]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/middlewares/validators/videos/video-playlists.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'release/4.3.0' into develop
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts
CommitLineData
41fb13c3 1import express from 'express'
c8861d5d 2import { body, param, query, ValidationChain } from 'express-validator'
f8360396 3import { ExpressPromiseHandler } from '@server/types/express-handler'
ba5a8d89 4import { MUserAccountId } from '@server/types/models'
d17c7b4e
C		 5import {
6 HttpStatusCode,
7 UserRight,
8 VideoPlaylistCreate,
9 VideoPlaylistPrivacy,
10 VideoPlaylistType,
11 VideoPlaylistUpdate
12} from '@shared/models'
c8861d5d
C		 13import {
14 isArrayOf,
15 isIdOrUUIDValid,
16 isIdValid,
17 isUUIDValid,
d4a8e7a6 18 toCompleteUUID,
c8861d5d
C		 19 toIntArray,
20 toIntOrNull,
21 toValueOrNull
22} from '../../../helpers/custom-validators/misc'
418d092a 23import {
9f79ade6 24 isVideoPlaylistDescriptionValid,
418d092a 25 isVideoPlaylistNameValid,
df0b219d
C		 26 isVideoPlaylistPrivacyValid,
27 isVideoPlaylistTimestampValid,
28 isVideoPlaylistTypeValid
418d092a 29} from '../../../helpers/custom-validators/video-playlists'
c729caf6 30import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
418d092a 31import { cleanUpReqFiles } from '../../../helpers/express-utils'
ba5a8d89
C		 32import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
33import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
26d6bf65 34import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
2c2befaa 35import { authenticatePromise } from '../../auth'
d4a8e7a6
C		 36import {
37 areValidationErrors,
38 doesVideoChannelIdExist,
39 doesVideoExist,
40 doesVideoPlaylistExist,
41 isValidPlaylistIdParam,
42 VideoPlaylistFetchType
43} from '../shared'
418d092a
C		 44
45const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
1b319b7a 46 body('displayName')
396f6f01 47 .custom(isVideoPlaylistNameValid),
1b319b7a 48
418d092a 49 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 50 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
51
c5e4e36d 52 const body: VideoPlaylistCreate = req.body
0f6acda1 53 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d 54
d4a8e7a6
C		 55 if (
56 !body.videoChannelId &&
57 (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
58 ) {
c5e4e36d 59 cleanUpReqFiles(req)
76148b27 60
d4a8e7a6 61 return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
c5e4e36d 62 }
418d092a
C		 63
64 return next()
65 }
66])
67
68const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
d4a8e7a6 69 isValidPlaylistIdParam('playlistId'),
418d092a 70
1b319b7a
C		 71 body('displayName')
72 .optional()
396f6f01 73 .custom(isVideoPlaylistNameValid),
1b319b7a 74
418d092a 75 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 76 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
77
0f6acda1 78 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a 79
453e83ea 80 const videoPlaylist = getPlaylist(res)
07b1a18a 81
453e83ea 82 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a
C		 83 return cleanUpReqFiles(req)
84 }
85
c5e4e36d
C		 86 const body: VideoPlaylistUpdate = req.body
87
c5e4e36d
C		 88 const newPrivacy = body.privacy || videoPlaylist.privacy
89 if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
90 (
91 (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
92 body.videoChannelId === null
93 )
94 ) {
95 cleanUpReqFiles(req)
76148b27
RK		 96
97 return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
c5e4e36d
C		 98 }
99
df0b219d
C		 100 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
101 cleanUpReqFiles(req)
76148b27
RK		 102
103 return res.fail({ message: 'Cannot update a watch later playlist.' })
df0b219d
C		 104 }
105
0f6acda1 106 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a
C		 107
108 return next()
109 }
110])
111
112const videoPlaylistsDeleteValidator = [
d4a8e7a6 113 isValidPlaylistIdParam('playlistId'),
418d092a
C		 114
115 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 116 if (areValidationErrors(req, res)) return
117
0f6acda1 118 if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d 119
453e83ea 120 const videoPlaylist = getPlaylist(res)
df0b219d 121 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
76148b27 122 return res.fail({ message: 'Cannot delete a watch later playlist.' })
df0b219d
C		 123 }
124
453e83ea 125 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a
C		 126 return
127 }
128
129 return next()
130 }
131]
132
453e83ea
C		 133const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
134 return [
d4a8e7a6 135 isValidPlaylistIdParam('playlistId'),
418d092a 136
453e83ea 137 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
453e83ea 138 if (areValidationErrors(req, res)) return
418d092a 139
453e83ea 140 if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
418d092a 141
453e83ea 142 const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
07b1a18a 143
453e83ea
C		 144 // Video is unlisted, check we used the uuid to fetch it
145 if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
146 if (isUUIDValid(req.params.playlistId)) return next()
07b1a18a 147
76148b27
RK		 148 return res.fail({
149 status: HttpStatusCode.NOT_FOUND_404,
150 message: 'Playlist not found'
151 })
453e83ea 152 }
07b1a18a 153
453e83ea 154 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
2c2befaa 155 await authenticatePromise(req, res)
418d092a 156
453e83ea 157 const user = res.locals.oauth ? res.locals.oauth.token.User : null
4d09cfba 158
453e83ea
C		 159 if (
160 !user ||
161 (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
162 ) {
76148b27
RK		 163 return res.fail({
164 status: HttpStatusCode.FORBIDDEN_403,
165 message: 'Cannot get this private video playlist.'
