]>
Commit | Line | Data |
---|---|---|
41fb13c3 | 1 | import express from 'express' |
0f8d00e3 | 2 | import { body, param, query } from 'express-validator' |
26d6bf65 | 3 | import { MUserAccountUrl } from '@server/types/models' |
d17c7b4e | 4 | import { HttpStatusCode, UserRight } from '@shared/models' |
d4a8e7a6 | 5 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' |
10363c74 | 6 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' |
6e46de09 | 7 | import { logger } from '../../../helpers/logger' |
ceba0e65 C |
8 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' |
9 | import { Hooks } from '../../../lib/plugins/hooks' | |
57f6896f | 10 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' |
84c8d986 C |
11 | import { |
12 | areValidationErrors, | |
13 | checkCanSeeVideoIfPrivate, | |
14 | doesVideoCommentExist, | |
15 | doesVideoCommentThreadExist, | |
16 | doesVideoExist, | |
17 | isValidVideoIdParam | |
18 | } from '../shared' | |
bf1f6508 | 19 | |
0f8d00e3 C |
20 | const listVideoCommentsValidator = [ |
21 | query('isLocal') | |
22 | .optional() | |
f1273314 | 23 | .customSanitizer(toBooleanOrNull) |
0f8d00e3 C |
24 | .custom(isBooleanValid) |
25 | .withMessage('Should have a valid is local boolean'), | |
26 | ||
27 | query('search') | |
28 | .optional() | |
29 | .custom(exists).withMessage('Should have a valid search'), | |
30 | ||
31 | query('searchAccount') | |
32 | .optional() | |
33 | .custom(exists).withMessage('Should have a valid account search'), | |
34 | ||
35 | query('searchVideo') | |
36 | .optional() | |
37 | .custom(exists).withMessage('Should have a valid video search'), | |
38 | ||
39 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
40 | logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query }) | |
41 | ||
42 | if (areValidationErrors(req, res)) return | |
43 | ||
44 | return next() | |
45 | } | |
46 | ] | |
47 | ||
bf1f6508 | 48 | const listVideoCommentThreadsValidator = [ |
d4a8e7a6 | 49 | isValidVideoIdParam('videoId'), |
bf1f6508 C |
50 | |
51 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d3ea8975 | 52 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) |
bf1f6508 C |
53 | |
54 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 55 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
bf1f6508 | 56 | |
84c8d986 C |
57 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) { |
58 | return res.fail({ | |
59 | status: HttpStatusCode.FORBIDDEN_403, | |
60 | message: 'Cannot list comments of private/internal/blocklisted video' | |
61 | }) | |
62 | } | |
63 | ||
bf1f6508 C |
64 | return next() |
65 | } | |
66 | ] | |
67 | ||
68 | const listVideoThreadCommentsValidator = [ | |
d4a8e7a6 C |
69 | isValidVideoIdParam('videoId'), |
70 | ||
71 | param('threadId') | |
72 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | |
bf1f6508 C |
73 | |
74 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d3ea8975 | 75 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) |
bf1f6508 C |
76 | |
77 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 78 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
453e83ea | 79 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return |
bf1f6508 | 80 | |
84c8d986 C |
81 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) { |
82 | return res.fail({ | |
83 | status: HttpStatusCode.FORBIDDEN_403, | |
84 | message: 'Cannot list threads of private/internal/blocklisted video' | |
85 | }) | |
86 | } | |
87 | ||
bf1f6508 C |
88 | return next() |
89 | } | |
90 | ] | |
91 | ||
92 | const addVideoCommentThreadValidator = [ | |
d4a8e7a6 C |
93 | isValidVideoIdParam('videoId'), |
94 | ||
95 | body('text') | |
96 | .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
bf1f6508 C |
97 | |
98 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
5de8a55a | 99 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) |
bf1f6508 C |
100 | |
101 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 102 | if (!await doesVideoExist(req.params.videoId, res)) return |
6ea9295b C |
103 | |
104 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) { | |
105 | return res.fail({ | |
106 | status: HttpStatusCode.FORBIDDEN_403, | |
107 | message: 'Cannot access to this ressource' | |
108 | }) | |
109 | } | |
110 | ||
453e83ea | 111 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
a1587156 | 112 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return |
bf1f6508 C |
113 | |
114 | return next() | |
115 | } | |
116 | ] | |
117 | ||
118 | const addVideoCommentReplyValidator = [ | |
d4a8e7a6 C |
119 | isValidVideoIdParam('videoId'), |
120 | ||
bf1f6508 | 121 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), |
d4a8e7a6 | 122 | |
bf1f6508 C |
123 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), |
124 | ||
125 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
5de8a55a | 126 | logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) |
bf1f6508 C |
127 | |
128 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 129 | if (!await doesVideoExist(req.params.videoId, res)) return |
6ea9295b C |
130 | |
