[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import * as express from 'express'
import { body, param, query, ValidationChain } from 'express-validator'
import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { areValidationErrors } from '../utils'
import { isVideoImage } from '../../../helpers/custom-validators/videos'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import {
  isArrayOf,
  isIdOrUUIDValid,
  isIdValid,
  isUUIDValid,
  toIntArray,
  toIntOrNull,
  toValueOrNull
} from '../../../helpers/custom-validators/misc'
import {
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { authenticatePromiseIfNeeded } from '../../oauth'
import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares'
import { MVideoPlaylist } from '../../../typings/models/video/video-playlist'
import { MUserAccountId } from '@server/typings/models'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  body('displayName')
    .optional()
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = getPlaylist(res)

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    const body: VideoPlaylistUpdate = req.body

    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot update a watch later playlist.' })
    }

    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = getPlaylist(res)
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
  return [
    param('playlistId')
      .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
      logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })

      if (areValidationErrors(req, res)) return

      if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return

      const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary

      // Video is unlisted, check we used the uuid to fetch it
      if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
        if (isUUIDValid(req.params.playlistId)) return next()

        return res.status(404).end()
      }

      if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
        await authenticatePromiseIfNeeded(req, res)

        const user = res.locals.oauth ? res.locals.oauth.token.User : null

        if (
          !user ||
          (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
        ) {
          return res.status(403)
                    .json({ error: 'Cannot get this private video playlist.' })
        }

        return next()
      }

      return next()
    }
  ]
}

const videoPlaylistsAddVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist = getPlaylist(res)
    const video = res.locals.onlyVideo

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
      res.status(409)
         .json({ error: 'This video in this playlist already exists' })
         .end()

      return
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('playlistElementId')
    .custom(isIdValid).withMessage('Should have an element id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = getPlaylist(res)

    const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.status(403).end()
    }

    res.locals.videoPlaylistElementAP = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')
    .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }).withMessage('Should have a valid range length'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = getPlaylist(res)
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.status(400)
         .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
         .end()

      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.status(400)
         .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
         .end()

      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
    ),

    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
    body('privacy')
      .optional()
      .customSanitizer(toIntOrNull)
      .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
    body('videoChannelId')
      .optional()
      .customSanitizer(toIntOrNull)
  ] as (ValidationChain | express.Handler)[]
}

function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
       .end()

    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another user' })
       .end()

