[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import * as express from 'express'
import { body, param, query, ValidationChain } from 'express-validator'
import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { UserModel } from '../../../models/account/user'
import { areValidationErrors } from '../utils'
import { isVideoImage } from '../../../helpers/custom-validators/videos'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import {
  isArrayOf,
  isIdOrUUIDValid,
  isIdValid,
  isUUIDValid,
  toIntArray,
  toIntOrNull,
  toValueOrNull
} from '../../../helpers/custom-validators/misc'
import {
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { VideoPlaylistModel } from '../../../models/video/video-playlist'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { authenticatePromiseIfNeeded } from '../../oauth'
import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  body('displayName')
    .optional()
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = res.locals.videoPlaylist

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    const body: VideoPlaylistUpdate = req.body

    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot update a watch later playlist.' })
    }

    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist

    // Video is unlisted, check we used the uuid to fetch it
    if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
      if (isUUIDValid(req.params.playlistId)) return next()

      return res.status(404).end()
    }

    if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      await authenticatePromiseIfNeeded(req, res)

      const user = res.locals.oauth ? res.locals.oauth.token.User : null

      if (
        !user ||
        (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
      ) {
        return res.status(403)
                  .json({ error: 'Cannot get this private video playlist.' })
      }

      return next()
    }

    return next()
  }
]

const videoPlaylistsAddVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist = res.locals.videoPlaylist
    const video = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
      res.status(409)
         .json({ error: 'This video in this playlist already exists' })
         .end()

      return
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('playlistElementId')
    .custom(isIdValid).withMessage('Should have an element id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = res.locals.videoPlaylist

    const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.status(403).end()
    }

    res.locals.videoPlaylistElement = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')
    .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }).withMessage('Should have a valid range length'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = res.locals.videoPlaylist
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.status(400)
         .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
         .end()

      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.status(400)
         .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
         .end()

      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
    ),

    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
    body('privacy')
      .optional()
      .customSanitizer(toIntOrNull)
      .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
    body('videoChannelId')
      .optional()
      .customSanitizer(toIntOrNull)
  ] as (ValidationChain | express.Handler)[]
}

function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
       .end()

    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another user' })
       .end()

