[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / video-channels.ts

import * as express from 'express'
import { body, param } from 'express-validator/check'
import { UserRight } from '../../../shared'
import { logger } from '../../helpers'
import { isAccountIdExist } from '../../helpers/custom-validators/accounts'
import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
import {
  isVideoChannelDescriptionValid,
  isVideoChannelExist,
  isVideoChannelNameValid
} from '../../helpers/custom-validators/video-channels'
import { UserModel } from '../../models/account/user'
import { VideoChannelModel } from '../../models/video/video-channel'
import { VideoChannelShareModel } from '../../models/video/video-channel-share'
import { areValidationErrors } from './utils'

const listVideoAccountChannelsValidator = [
  param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await isAccountIdExist(req.params.accountId, res)) return

    return next()
  }
]

const videoChannelsAddValidator = [
  body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const videoChannelsUpdateValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    // We need to make additional checks
    if (res.locals.videoChannel.isOwned() === false) {
      return res.status(403)
        .json({ error: 'Cannot update video channel of another server' })
        .end()
    }

    if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
      return res.status(403)
        .json({ error: 'Cannot update video channel of another user' })
        .end()
    }

    return next()
  }
]

const videoChannelsRemoveValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    // Check if the user who did the request is able to delete the video
    if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
    if (!await checkVideoChannelIsNotTheLastOne(res)) return

    return next()
  }
]

const videoChannelsGetValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    return next()
  }
]

const videoChannelsShareValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelShare parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return
    if (!await isVideoChannelExist(req.params.id, res)) return

    const share = await VideoChannelShareModel.load(res.locals.video.id, req.params.accountId, undefined)
    if (!share) {
      return res.status(404)
        .end()
    }

    res.locals.videoChannelShare = share

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  listVideoAccountChannelsValidator,
  videoChannelsAddValidator,
  videoChannelsUpdateValidator,
  videoChannelsRemoveValidator,
  videoChannelsGetValidator,
  videoChannelsShareValidator
}

// ---------------------------------------------------------------------------

function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
  // Retrieve the user who did the request
  if (videoChannel.isOwned() === false) {
    res.status(403)
              .json({ error: 'Cannot remove video channel of another server.' })
              .end()

    return false
  }

  // Check if the user can delete the video channel
  // The user can delete it if s/he is an admin
  // Or if s/he is the video channel's account
  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
    res.status(403)
              .json({ error: 'Cannot remove video channel of another user' })
              .end()

    return false
  }

  return true
}

async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
  const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)

  if (count <= 1) {
    res.status(409)
      .json({ error: 'Cannot remove the last channel of this user' })
      .end()