    return false
  }

  return true
}

function getPlaylist (res: express.Response) {
  return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
}
Commit	Line	Data
418d092a	1	import * as express from 'express'
c8861d5d	2	import { body, param, query, ValidationChain } from 'express-validator'
c5e4e36d	3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
418d092a	4	import { logger } from '../../../helpers/logger'
418d092a	5	import { areValidationErrors } from '../utils'
3e753302	6	import { isVideoImage } from '../../../helpers/custom-validators/videos'
74dc3bca	7	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
c8861d5d C	8	import {
	9	isArrayOf,
	10	isIdOrUUIDValid,
	11	isIdValid,
	12	isUUIDValid,
	13	toIntArray,
	14	toIntOrNull,
	15	toValueOrNull
	16	} from '../../../helpers/custom-validators/misc'
418d092a	17	import {
9f79ade6	18	isVideoPlaylistDescriptionValid,
418d092a	19	isVideoPlaylistNameValid,
df0b219d C	20	isVideoPlaylistPrivacyValid,
	21	isVideoPlaylistTimestampValid,
	22	isVideoPlaylistTypeValid
418d092a	23	} from '../../../helpers/custom-validators/video-playlists'
418d092a	24	import { cleanUpReqFiles } from '../../../helpers/express-utils'
418d092a	25	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
418d092a C	26	import { authenticatePromiseIfNeeded } from '../../oauth'
418d092a C	27	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
df0b219d	28	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
453e83ea C	29	import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares'
	30	import { MVideoPlaylist } from '../../../typings/models/video/video-playlist'
	31	import { MUserAccountId } from '@server/typings/models'
418d092a C	32
418d092a C	33	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
1b319b7a C	34	body('displayName')
	35	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	36
418d092a C	37	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	38	logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
	39
	40	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	41
c5e4e36d	42	const body: VideoPlaylistCreate = req.body
0f6acda1	43	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d C	44
	45	if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
	46	cleanUpReqFiles(req)
	47	return res.status(400)
	48	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	49	}
418d092a C	50
	51	return next()
	52	}
	53	])
	54
	55	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
	56	param('playlistId')
	57	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	58
1b319b7a C	59	body('displayName')
	60	.optional()
	61	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	62
418d092a C	63	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	64	logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
	65
	66	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	67
0f6acda1	68	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a	69
453e83ea	70	const videoPlaylist = getPlaylist(res)
07b1a18a	71
453e83ea	72	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	73	return cleanUpReqFiles(req)
	74	}
	75
c5e4e36d C	76	const body: VideoPlaylistUpdate = req.body
c5e4e36d C	77
c5e4e36d C	78	const newPrivacy = body.privacy \|\| videoPlaylist.privacy
	79	if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
	80	(
	81	(!videoPlaylist.videoChannelId && !body.videoChannelId) \|\|
	82	body.videoChannelId === null
	83	)
	84	) {
	85	cleanUpReqFiles(req)
	86	return res.status(400)
	87	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	88	}
	89
df0b219d C	90	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
df0b219d C	91	cleanUpReqFiles(req)
c5e4e36d	92	return res.status(400)
df0b219d C	93	.json({ error: 'Cannot update a watch later playlist.' })
	94	}
	95
0f6acda1	96	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a C	97
	98	return next()
	99	}
	100	])
	101
	102	const videoPlaylistsDeleteValidator = [
	103	param('playlistId')
	104	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	105
	106	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	107	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
	108
	109	if (areValidationErrors(req, res)) return
	110
0f6acda1	111	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d	112
453e83ea	113	const videoPlaylist = getPlaylist(res)
df0b219d	114	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
c5e4e36d	115	return res.status(400)
df0b219d C	116	.json({ error: 'Cannot delete a watch later playlist.' })
	117	}
	118
453e83ea	119	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	120	return
	121	}
	122
	123	return next()
	124	}
	125	]
	126
453e83ea C	127	const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
	128	return [
	129	param('playlistId')
	130	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
418d092a	131
453e83ea C	132	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
453e83ea C	133	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
418d092a	134
453e83ea	135	if (areValidationErrors(req, res)) return
418d092a	136
453e83ea	137	if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
418d092a	138
453e83ea	139	const videoPlaylist = res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
07b1a18a	140
453e83ea C	141	// Video is unlisted, check we used the uuid to fetch it
	142	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
	143	if (isUUIDValid(req.params.playlistId)) return next()
07b1a18a	144
453e83ea C	145	return res.status(404).end()
453e83ea C	146	}
07b1a18a	147
453e83ea C	148	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
453e83ea C	149	await authenticatePromiseIfNeeded(req, res)
418d092a	150
453e83ea	151	const user = res.locals.oauth ? res.locals.oauth.token.User : null
4d09cfba	152
453e83ea C	153	if (
	154	!user \|\|
	155	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
	156	) {
	157	return res.status(403)
	158	.json({ error: 'Cannot get this private video playlist.' })
	159	}
	160
	161	return next()
418d092a C	162	}
	163
	164	return next()
	165	}
453e83ea C	166	]
453e83ea C	167	}
418d092a C	168
	169	const videoPlaylistsAddVideoValidator = [
	170	param('playlistId')
	171	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	172	body('videoId')
	173	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
	174	body('startTimestamp')
	175	.optional()
df0b219d	176	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	177	body('stopTimestamp')
418d092a C	178	.optional()
df0b219d	179	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	180
	181	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	182	logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
	183
	184	if (areValidationErrors(req, res)) return
	185
0f6acda1 C	186	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	187	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a	188
453e83ea C	189	const videoPlaylist = getPlaylist(res)
453e83ea C	190	const video = res.locals.onlyVideo
418d092a C	191
