[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / video-channels.ts

import { body, param } from 'express-validator/check'
import * as express from 'express'

import { checkErrors } from './utils'
import { database as db } from '../../initializers'
import {
  logger,
  isIdOrUUIDValid,
  isVideoChannelDescriptionValid,
  isVideoChannelNameValid,
  checkVideoChannelExists,
  checkVideoAuthorExists
} from '../../helpers'

const listVideoAuthorChannelsValidator = [
  param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body })

    checkErrors(req, res, () => {
      checkVideoAuthorExists(req.params.authorId, res, next)
    })
  }
]

const videoChannelsAddValidator = [
  body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })

    checkErrors(req, res, next)
  }
]

const videoChannelsUpdateValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })

    checkErrors(req, res, () => {
      checkVideoChannelExists(req.params.id, res, () => {
        // We need to make additional checks
        if (res.locals.videoChannel.isOwned() === false) {
          return res.status(403)
            .json({ error: 'Cannot update video channel of another pod' })
            .end()
        }

        if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) {
          return res.status(403)
            .json({ error: 'Cannot update video channel of another user' })
            .end()
        }

        next()
      })
    })
  }
]

const videoChannelsRemoveValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })

    checkErrors(req, res, () => {
      checkVideoChannelExists(req.params.id, res, () => {
        // Check if the user who did the request is able to delete the video
        checkUserCanDeleteVideoChannel(res, () => {
          checkVideoChannelIsNotTheLastOne(res, next)
        })
      })
    })
  }
]

const videoChannelGetValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })

    checkErrors(req, res, () => {
      checkVideoChannelExists(req.params.id, res, next)
    })
  }
]

// ---------------------------------------------------------------------------

export {
  listVideoAuthorChannelsValidator,
  videoChannelsAddValidator,
  videoChannelsUpdateValidator,
  videoChannelsRemoveValidator,
  videoChannelGetValidator
}

// ---------------------------------------------------------------------------

function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
  const user = res.locals.oauth.token.User

  // Retrieve the user who did the request
  if (res.locals.videoChannel.isOwned() === false) {
    return res.status(403)
              .json({ error: 'Cannot remove video channel of another pod.' })
              .end()
  }

  // Check if the user can delete the video channel
  // The user can delete it if s/he is an admin
  // Or if s/he is the video channel's author
  if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) {
    return res.status(403)
              .json({ error: 'Cannot remove video channel of another user' })
              .end()
  }

  // If we reach this comment, we can delete the video
  callback()
}

function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
  db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id)
    .then(count => {
      if (count <= 1) {
        return res.status(409)
          .json({ error: 'Cannot remove the last channel of this user' })
          .end()
      }

      callback()
    })
}
Commit	Line	Data
72c7248b C	1	import { body, param } from 'express-validator/check'
	2	import * as express from 'express'
	3
	4	import { checkErrors } from './utils'
	5	import { database as db } from '../../initializers'
	6	import {
	7	logger,
	8	isIdOrUUIDValid,
	9	isVideoChannelDescriptionValid,
	10	isVideoChannelNameValid,
	11	checkVideoChannelExists,
	12	checkVideoAuthorExists
	13	} from '../../helpers'
	14
	15	const listVideoAuthorChannelsValidator = [
	16	param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
	17
	18	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	19	logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body })
	20
	21	checkErrors(req, res, () => {
	22	checkVideoAuthorExists(req.params.authorId, res, next)
	23	})
	24	}
	25	]
	26
	27	const videoChannelsAddValidator = [
	28	body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
	29	body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
	30
	31	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	32	logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
	33
	34	checkErrors(req, res, next)
	35	}
	36	]
	37
	38	const videoChannelsUpdateValidator = [
	39	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	40	body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
	41	body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
	42
	43	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	44	logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
	45
	46	checkErrors(req, res, () => {
	47	checkVideoChannelExists(req.params.id, res, () => {
	48	// We need to make additional checks
	49	if (res.locals.videoChannel.isOwned() === false) {
	50	return res.status(403)
	51	.json({ error: 'Cannot update video channel of another pod' })
	52	.end()
	53	}
	54
	55	if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) {
	56	return res.status(403)
	57	.json({ error: 'Cannot update video channel of another user' })
	58	.end()
	59	}
	60
	61	next()
	62	})
	63	})
	64	}
65	]
66
67	const videoChannelsRemoveValidator = [
68	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
69
70	(req: express.Request, res: express.Response, next: express.NextFunction) => {
71	logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
72
73	checkErrors(req, res, () => {
74	checkVideoChannelExists(req.params.id, res, () => {
75	// Check if the user who did the request is able to delete the video
76	checkUserCanDeleteVideoChannel(res, () => {
77	checkVideoChannelIsNotTheLastOne(res, next)
78	})
79	})
80	})
81	}
82	]
83
84	const videoChannelGetValidator = [
85	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
86
87	(req: express.Request, res: express.Response, next: express.NextFunction) => {
88	logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
89
90	checkErrors(req, res, () => {
91	checkVideoChannelExists(req.params.id, res, next)
92	})
93	}
94	]
95
96	// ---------------------------------------------------------------------------
97
98	export {
99	listVideoAuthorChannelsValidator,
100	videoChannelsAddValidator,
101	videoChannelsUpdateValidator,
102	videoChannelsRemoveValidator,
103	videoChannelGetValidator
104	}
105
106	// ---------------------------------------------------------------------------
107
108	function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
109	const user = res.locals.oauth.token.User
110
111	// Retrieve the user who did the request
112	if (res.locals.videoChannel.isOwned() === false) {
113	return res.status(403)
114	.json({ error: 'Cannot remove video channel of another pod.' })
115	.end()
116	}
117
118	// Check if the user can delete the video channel
119	// The user can delete it if s/he is an admin
120	// Or if s/he is the video channel's author
121	if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) {
122	return res.status(403)
123	.json({ error: 'Cannot remove video channel of another user' })
124	.end()
125	}
126
127	// If we reach this comment, we can delete the video
128	callback()
129	}
130
131	function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
132	db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id)
133	.then(count => {
134	if (count <= 1) {
135	return res.status(409)
136	.json({ error: 'Cannot remove the last channel of this user' })
137	.end()
138	}
139
140	callback()
141	})
142	}