Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-16 18:56:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor: middleware.assert.*

Browse Source
This commit is contained in:
Julian Lam
2020-10-08 13:56:50 -04:00
parent 41f55b7a5a
commit 8ecef7b891
7 changed files with 81 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
src/middleware/assert.js
View File

@@ -19,60 +19,60 @@ const posts = require('../posts');
const helpers = require('./helpers');
const controllerHelpers = require('../controllers/helpers');
module.exports = function (middleware) {
middleware.assertUser = helpers.try(async (req, res, next) => {
if (!await user.exists(req.params.uid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-user]]'));
}
const Assert = module.exports;
next();
});
Assert.user = helpers.try(async (req, res, next) => {
if (!await user.exists(req.params.uid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-user]]'));
}
middleware.assertGroup = helpers.try(async (req, res, next) => {
const name = await groups.getGroupNameByGroupSlug(req.params.slug);
if (!name || !await groups.exists(name)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-group]]'));
}
next();
});
next();
});
Assert.group = helpers.try(async (req, res, next) => {
const name = await groups.getGroupNameByGroupSlug(req.params.slug);
if (!name || !await groups.exists(name)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-group]]'));
}
middleware.assertTopic = helpers.try(async (req, res, next) => {
if (!await topics.exists(req.params.tid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
}
next();
});
next();
});
Assert.topic = helpers.try(async (req, res, next) => {
if (!await topics.exists(req.params.tid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
}
middleware.assertPost = helpers.try(async (req, res, next) => {
if (!await posts.exists(req.params.pid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
}
next();
});
next();
});
Assert.post = helpers.try(async (req, res, next) => {
if (!await posts.exists(req.params.pid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
}
middleware.assertPath = helpers.try(async (req, res, next) => {
// file: URL support
if (req.body.path.startsWith('file:///')) {
req.body.path = new URL(req.body.path).pathname;
}
next();
});
// Checks file exists and is within bounds of upload_path
const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
res.locals.cleanedPath = pathToFile;
Assert.path = helpers.try(async (req, res, next) => {
// file: URL support
if (req.body.path.startsWith('file:///')) {
req.body.path = new URL(req.body.path).pathname;
}
if (!pathToFile.startsWith(nconf.get('upload_path'))) {
return controllerHelpers.formatApiResponse(403, res, new Error('[[error:invalid-path]]'));
}
// Checks file exists and is within bounds of upload_path
const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
res.locals.cleanedPath = pathToFile;
try {
await fsPromises.access(pathToFile, fs.constants.F_OK);
} catch (e) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-path]]'));
}
if (!pathToFile.startsWith(nconf.get('upload_path'))) {
return controllerHelpers.formatApiResponse(403, res, new Error('[[error:invalid-path]]'));
}
next();
});
};
try {
await fsPromises.access(pathToFile, fs.constants.F_OK);
} catch (e) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-path]]'));
}
next();
});