166 })
453e83ea
C		 167 }
168
169 return next()
418d092a
C		 170 }
171
172 return next()
173 }
453e83ea
C		 174 ]
175}
418d092a 176
c06af501 177const videoPlaylistsSearchValidator = [
396f6f01
C		 178 query('search')
179 .optional()
180 .not().isEmpty(),
c06af501
RK		 181
182 (req: express.Request, res: express.Response, next: express.NextFunction) => {
c06af501
RK		 183 if (areValidationErrors(req, res)) return
184
185 return next()
186 }
187]
188
418d092a 189const videoPlaylistsAddVideoValidator = [
d4a8e7a6
C		 190 isValidPlaylistIdParam('playlistId'),
191
418d092a 192 body('videoId')
d4a8e7a6 193 .customSanitizer(toCompleteUUID)
396f6f01 194 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
418d092a
C		 195 body('startTimestamp')
196 .optional()
396f6f01 197 .custom(isVideoPlaylistTimestampValid),
418d092a
C		 198 body('stopTimestamp')
199 .optional()
396f6f01 200 .custom(isVideoPlaylistTimestampValid),
418d092a
C		 201
202 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 203 if (areValidationErrors(req, res)) return
204
0f6acda1
C		 205 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
206 if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a 207
453e83ea 208 const videoPlaylist = getPlaylist(res)
418d092a 209
453e83ea 210 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
418d092a
C		 211 return
212 }
213
214 return next()
215 }
216]
217
218const videoPlaylistsUpdateOrRemoveVideoValidator = [
d4a8e7a6 219 isValidPlaylistIdParam('playlistId'),
bfbd9128 220 param('playlistElementId')
d4a8e7a6 221 .customSanitizer(toCompleteUUID)
396f6f01 222 .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
418d092a
C		 223 body('startTimestamp')
224 .optional()
396f6f01 225 .custom(isVideoPlaylistTimestampValid),
418d092a
C		 226 body('stopTimestamp')
227 .optional()
396f6f01 228 .custom(isVideoPlaylistTimestampValid),
418d092a
C		 229
230 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 231 if (areValidationErrors(req, res)) return
232
0f6acda1 233 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a 234
453e83ea 235 const videoPlaylist = getPlaylist(res)
418d092a 236
bfbd9128 237 const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
418d092a 238 if (!videoPlaylistElement) {
76148b27
RK		 239 res.fail({
240 status: HttpStatusCode.NOT_FOUND_404,
241 message: 'Video playlist element not found'
242 })
418d092a
C		 243 return
244 }
245 res.locals.videoPlaylistElement = videoPlaylistElement
246
247 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
248
249 return next()
250 }
251]
252
253const videoPlaylistElementAPGetValidator = [
d4a8e7a6 254 isValidPlaylistIdParam('playlistId'),
37190663 255 param('playlistElementId')
396f6f01 256 .custom(isIdValid),
418d092a
C		 257
258 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 259 if (areValidationErrors(req, res)) return
260
37190663
C		 261 const playlistElementId = parseInt(req.params.playlistElementId + '', 10)
262 const playlistId = req.params.playlistId
263
264 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
418d092a 265 if (!videoPlaylistElement) {
76148b27
RK		 266 res.fail({
267 status: HttpStatusCode.NOT_FOUND_404,
268 message: 'Video playlist element not found'
269 })
418d092a
C		 270 return
271 }
272
273 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
76148b27
RK		 274 return res.fail({
275 status: HttpStatusCode.FORBIDDEN_403,
276 message: 'Cannot get this private video playlist.'
