-subscriptions'
import './users'
import './users-verification'

97
server/tests/utils/users/blocklist.ts
View File

@ -91,6 +91,94 @@ function removeServerFromAccountBlocklist (url: string, token: string, serverToB
})
}
function getAccountBlocklistByServer (
url: string,
token: string,
start: number,
count: number,
sort = '-createdAt',
statusCodeExpected = 200
) {
const path = '/api/v1/server/blocklist/accounts'
return makeGetRequest({
url,
token,
query: { start, count, sort },
path,
statusCodeExpected
})
}
function addAccountToServerBlocklist (url: string, token: string, accountToBlock: string, statusCodeExpected = 204) {
const path = '/api/v1/server/blocklist/accounts'
return makePostBodyRequest({
url,
path,
token,
fields: {
accountName: accountToBlock
},
statusCodeExpected
})
}
function removeAccountFromServerBlocklist (url: string, token: string, accountToUnblock: string, statusCodeExpected = 204) {
const path = '/api/v1/server/blocklist/accounts/' + accountToUnblock
return makeDeleteRequest({
url,
path,
token,
statusCodeExpected
})
}
function getServerBlocklistByServer (
url: string,
token: string,
start: number,
count: number,
sort = '-createdAt',
statusCodeExpected = 200
) {
const path = '/api/v1/server/blocklist/servers'
return makeGetRequest({
url,
token,
query: { start, count, sort },
path,
statusCodeExpected
})
}
function addServerToServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
const path = '/api/v1/server/blocklist/servers'
return makePostBodyRequest({
url,
path,
token,
fields: {
host: serverToBlock
},
statusCodeExpected
})
}
function removeServerFromServerBlocklist (url: string, token: string, serverToBlock: string, statusCodeExpected = 204) {
const path = '/api/v1/server/blocklist/servers/' + serverToBlock
return makeDeleteRequest({
url,
path,
token,
statusCodeExpected
})
}
// ---------------------------------------------------------------------------
export {
@ -99,5 +187,12 @@ export {
removeAccountFromAccountBlocklist,
getServerBlocklistByAccount,
addServerToAccountBlocklist,
removeServerFromAccountBlocklist
removeServerFromAccountBlocklist,
getAccountBlocklistByServer,
addAccountToServerBlocklist,
removeAccountFromServerBlocklist,
getServerBlocklistByServer,
addServerToServerBlocklist,
removeServerFromServerBlocklist
}

3
shared/models/users/user-right.enum.ts
View File

@ -8,6 +8,9 @@ export enum UserRight {
MANAGE_JOBS,
MANAGE_CONFIGURATION,
MANAGE_ACCOUNTS_BLOCKLIST,
MANAGE_SERVERS_BLOCKLIST,
MANAGE_VIDEO_BLACKLIST,
REMOVE_ANY_VIDEO,

4
shared/models/users/user-role.ts
View File

@ -27,7 +27,9 @@ const userRoleRights: { [ id: number ]: UserRight[] } = {
UserRight.REMOVE_ANY_VIDEO_CHANNEL,
UserRight.REMOVE_ANY_VIDEO_COMMENT,
UserRight.UPDATE_ANY_VIDEO,
UserRight.SEE_ALL_VIDEOS
UserRight.SEE_ALL_VIDEOS,
UserRight.MANAGE_ACCOUNTS_BLOCKLIST,
UserRight.MANAGE_SERVERS_BLOCKLIST
],
[UserRole.USER]: []