	192	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	193	if (videoPlaylistElement) {
	194	res.status(409)
	195	.json({ error: 'This video in this playlist already exists' })
	196	.end()
	197
	198	return
	199	}
	200
453e83ea	201	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	202	return
	203	}
	204
	205	return next()
	206	}
	207	]
	208
	209	const videoPlaylistsUpdateOrRemoveVideoValidator = [
	210	param('playlistId')
	211	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
bfbd9128 C	212	param('playlistElementId')
bfbd9128 C	213	.custom(isIdValid).withMessage('Should have an element id/uuid'),
418d092a C	214	body('startTimestamp')
418d092a C	215	.optional()
df0b219d	216	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	217	body('stopTimestamp')
418d092a C	218	.optional()
df0b219d	219	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	220
	221	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	222	logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
	223
	224	if (areValidationErrors(req, res)) return
	225
0f6acda1	226	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	227
453e83ea	228	const videoPlaylist = getPlaylist(res)
418d092a	229
bfbd9128	230	const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
418d092a C	231	if (!videoPlaylistElement) {
	232	res.status(404)
	233	.json({ error: 'Video playlist element not found' })
	234	.end()
	235
	236	return
	237	}
	238	res.locals.videoPlaylistElement = videoPlaylistElement
	239
	240	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	241
	242	return next()
	243	}
	244	]
	245
	246	const videoPlaylistElementAPGetValidator = [
	247	param('playlistId')
	248	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	249	param('videoId')
	250	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	251
	252	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	253	logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
	254
	255	if (areValidationErrors(req, res)) return
	256
	257	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
	258	if (!videoPlaylistElement) {
	259	res.status(404)
	260	.json({ error: 'Video playlist element not found' })
	261	.end()
	262
	263	return
	264	}
	265
	266	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	267	return res.status(403).end()
	268	}
	269
b5fecbf4	270	res.locals.videoPlaylistElementAP = videoPlaylistElement
418d092a C	271
	272	return next()
	273	}
	274	]
	275
	276	const videoPlaylistsReorderVideosValidator = [
	277	param('playlistId')
	278	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	279	body('startPosition')
	280	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
	281	body('insertAfterPosition')
	282	.isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
	283	body('reorderLength')
	284	.optional()
	285	.isInt({ min: 1 }).withMessage('Should have a valid range length'),
	286
	287	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	288	logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
	289
	290	if (areValidationErrors(req, res)) return
	291
0f6acda1	292	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	293
453e83ea	294	const videoPlaylist = getPlaylist(res)
418d092a C	295	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
418d092a C	296
07b1a18a C	297	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	298	const startPosition: number = req.body.startPosition
	299	const insertAfterPosition: number = req.body.insertAfterPosition
	300	const reorderLength: number = req.body.reorderLength
	301
	302	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
	303	res.status(400)
	304	.json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
	305	.end()
	306
	307	return
	308	}
	309
	310	if (reorderLength && reorderLength + startPosition > nextPosition) {
	311	res.status(400)
	312	.json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
	313	.end()
	314
	315	return
	316	}
	317
418d092a C	318	return next()
	319	}
	320	]
	321
df0b219d C	322	const commonVideoPlaylistFiltersValidator = [
	323	query('playlistType')
	324	.optional()
	325	.custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
	326
	327	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	328	logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
	329
	330	if (areValidationErrors(req, res)) return
	331
	332	return next()
	333	}
	334	]
	335
f0a39880 C	336	const doVideosInPlaylistExistValidator = [
	337	query('videoIds')
	338	.customSanitizer(toIntArray)
	339	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	340
	341	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	342	logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
	343
	344	if (areValidationErrors(req, res)) return
	345
	346	return next()
	347	}
	348	]
	349
418d092a C	350	// ---------------------------------------------------------------------------
	351
	352	export {
	353	videoPlaylistsAddValidator,
	354	videoPlaylistsUpdateValidator,
	355	videoPlaylistsDeleteValidator,
	356	videoPlaylistsGetValidator,
	357
	358	videoPlaylistsAddVideoValidator,
	359	videoPlaylistsUpdateOrRemoveVideoValidator,
	360	videoPlaylistsReorderVideosValidator,
	361
df0b219d C	362	videoPlaylistElementAPGetValidator,
df0b219d C	363
f0a39880 C	364	commonVideoPlaylistFiltersValidator,
	365
	366	doVideosInPlaylistExistValidator
418d092a C	367	}
	368
	369	// ---------------------------------------------------------------------------
	370
	371	function getCommonPlaylistEditAttributes () {
	372	return [
	373	body('thumbnailfile')
	374	.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
	375	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
	376	+ CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	377	),
	378
418d092a C	379	body('description')
	380	.optional()
	381	.customSanitizer(toValueOrNull)
	382	.custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
	383	body('privacy')
	384	.optional()
c8861d5d	385	.customSanitizer(toIntOrNull)
418d092a C	386	.custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
	387	body('videoChannelId')
	388	.optional()
c8861d5d	389	.customSanitizer(toIntOrNull)
418d092a C	390	] as (ValidationChain \| express.Handler)[]
	391	}
	392
453e83ea	393	function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
418d092a C	394	if (videoPlaylist.isOwned() === false) {
	395	res.status(403)
	396	.json({ error: 'Cannot manage video playlist of another server.' })
	397	.end()
	398
	399	return false
	400	}
	401
	402	// Check if the user can manage the video playlist
	403	// The user can delete it if s/he is an admin
	404	// Or if s/he is the video playlist's owner
	405	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
	406	res.status(403)
	407	.json({ error: 'Cannot manage video playlist of another user' })
	408	.end()
	409
	410	return false
	411	}
	412
	413	return true
	414	}
453e83ea C	415
	416	function getPlaylist (res: express.Response) {
	417	return res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
	418	}