reject requests for content from unapproved channels when serveApprovedOnly

server/controllers/api/channel/data/index.js

@@ -1,6 +1,7 @@
 const { handleErrorResponse } = require('../../../utils/errorHandlers.js');
 
 const getChannelData = require('./getChannelData.js');
+const { publishing: { serveOnlyApproved, approvedChannels } } = require('@config/siteConfig');
 
 const NO_CHANNEL = 'NO_CHANNEL';
 
@@ -14,6 +15,12 @@ const channelData = ({ ip, originalUrl, body, params }, res) => {
   const channelName = params.channelName;
   let channelClaimId = params.channelClaimId;
   if (channelClaimId === 'none') channelClaimId = null;
+  if (serveOnlyApproved && approvedChannels && !approvedChannels.includes(channelClaimId)) {
+    return res.status(404).json({
+      success: false,
+      message: 'This spee.ch instance serves limited content which does not include this asset',
+    });
+  }
   getChannelData(channelName, channelClaimId)
     .then(data => {
       res.status(200).json({

server/controllers/assets/utils/getClaimIdAndServeAsset.js

@@ -11,17 +11,28 @@ const NO_CHANNEL = 'NO_CHANNEL';
 const NO_CLAIM = 'NO_CLAIM';
 const BLOCKED_CLAIM = 'BLOCKED_CLAIM';
 const NO_FILE = 'NO_FILE';
+const UNAPPROVED_CHANNEL = 'UNAPPROVED_CHANNEL';
+
+const { publishing: { serveOnlyApproved, approvedChannels } } = require('@config/siteConfig');
 
 const getClaimIdAndServeAsset = (channelName, channelClaimId, claimName, claimId, originalUrl, ip, res) => {
   getClaimId(channelName, channelClaimId, claimName, claimId)
     .then(fullClaimId => {
       claimId = fullClaimId;
       logger.debug('Full claim id:', fullClaimId);
-      return db.Claim.getOutpoint(claimName, fullClaimId);
+      return db.Claim.findOne({
+        where: {
+          name   : claimName,
+          claimId: fullClaimId,
+        },
+      });
     })
-    .then(outpoint => {
-      logger.debug('Outpoint:', outpoint);
-      return db.Blocked.isNotBlocked(outpoint);
+    .then(claim => {
+      if (serveOnlyApproved && !approvedChannels.includes(claim.dataValues.certificateId)) {
+        throw new Error(UNAPPROVED_CHANNEL);
+      }
+      logger.debug('Outpoint:', claim.dataValues.outpoint);
+      return db.Blocked.isNotBlocked(claim.dataValues.outpoint);
     })
     .then(() => {
       return db.File.findOne({
@@ -52,6 +63,13 @@ const getClaimIdAndServeAsset = (channelName, channelClaimId, claimName, claimId
           message: 'No matching channel id could be found for that url',
         });
       }
+      if (error === UNAPPROVED_CHANNEL) {
+        logger.debug('unapproved channel');
+        return res.status(400).json({
+          success: false,
+          message: 'This spee.ch instance serves limited content which does not include this asset',
+        });
+      }
       if (error === BLOCKED_CLAIM) {
         logger.debug('claim was blocked');
         return res.status(451).json({

server/models/claim.js

@@ -1,8 +1,10 @@
 const logger = require('winston');
 const returnShortId = require('./utils/returnShortId.js');
 const { assetDefaults: { thumbnail: defaultThumbnail }, details: { host } } = require('@config/siteConfig');
+const { publishing: { serveOnlyApproved, approvedChannels } } = require('@config/siteConfig');
 
 const NO_CLAIM = 'NO_CLAIM';
+const NOT_ALLOWED = 'NOT_ALLOWED';
 
 function determineFileExtensionFromContentType (contentType) {
   switch (contentType) {
@@ -362,6 +364,9 @@ module.exports = (sequelize, { STRING, BOOLEAN, INTEGER, TEXT, DECIMAL }) => {
           where: { name, claimId },
         })
         .then(claimArray => {
+          if (serveOnlyApproved && !approvedChannels.includes(claimArray[0].dataValues.certificateId)) {
+            reject(NOT_ALLOWED);
+          }
           switch (claimArray.length) {
             case 0:
               return resolve(null);