From 815149a2cd06574fccb4278dc7b8e1394cc71f53 Mon Sep 17 00:00:00 2001 From: Travis Eden Date: Wed, 19 Sep 2018 13:27:55 -0400 Subject: [PATCH] reject publishes for unapproved channels when publishOnlyApproved --- server/controllers/api/claim/publish/index.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/server/controllers/api/claim/publish/index.js b/server/controllers/api/claim/publish/index.js index d636de8d..4f551053 100644 --- a/server/controllers/api/claim/publish/index.js +++ b/server/controllers/api/claim/publish/index.js @@ -3,6 +3,7 @@ const logger = require('winston'); const { details: { host }, publishing: { disabled, disabledMessage } } = require('@config/siteConfig'); const { sendGATimingEvent } = require('../../../../utils/googleAnalytics.js'); +const { publishing: { publishOnlyApproved, approvedChannels } } = require('@config/siteConfig'); const { handleErrorResponse } = require('../../../utils/errorHandlers.js'); @@ -16,6 +17,7 @@ const parsePublishApiRequestFiles = require('./parsePublishApiRequestFiles.js'); const authenticateUser = require('./authentication.js'); const CLAIM_TAKEN = 'CLAIM_TAKEN'; +const UNAPPROVED_CHANNEL = 'UNAPPROVED_CHANNEL'; /* @@ -54,6 +56,13 @@ const claimPublish = ({ body, files, headers, ip, originalUrl, user, tor }, res) // check channel authorization authenticateUser(channelName, channelId, channelPassword, user) .then(({ channelName, channelClaimId }) => { + if (publishOnlyApproved && approvedChannels && !approvedChannels.includes(channelClaimId)) { + const error = { + name : UNAPPROVED_CHANNEL, + message: 'This spee.ch instance only allows publishing to approved channels', + }; + throw error; + } return Promise.all([ checkClaimAvailability(name), createPublishParams(filePath, name, title, description, license, nsfw, thumbnail, channelName, channelClaimId), @@ -98,6 +107,12 @@ const claimPublish = ({ body, files, headers, ip, originalUrl, user, tor }, res) message: error.message, }); } + if (error.name === UNAPPROVED_CHANNEL) { + res.status(400).json({ + success: false, + message: error.message, + }); + } handleErrorResponse(originalUrl, ip, error, res); }); };