    return false
  }

  return true
}
Commit	Line	Data
418d092a	1	import * as express from 'express'
c8861d5d	2	import { body, param, query, ValidationChain } from 'express-validator'
c5e4e36d	3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
418d092a C	4	import { logger } from '../../../helpers/logger'
	5	import { UserModel } from '../../../models/account/user'
	6	import { areValidationErrors } from '../utils'
3e753302	7	import { isVideoImage } from '../../../helpers/custom-validators/videos'
74dc3bca	8	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
c8861d5d C	9	import {
	10	isArrayOf,
	11	isIdOrUUIDValid,
	12	isIdValid,
	13	isUUIDValid,
	14	toIntArray,
	15	toIntOrNull,
	16	toValueOrNull
	17	} from '../../../helpers/custom-validators/misc'
418d092a	18	import {
9f79ade6	19	isVideoPlaylistDescriptionValid,
418d092a	20	isVideoPlaylistNameValid,
df0b219d C	21	isVideoPlaylistPrivacyValid,
	22	isVideoPlaylistTimestampValid,
	23	isVideoPlaylistTypeValid
418d092a C	24	} from '../../../helpers/custom-validators/video-playlists'
	25	import { VideoPlaylistModel } from '../../../models/video/video-playlist'
	26	import { cleanUpReqFiles } from '../../../helpers/express-utils'
418d092a	27	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
418d092a C	28	import { authenticatePromiseIfNeeded } from '../../oauth'
418d092a C	29	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
df0b219d	30	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
3e753302	31	import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'
418d092a C	32
418d092a C	33	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
1b319b7a C	34	body('displayName')
	35	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	36
418d092a C	37	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	38	logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
	39
	40	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	41
c5e4e36d	42	const body: VideoPlaylistCreate = req.body
0f6acda1	43	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d C	44
	45	if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
	46	cleanUpReqFiles(req)
	47	return res.status(400)
	48	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	49	}
418d092a C	50
	51	return next()
	52	}
	53	])
	54
	55	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
	56	param('playlistId')
	57	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	58
1b319b7a C	59	body('displayName')
	60	.optional()
	61	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	62
418d092a C	63	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	64	logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
	65
	66	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	67
0f6acda1	68	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a C	69
	70	const videoPlaylist = res.locals.videoPlaylist
	71
418d092a C	72	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	73	return cleanUpReqFiles(req)
	74	}
	75
c5e4e36d C	76	const body: VideoPlaylistUpdate = req.body
c5e4e36d C	77
c5e4e36d C	78	const newPrivacy = body.privacy \|\| videoPlaylist.privacy
	79	if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
	80	(
	81	(!videoPlaylist.videoChannelId && !body.videoChannelId) \|\|
	82	body.videoChannelId === null
	83	)
	84	) {
	85	cleanUpReqFiles(req)
	86	return res.status(400)
	87	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	88	}
	89
df0b219d C	90	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
df0b219d C	91	cleanUpReqFiles(req)
c5e4e36d	92	return res.status(400)
df0b219d C	93	.json({ error: 'Cannot update a watch later playlist.' })
	94	}
	95
0f6acda1	96	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a C	97
	98	return next()
	99	}
	100	])
	101
	102	const videoPlaylistsDeleteValidator = [
	103	param('playlistId')
	104	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	105
	106	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	107	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
	108
	109	if (areValidationErrors(req, res)) return
	110
0f6acda1	111	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d	112
dae86118	113	const videoPlaylist = res.locals.videoPlaylist
df0b219d	114	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
c5e4e36d	115	return res.status(400)
df0b219d C	116	.json({ error: 'Cannot delete a watch later playlist.' })
	117	}
	118
418d092a C	119	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	120	return
	121	}
	122
	123	return next()
	124	}
	125	]
	126
	127	const videoPlaylistsGetValidator = [
	128	param('playlistId')
	129	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	130
	131	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	132	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
	133
	134	if (areValidationErrors(req, res)) return
	135
0f6acda1	136	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
418d092a	137
dae86118	138	const videoPlaylist = res.locals.videoPlaylist
07b1a18a C	139
	140	// Video is unlisted, check we used the uuid to fetch it
	141	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
	142	if (isUUIDValid(req.params.playlistId)) return next()
	143
	144	return res.status(404).end()
	145	}
	146
418d092a C	147	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	148	await authenticatePromiseIfNeeded(req, res)
	149
dae86118	150	const user = res.locals.oauth ? res.locals.oauth.token.User : null
4d09cfba	151
418d092a C	152	if (
418d092a C	153	!user \|\|
4d09cfba	154	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
418d092a C	155	) {
	156	return res.status(403)
	157	.json({ error: 'Cannot get this private video playlist.' })
	158	}
	159
	160	return next()
	161	}
	162
	163	return next()
	164	}
	165	]
	166
	167	const videoPlaylistsAddVideoValidator = [
	168	param('playlistId')
	169	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	170	body('videoId')
	171	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
	172	body('startTimestamp')
	173	.optional()
df0b219d	174	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	175	body('stopTimestamp')
418d092a C	176	.optional()
df0b219d	177	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	178
	179	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	180	logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
	181
	182	if (areValidationErrors(req, res)) return
	183
0f6acda1 C	184	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	185	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a	186
dae86118 C	187	const videoPlaylist = res.locals.videoPlaylist
dae86118 C	188	const video = res.locals.video