277 })
418d092a
C		 278 }
279
b5fecbf4 280 res.locals.videoPlaylistElementAP = videoPlaylistElement
418d092a
C		 281
282 return next()
283 }
284]
285
286const videoPlaylistsReorderVideosValidator = [
d4a8e7a6 287 isValidPlaylistIdParam('playlistId'),
396f6f01 288
418d092a 289 body('startPosition')
396f6f01 290 .isInt({ min: 1 }),
418d092a 291 body('insertAfterPosition')
396f6f01 292 .isInt({ min: 0 }),
418d092a
C		 293 body('reorderLength')
294 .optional()
396f6f01 295 .isInt({ min: 1 }),
418d092a
C		 296
297 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a
C		 298 if (areValidationErrors(req, res)) return
299
0f6acda1 300 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a 301
453e83ea 302 const videoPlaylist = getPlaylist(res)
418d092a
C		 303 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
304
07b1a18a
C		 305 const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
306 const startPosition: number = req.body.startPosition
307 const insertAfterPosition: number = req.body.insertAfterPosition
308 const reorderLength: number = req.body.reorderLength
309
310 if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
76148b27 311 res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
07b1a18a
C		 312 return
313 }
314
315 if (reorderLength && reorderLength + startPosition > nextPosition) {
76148b27 316 res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
07b1a18a
C		 317 return
318 }
319
418d092a
C		 320 return next()
321 }
322]
323
df0b219d
C		 324const commonVideoPlaylistFiltersValidator = [
325 query('playlistType')
326 .optional()
396f6f01 327 .custom(isVideoPlaylistTypeValid),
df0b219d
C		 328
329 (req: express.Request, res: express.Response, next: express.NextFunction) => {
df0b219d
C		 330 if (areValidationErrors(req, res)) return
331
332 return next()
333 }
334]
335
f0a39880
C		 336const doVideosInPlaylistExistValidator = [
337 query('videoIds')
338 .customSanitizer(toIntArray)
339 .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
340
341 (req: express.Request, res: express.Response, next: express.NextFunction) => {
f0a39880
C		 342 if (areValidationErrors(req, res)) return
343
344 return next()
345 }
346]
347
418d092a
C		 348// ---------------------------------------------------------------------------
349
350export {
351 videoPlaylistsAddValidator,
352 videoPlaylistsUpdateValidator,
353 videoPlaylistsDeleteValidator,
354 videoPlaylistsGetValidator,
c06af501 355 videoPlaylistsSearchValidator,
418d092a
C		 356
357 videoPlaylistsAddVideoValidator,
358 videoPlaylistsUpdateOrRemoveVideoValidator,
359 videoPlaylistsReorderVideosValidator,
360
df0b219d
C		 361 videoPlaylistElementAPGetValidator,
362
f0a39880
C		 363 commonVideoPlaylistFiltersValidator,
364
365 doVideosInPlaylistExistValidator
418d092a
C		 366}
367
368// ---------------------------------------------------------------------------
369
370function getCommonPlaylistEditAttributes () {
371 return [
372 body('thumbnailfile')
c729caf6 373 .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
a1587156
C		 374 .withMessage(
375 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
376 CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
377 ),
418d092a 378
418d092a
C		 379 body('description')
380 .optional()
381 .customSanitizer(toValueOrNull)
396f6f01 382 .custom(isVideoPlaylistDescriptionValid),
418d092a
C		 383 body('privacy')
384 .optional()
c8861d5d 385 .customSanitizer(toIntOrNull)
396f6f01 386 .custom(isVideoPlaylistPrivacyValid),
418d092a
C		 387 body('videoChannelId')
388 .optional()
c8861d5d 389 .customSanitizer(toIntOrNull)
ba5a8d89 390 ] as (ValidationChain | ExpressPromiseHandler)[]
418d092a
C		 391}
392
453e83ea 393function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
418d092a 394 if (videoPlaylist.isOwned() === false) {
76148b27
RK		 395 res.fail({
396 status: HttpStatusCode.FORBIDDEN_403,
397 message: 'Cannot manage video playlist of another server.'
398 })
418d092a
C		 399 return false
400 }
401
402 // Check if the user can manage the video playlist
403 // The user can delete it if s/he is an admin
404 // Or if s/he is the video playlist's owner
405 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
76148b27
RK		 406 res.fail({
407 status: HttpStatusCode.FORBIDDEN_403,
408 message: 'Cannot manage video playlist of another user'
409 })
418d092a
C		 410 return false
411 }
412
413 return true
414}
453e83ea
C		 415
416function getPlaylist (res: express.Response) {
417 return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
418}
ActivityPub-federated video streaming platform using P2P directly in your web browser