131 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) { | |
132 | return res.fail({ | |
133 | status: HttpStatusCode.FORBIDDEN_403, | |
134 | message: 'Cannot access to this ressource' | |
135 | }) | |
136 | } | |
137 | ||
453e83ea C |
138 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
139 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
140 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return | |
bf1f6508 C |
141 | |
142 | return next() | |
143 | } | |
144 | ] | |
145 | ||
da854ddd | 146 | const videoCommentGetValidator = [ |
d4a8e7a6 C |
147 | isValidVideoIdParam('videoId'), |
148 | ||
149 | param('commentId') | |
150 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
da854ddd C |
151 | |
152 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
153 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | |
154 | ||
155 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 156 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return |
453e83ea | 157 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return |
da854ddd C |
158 | |
159 | return next() | |
160 | } | |
161 | ] | |
162 | ||
4cb6d457 | 163 | const removeVideoCommentValidator = [ |
d4a8e7a6 C |
164 | isValidVideoIdParam('videoId'), |
165 | ||
4cb6d457 C |
166 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), |
167 | ||
168 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
169 | logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) | |
170 | ||
171 | if (areValidationErrors(req, res)) return | |
0f6acda1 | 172 | if (!await doesVideoExist(req.params.videoId, res)) return |
453e83ea | 173 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return |
4cb6d457 C |
174 | |
175 | // Check if the user who did the request is able to delete the video | |
453e83ea | 176 | if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return |
4cb6d457 C |
177 | |
178 | return next() | |
179 | } | |
180 | ] | |
181 | ||
bf1f6508 C |
182 | // --------------------------------------------------------------------------- |
183 | ||
184 | export { | |
185 | listVideoCommentThreadsValidator, | |
186 | listVideoThreadCommentsValidator, | |
187 | addVideoCommentThreadValidator, | |
0f8d00e3 | 188 | listVideoCommentsValidator, |
da854ddd | 189 | addVideoCommentReplyValidator, |
4cb6d457 C |
190 | videoCommentGetValidator, |
191 | removeVideoCommentValidator | |
bf1f6508 C |
192 | } |
193 | ||
194 | // --------------------------------------------------------------------------- | |
195 | ||
453e83ea | 196 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { |
47564bbe | 197 | if (video.commentsEnabled !== true) { |
76148b27 RK |
198 | res.fail({ |
199 | status: HttpStatusCode.CONFLICT_409, | |
200 | message: 'Video comments are disabled for this video.' | |
201 | }) | |
47564bbe C |
202 | return false |
203 | } | |
204 | ||
205 | return true | |
206 | } | |
4cb6d457 | 207 | |
fde37dc9 | 208 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { |
c883db6d | 209 | if (videoComment.isDeleted()) { |
76148b27 RK |
210 | res.fail({ |
211 | status: HttpStatusCode.CONFLICT_409, | |
212 | message: 'This comment is already deleted' | |
213 | }) | |
c883db6d C |
214 | return false |
215 | } | |
216 | ||
fde37dc9 C |
217 | const userAccount = user.Account |
218 | ||
219 | if ( | |
220 | user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator | |
221 | videoComment.accountId !== userAccount.id && // Not the comment owner | |
222 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner | |
223 | ) { | |
76148b27 RK |
224 | res.fail({ |
225 | status: HttpStatusCode.FORBIDDEN_403, | |
226 | message: 'Cannot remove video comment of another user' | |
227 | }) | |
4cb6d457 C |
228 | return false |
229 | } | |
230 | ||
231 | return true | |
232 | } | |
b4055e1c | 233 | |
453e83ea | 234 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { |
b4055e1c | 235 | const acceptParameters = { |
453e83ea | 236 | video, |
b4055e1c C |
237 | commentBody: req.body, |
238 | user: res.locals.oauth.token.User | |
239 | } | |
240 | ||
241 | let acceptedResult: AcceptResult | |
242 | ||
243 | if (isReply) { | |
453e83ea | 244 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) |
b4055e1c | 245 | |
6691c522 C |
246 | acceptedResult = await Hooks.wrapFun( |
247 | isLocalVideoCommentReplyAccepted, | |
248 | acceptReplyParameters, | |
b4055e1c C |
249 | 'filter:api.video-comment-reply.create.accept.result' |
250 | ) | |
251 | } else { | |
6691c522 C |
252 | acceptedResult = await Hooks.wrapFun( |
253 | isLocalVideoThreadAccepted, | |
254 | acceptParameters, | |
b4055e1c C |
255 | 'filter:api.video-thread.create.accept.result' |
256 | ) | |
257 | } | |
258 | ||
259 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
260 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | |
b4055e1c | 261 | |
76148b27 RK |
262 | res.fail({ |
263 | status: HttpStatusCode.FORBIDDEN_403, | |
264 | message: acceptedResult?.errorMessage || 'Refused local comment' | |
265 | }) | |
b4055e1c C |
266 | return false |
267 | } | |
268 | ||
269 | return true | |
270 | } |