[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / video-channels.ts

import * as express from 'express'
import { body, param } from 'express-validator/check'
import { UserRight } from '../../../shared'
import { isAccountIdExist, isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import {
  isVideoChannelDescriptionValid,
  isVideoChannelExist,
  isVideoChannelNameValid,
  isVideoChannelSupportValid
} from '../../helpers/custom-validators/video-channels'
import { logger } from '../../helpers/logger'
import { UserModel } from '../../models/account/user'
import { VideoChannelModel } from '../../models/video/video-channel'
import { areValidationErrors } from './utils'
import { isAvatarFile } from '../../helpers/custom-validators/users'
import { CONSTRAINTS_FIELDS } from '../../initializers'

const listVideoAccountChannelsValidator = [
  param('accountName').exists().withMessage('Should have a valid account name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await isAccountNameWithHostExist(req.params.accountName, res)) return

    return next()
  }
]

const videoChannelsAddValidator = [
  body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const videoChannelsUpdateValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('displayName').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    // We need to make additional checks
    if (res.locals.videoChannel.Actor.isOwned() === false) {
      return res.status(403)
        .json({ error: 'Cannot update video channel of another server' })
        .end()
    }

    if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
      return res.status(403)
        .json({ error: 'Cannot update video channel of another user' })
        .end()
    }

    return next()
  }
]

const videoChannelsRemoveValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
    if (!await checkVideoChannelIsNotTheLastOne(res)) return

    return next()
  }
]

const videoChannelsGetValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoChannelExist(req.params.id, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  listVideoAccountChannelsValidator,
  videoChannelsAddValidator,
  videoChannelsUpdateValidator,
  videoChannelsRemoveValidator,
  videoChannelsGetValidator
}

// ---------------------------------------------------------------------------

function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
  if (videoChannel.Actor.isOwned() === false) {
    res.status(403)
              .json({ error: 'Cannot remove video channel of another server.' })
              .end()

    return false
  }

  // Check if the user can delete the video channel
  // The user can delete it if s/he is an admin
  // Or if s/he is the video channel's account
  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
    res.status(403)
              .json({ error: 'Cannot remove video channel of another user' })
              .end()

    return false
  }

  return true
}

async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
  const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)

  if (count <= 1) {
    res.status(409)
      .json({ error: 'Cannot remove the last channel of this user' })
      .end()

    return false
  }

  return true
}
Commit	Line	Data
72c7248b	1	import * as express from 'express'
d4f1e94c C	2	import { body, param } from 'express-validator/check'
d4f1e94c C	3	import { UserRight } from '../../../shared'
ad9e39fb	4	import { isAccountIdExist, isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts'
50d6de9c	5	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
4e50b6a1	6	import {
7d8e778a C	7	isVideoChannelDescriptionValid,
	8	isVideoChannelExist,
	9	isVideoChannelNameValid,
	10	isVideoChannelSupportValid
4e50b6a1	11	} from '../../helpers/custom-validators/video-channels'
da854ddd	12	import { logger } from '../../helpers/logger'
3fd3ab2d C	13	import { UserModel } from '../../models/account/user'
3fd3ab2d C	14	import { VideoChannelModel } from '../../models/video/video-channel'
a2431b7d	15	import { areValidationErrors } from './utils'
4bbfc6c6 C	16	import { isAvatarFile } from '../../helpers/custom-validators/users'
4bbfc6c6 C	17	import { CONSTRAINTS_FIELDS } from '../../initializers'
72c7248b	18
38fa2065	19	const listVideoAccountChannelsValidator = [
ad9e39fb	20	param('accountName').exists().withMessage('Should have a valid account name'),
72c7248b	21
a2431b7d	22	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
38fa2065	23	logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
72c7248b	24
a2431b7d	25	if (areValidationErrors(req, res)) return
ad9e39fb	26	if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
a2431b7d C	27
a2431b7d C	28	return next()
72c7248b C	29	}
	30	]
	31
	32	const videoChannelsAddValidator = [
08c1efbe	33	body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
2422c46b C	34	body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
2422c46b C	35	body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
72c7248b C	36
	37	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	38	logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
	39
a2431b7d C	40	if (areValidationErrors(req, res)) return
	41
	42	return next()
72c7248b C	43	}
	44	]
	45
	46	const videoChannelsUpdateValidator = [
	47	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
08c1efbe	48	body('displayName').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
72c7248b	49	body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
2422c46b	50	body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
72c7248b	51
a2431b7d	52	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	53	logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
72c7248b C	54
a2431b7d C	55	if (areValidationErrors(req, res)) return
	56	if (!await isVideoChannelExist(req.params.id, res)) return
	57
	58	// We need to make additional checks
d50acfab	59	if (res.locals.videoChannel.Actor.isOwned() === false) {
a2431b7d C	60	return res.status(403)
	61	.json({ error: 'Cannot update video channel of another server' })
	62	.end()
	63	}
	64
	65	if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
	66	return res.status(403)
	67	.json({ error: 'Cannot update video channel of another user' })
	68	.end()
	69	}
	70
	71	return next()
72c7248b C	72	}
	73	]
	74
	75	const videoChannelsRemoveValidator = [
	76	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	77
a2431b7d	78	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	79	logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
72c7248b C	80
a2431b7d C	81	if (areValidationErrors(req, res)) return
	82	if (!await isVideoChannelExist(req.params.id, res)) return
	83
d48ff09d	84	if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
a2431b7d C	85	if (!await checkVideoChannelIsNotTheLastOne(res)) return
	86
	87	return next()
72c7248b C	88	}
	89	]
	90
20494f12	91	const videoChannelsGetValidator = [
72c7248b C	92	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
72c7248b C	93
a2431b7d	94	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	95	logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
72c7248b C	96
a2431b7d	97	if (areValidationErrors(req, res)) return
6b738c7a	98
a2431b7d C	99	if (!await isVideoChannelExist(req.params.id, res)) return
	100
	101	return next()
72c7248b C	102	}
	103	]
	104
	105	// ---------------------------------------------------------------------------
	106
	107	export {
38fa2065	108	listVideoAccountChannelsValidator,
72c7248b C	109	videoChannelsAddValidator,
	110	videoChannelsUpdateValidator,
	111	videoChannelsRemoveValidator,
50d6de9c	112	videoChannelsGetValidator
72c7248b C	113	}
	114
	115	// ---------------------------------------------------------------------------
	116
3fd3ab2d	117	function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
50d6de9c	118	if (videoChannel.Actor.isOwned() === false) {
a2431b7d	119	res.status(403)
60862425	120	.json({ error: 'Cannot remove video channel of another server.' })
72c7248b	121	.end()
a2431b7d C	122
a2431b7d C	123	return false
72c7248b C	124	}
	125
	126	// Check if the user can delete the video channel
	127	// The user can delete it if s/he is an admin
38fa2065	128	// Or if s/he is the video channel's account
a2431b7d C	129	if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
a2431b7d C	130	res.status(403)
72c7248b C	131	.json({ error: 'Cannot remove video channel of another user' })
72c7248b C	132	.end()
a2431b7d C	133
a2431b7d C	134	return false
72c7248b C	135	}
72c7248b C	136
a2431b7d	137	return true
72c7248b C	138	}
72c7248b C	139
a2431b7d	140	async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
3fd3ab2d	141	const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
a2431b7d C	142
	143	if (count <= 1) {
	144	res.status(409)
	145	.json({ error: 'Cannot remove the last channel of this user' })
	146	.end()
	147
	148	return false
	149	}
	150
	151	return true
72c7248b	152	}