]>
Commit | Line | Data |
---|---|---|
bf1f6508 | 1 | import * as express from 'express' |
c8861d5d | 2 | import { body, param } from 'express-validator' |
ceba0e65 | 3 | import { MUserAccountUrl } from '@server/typings/models' |
6e46de09 C |
4 | import { UserRight } from '../../../../shared' |
5 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | |
6 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' | |
6e46de09 | 7 | import { logger } from '../../../helpers/logger' |
ceba0e65 C |
8 | import { doesVideoExist } from '../../../helpers/middlewares' |
9 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' | |
10 | import { Hooks } from '../../../lib/plugins/hooks' | |
6e46de09 | 11 | import { VideoCommentModel } from '../../../models/video/video-comment' |
ceba0e65 | 12 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight, MVideoId } from '../../../typings/models/video' |
6e46de09 | 13 | import { areValidationErrors } from '../utils' |
bf1f6508 C |
14 | |
15 | const listVideoCommentThreadsValidator = [ | |
16 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
17 | ||
18 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d3ea8975 | 19 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) |
bf1f6508 C |
20 | |
21 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 22 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
bf1f6508 C |
23 | |
24 | return next() | |
25 | } | |
26 | ] | |
27 | ||
28 | const listVideoThreadCommentsValidator = [ | |
29 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
30 | param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | |
31 | ||
32 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d3ea8975 | 33 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) |
bf1f6508 C |
34 | |
35 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 36 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
453e83ea | 37 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return |
bf1f6508 C |
38 | |
39 | return next() | |
40 | } | |
41 | ] | |
42 | ||
43 | const addVideoCommentThreadValidator = [ | |
44 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
45 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
46 | ||
47 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
5de8a55a | 48 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) |
bf1f6508 C |
49 | |
50 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 51 | if (!await doesVideoExist(req.params.videoId, res)) return |
453e83ea | 52 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
a1587156 | 53 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return |
bf1f6508 C |
54 | |
55 | return next() | |
56 | } | |
57 | ] | |
58 | ||
59 | const addVideoCommentReplyValidator = [ | |
60 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
61 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
62 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
63 | ||
64 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
5de8a55a | 65 | logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) |
bf1f6508 C |
66 | |
67 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 68 | if (!await doesVideoExist(req.params.videoId, res)) return |
453e83ea C |
69 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
70 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
71 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return | |
bf1f6508 C |
72 | |
73 | return next() | |
74 | } | |
75 | ] | |
76 | ||
da854ddd C |
77 | const videoCommentGetValidator = [ |
78 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
79 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
80 | ||
81 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
82 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | |
83 | ||
84 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 85 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return |
453e83ea | 86 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return |
da854ddd C |
87 | |
88 | return next() | |
89 | } | |
90 | ] | |
91 | ||
4cb6d457 C |
92 | const removeVideoCommentValidator = [ |
93 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
94 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
95 | ||
96 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
97 | logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) | |
98 | ||
99 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 100 | if (!await doesVideoExist(req.params.videoId, res)) return |
453e83ea | 101 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return |
4cb6d457 C |
102 | |
103 | // Check if the user who did the request is able to delete the video | |
453e83ea | 104 | if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return |