    return false
  }

  return true
}
Commit	Line	Data
72c7248b	1	import * as express from 'express'
d4f1e94c C	2	import { body, param } from 'express-validator/check'
d4f1e94c C	3	import { UserRight } from '../../../shared'
3fd3ab2d C	4	import { logger } from '../../helpers'
	5	import { isAccountIdExist } from '../../helpers/custom-validators/accounts'
	6	import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
4e50b6a1	7	import {
4e50b6a1	8	isVideoChannelDescriptionValid,
a2431b7d	9	isVideoChannelExist,
4e50b6a1 C	10	isVideoChannelNameValid
4e50b6a1 C	11	} from '../../helpers/custom-validators/video-channels'
3fd3ab2d C	12	import { UserModel } from '../../models/account/user'
	13	import { VideoChannelModel } from '../../models/video/video-channel'
	14	import { VideoChannelShareModel } from '../../models/video/video-channel-share'
a2431b7d	15	import { areValidationErrors } from './utils'
72c7248b	16
38fa2065 C	17	const listVideoAccountChannelsValidator = [
38fa2065 C	18	param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),
72c7248b	19
a2431b7d	20	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
38fa2065	21	logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
72c7248b	22
a2431b7d C	23	if (areValidationErrors(req, res)) return
	24	if (!await isAccountIdExist(req.params.accountId, res)) return
	25
	26	return next()
72c7248b C	27	}
	28	]
	29
	30	const videoChannelsAddValidator = [
	31	body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
	32	body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
	33
	34	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	35	logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
	36
a2431b7d C	37	if (areValidationErrors(req, res)) return
	38
	39	return next()
72c7248b C	40	}
	41	]
	42
	43	const videoChannelsUpdateValidator = [
	44	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	45	body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
	46	body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
	47
a2431b7d	48	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	49	logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
72c7248b C	50
a2431b7d C	51	if (areValidationErrors(req, res)) return
	52	if (!await isVideoChannelExist(req.params.id, res)) return
	53
	54	// We need to make additional checks
	55	if (res.locals.videoChannel.isOwned() === false) {
	56	return res.status(403)
	57	.json({ error: 'Cannot update video channel of another server' })
	58	.end()
	59	}
	60
	61	if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
	62	return res.status(403)
	63	.json({ error: 'Cannot update video channel of another user' })
	64	.end()
	65	}
	66
	67	return next()
72c7248b C	68	}
	69	]
	70
	71	const videoChannelsRemoveValidator = [
	72	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	73
a2431b7d	74	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	75	logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
72c7248b C	76
a2431b7d C	77	if (areValidationErrors(req, res)) return
	78	if (!await isVideoChannelExist(req.params.id, res)) return
	79
	80	// Check if the user who did the request is able to delete the video
d48ff09d	81	if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
a2431b7d C	82	if (!await checkVideoChannelIsNotTheLastOne(res)) return
	83
	84	return next()
72c7248b C	85	}
	86	]
	87
20494f12	88	const videoChannelsGetValidator = [
72c7248b C	89	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
72c7248b C	90
a2431b7d	91	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
72c7248b C	92	logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
72c7248b C	93
a2431b7d C	94	if (areValidationErrors(req, res)) return
	95	if (!await isVideoChannelExist(req.params.id, res)) return
	96
	97	return next()
72c7248b C	98	}
	99	]
	100
4e50b6a1 C	101	const videoChannelsShareValidator = [
	102	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	103	param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
	104
	105	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	106	logger.debug('Checking videoChannelShare parameters', { parameters: req.params })
	107
	108	if (areValidationErrors(req, res)) return
a2431b7d	109	if (!await isVideoChannelExist(req.params.id, res)) return
4e50b6a1	110
3fd3ab2d	111	const share = await VideoChannelShareModel.load(res.locals.video.id, req.params.accountId, undefined)
4e50b6a1 C	112	if (!share) {
	113	return res.status(404)
	114	.end()
	115	}
	116
	117	res.locals.videoChannelShare = share
	118
	119	return next()
	120	}
	121	]
	122
72c7248b C	123	// ---------------------------------------------------------------------------
	124
	125	export {
38fa2065	126	listVideoAccountChannelsValidator,
72c7248b C	127	videoChannelsAddValidator,
	128	videoChannelsUpdateValidator,
	129	videoChannelsRemoveValidator,
4e50b6a1 C	130	videoChannelsGetValidator,
4e50b6a1 C	131	videoChannelsShareValidator
72c7248b C	132	}
	133
	134	// ---------------------------------------------------------------------------
	135
3fd3ab2d	136	function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
72c7248b	137	// Retrieve the user who did the request
a2431b7d C	138	if (videoChannel.isOwned() === false) {
a2431b7d C	139	res.status(403)
60862425	140	.json({ error: 'Cannot remove video channel of another server.' })
72c7248b	141	.end()
a2431b7d C	142
a2431b7d C	143	return false
72c7248b C	144	}
	145
	146	// Check if the user can delete the video channel
	147	// The user can delete it if s/he is an admin
38fa2065	148	// Or if s/he is the video channel's account
a2431b7d C	149	if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
a2431b7d C	150	res.status(403)
72c7248b C	151	.json({ error: 'Cannot remove video channel of another user' })
72c7248b C	152	.end()
a2431b7d C	153
a2431b7d C	154	return false
72c7248b C	155	}
72c7248b C	156
a2431b7d	157	return true
72c7248b C	158	}
72c7248b C	159
a2431b7d	160	async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
3fd3ab2d	161	const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
a2431b7d C	162
	163	if (count <= 1) {
	164	res.status(409)
	165	.json({ error: 'Cannot remove the last channel of this user' })
	166	.end()
	167
	168	return false
	169	}
	170
	171	return true
72c7248b	172	}