4cb6d457 C |
105 | |
106 | return next() | |
107 | } | |
108 | ] | |
109 | ||
bf1f6508 C |
110 | // --------------------------------------------------------------------------- |
111 | ||
112 | export { | |
113 | listVideoCommentThreadsValidator, | |
114 | listVideoThreadCommentsValidator, | |
115 | addVideoCommentThreadValidator, | |
da854ddd | 116 | addVideoCommentReplyValidator, |
4cb6d457 C |
117 | videoCommentGetValidator, |
118 | removeVideoCommentValidator | |
bf1f6508 C |
119 | } |
120 | ||
121 | // --------------------------------------------------------------------------- | |
122 | ||
d5d9b6d7 C |
123 | async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { |
124 | const id = parseInt(idArg + '', 10) | |
bf1f6508 C |
125 | const videoComment = await VideoCommentModel.loadById(id) |
126 | ||
127 | if (!videoComment) { | |
128 | res.status(404) | |
129 | .json({ error: 'Video comment thread not found' }) | |
130 | .end() | |
131 | ||
132 | return false | |
133 | } | |
134 | ||
d3ea8975 | 135 | if (videoComment.videoId !== video.id) { |
bf1f6508 | 136 | res.status(400) |
5fbd08be | 137 | .json({ error: 'Video comment is not associated to this video.' }) |
bf1f6508 C |
138 | .end() |
139 | ||
140 | return false | |
141 | } | |
142 | ||
143 | if (videoComment.inReplyToCommentId !== null) { | |
144 | res.status(400) | |
145 | .json({ error: 'Video comment is not a thread.' }) | |
146 | .end() | |
147 | ||
148 | return false | |
149 | } | |
150 | ||
151 | res.locals.videoCommentThread = videoComment | |
152 | return true | |
153 | } | |
154 | ||
d5d9b6d7 C |
155 | async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { |
156 | const id = parseInt(idArg + '', 10) | |
da854ddd | 157 | const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) |
bf1f6508 C |
158 | |
159 | if (!videoComment) { | |
160 | res.status(404) | |
161 | .json({ error: 'Video comment thread not found' }) | |
162 | .end() | |
163 | ||
164 | return false | |
165 | } | |
166 | ||
d3ea8975 | 167 | if (videoComment.videoId !== video.id) { |
bf1f6508 | 168 | res.status(400) |
5fbd08be | 169 | .json({ error: 'Video comment is not associated to this video.' }) |
bf1f6508 C |
170 | .end() |
171 | ||
172 | return false | |
173 | } | |
174 | ||
453e83ea | 175 | res.locals.videoCommentFull = videoComment |
bf1f6508 C |
176 | return true |
177 | } | |
47564bbe | 178 | |
453e83ea | 179 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { |
47564bbe C |
180 | if (video.commentsEnabled !== true) { |
181 | res.status(409) | |
182 | .json({ error: 'Video comments are disabled for this video.' }) | |
183 | .end() | |
184 | ||
185 | return false | |
186 | } | |
187 | ||
188 | return true | |
189 | } | |
4cb6d457 | 190 | |
fde37dc9 | 191 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { |
c883db6d C |
192 | if (videoComment.isDeleted()) { |
193 | res.status(409) | |
194 | .json({ error: 'This comment is already deleted' }) | |
195 | .end() | |
196 | return false | |
197 | } | |
198 | ||
fde37dc9 C |
199 | const userAccount = user.Account |
200 | ||
201 | if ( | |
202 | user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator | |
203 | videoComment.accountId !== userAccount.id && // Not the comment owner | |
204 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner | |
205 | ) { | |
4cb6d457 C |
206 | res.status(403) |
207 | .json({ error: 'Cannot remove video comment of another user' }) | |
fde37dc9 | 208 | |
4cb6d457 C |
209 | return false |
210 | } | |
211 | ||
212 | return true | |
213 | } | |
b4055e1c | 214 | |
453e83ea | 215 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { |
b4055e1c | 216 | const acceptParameters = { |
453e83ea | 217 | video, |
b4055e1c C |
218 | commentBody: req.body, |
219 | user: res.locals.oauth.token.User | |
220 | } | |
221 | ||
222 | let acceptedResult: AcceptResult | |
223 | ||
224 | if (isReply) { | |
453e83ea | 225 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) |
b4055e1c | 226 | |
6691c522 C |
227 | acceptedResult = await Hooks.wrapFun( |
228 | isLocalVideoCommentReplyAccepted, | |
229 | acceptReplyParameters, | |
b4055e1c C |
230 | 'filter:api.video-comment-reply.create.accept.result' |
231 | ) | |
232 | } else { | |
6691c522 C |
233 | acceptedResult = await Hooks.wrapFun( |
234 | isLocalVideoThreadAccepted, | |
235 | acceptParameters, | |
b4055e1c C |
236 | 'filter:api.video-thread.create.accept.result' |
237 | ) | |
238 | } | |
239 | ||
240 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
241 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | |
242 | res.status(403) | |
243 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | |
244 | ||
245 | return false | |
246 | } | |
247 | ||
248 | return true | |
249 | } |