418d092a C	189
	190	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	191	if (videoPlaylistElement) {
	192	res.status(409)
	193	.json({ error: 'This video in this playlist already exists' })
	194	.end()
	195
	196	return
	197	}
	198
	199	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
	200	return
	201	}
	202
	203	return next()
	204	}
	205	]
	206
	207	const videoPlaylistsUpdateOrRemoveVideoValidator = [
	208	param('playlistId')
	209	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
bfbd9128 C	210	param('playlistElementId')
bfbd9128 C	211	.custom(isIdValid).withMessage('Should have an element id/uuid'),
418d092a C	212	body('startTimestamp')
418d092a C	213	.optional()
df0b219d	214	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	215	body('stopTimestamp')
418d092a C	216	.optional()
df0b219d	217	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	218
	219	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	220	logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
	221
	222	if (areValidationErrors(req, res)) return
	223
0f6acda1	224	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	225
dae86118	226	const videoPlaylist = res.locals.videoPlaylist
418d092a	227
bfbd9128	228	const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
418d092a C	229	if (!videoPlaylistElement) {
	230	res.status(404)
	231	.json({ error: 'Video playlist element not found' })
	232	.end()
	233
	234	return
	235	}
	236	res.locals.videoPlaylistElement = videoPlaylistElement
	237
	238	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	239
	240	return next()
	241	}
	242	]
	243
	244	const videoPlaylistElementAPGetValidator = [
	245	param('playlistId')
	246	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	247	param('videoId')
	248	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	249
	250	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	251	logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
	252
	253	if (areValidationErrors(req, res)) return
	254
	255	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
	256	if (!videoPlaylistElement) {
	257	res.status(404)
	258	.json({ error: 'Video playlist element not found' })
	259	.end()
	260
	261	return
	262	}
	263
	264	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	265	return res.status(403).end()
	266	}
	267
	268	res.locals.videoPlaylistElement = videoPlaylistElement
	269
	270	return next()
	271	}
	272	]
	273
	274	const videoPlaylistsReorderVideosValidator = [
	275	param('playlistId')
	276	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	277	body('startPosition')
	278	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
	279	body('insertAfterPosition')
	280	.isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
	281	body('reorderLength')
	282	.optional()
	283	.isInt({ min: 1 }).withMessage('Should have a valid range length'),
	284
	285	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	286	logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
	287
	288	if (areValidationErrors(req, res)) return
	289
0f6acda1	290	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	291
dae86118	292	const videoPlaylist = res.locals.videoPlaylist
418d092a C	293	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
418d092a C	294
07b1a18a C	295	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	296	const startPosition: number = req.body.startPosition
	297	const insertAfterPosition: number = req.body.insertAfterPosition
	298	const reorderLength: number = req.body.reorderLength
	299
	300	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
	301	res.status(400)
	302	.json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
	303	.end()
	304
	305	return
	306	}
	307
	308	if (reorderLength && reorderLength + startPosition > nextPosition) {
	309	res.status(400)
	310	.json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
	311	.end()
	312
	313	return
	314	}
	315
418d092a C	316	return next()
	317	}
	318	]
	319
df0b219d C	320	const commonVideoPlaylistFiltersValidator = [
	321	query('playlistType')
	322	.optional()
	323	.custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
	324
	325	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	326	logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
	327
	328	if (areValidationErrors(req, res)) return
	329
	330	return next()
	331	}
	332	]
	333
f0a39880 C	334	const doVideosInPlaylistExistValidator = [
	335	query('videoIds')
	336	.customSanitizer(toIntArray)
	337	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	338
	339	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	340	logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
	341
	342	if (areValidationErrors(req, res)) return
	343
	344	return next()
	345	}
	346	]
	347
418d092a C	348	// ---------------------------------------------------------------------------
	349
	350	export {
	351	videoPlaylistsAddValidator,
	352	videoPlaylistsUpdateValidator,
	353	videoPlaylistsDeleteValidator,
	354	videoPlaylistsGetValidator,
	355
	356	videoPlaylistsAddVideoValidator,
	357	videoPlaylistsUpdateOrRemoveVideoValidator,
	358	videoPlaylistsReorderVideosValidator,
	359
df0b219d C	360	videoPlaylistElementAPGetValidator,
df0b219d C	361
f0a39880 C	362	commonVideoPlaylistFiltersValidator,
	363
	364	doVideosInPlaylistExistValidator
418d092a C	365	}
	366
	367	// ---------------------------------------------------------------------------
	368
	369	function getCommonPlaylistEditAttributes () {
	370	return [
	371	body('thumbnailfile')
	372	.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
	373	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
	374	+ CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	375	),
	376
418d092a C	377	body('description')
	378	.optional()
	379	.customSanitizer(toValueOrNull)
	380	.custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
	381	body('privacy')
	382	.optional()
c8861d5d	383	.customSanitizer(toIntOrNull)
418d092a C	384	.custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
	385	body('videoChannelId')
	386	.optional()
c8861d5d	387	.customSanitizer(toIntOrNull)
418d092a C	388	] as (ValidationChain \| express.Handler)[]
	389	}
	390
	391	function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
	392	if (videoPlaylist.isOwned() === false) {
	393	res.status(403)
	394	.json({ error: 'Cannot manage video playlist of another server.' })
	395	.end()
	396
	397	return false
	398	}
	399
	400	// Check if the user can manage the video playlist
	401	// The user can delete it if s/he is an admin
	402	// Or if s/he is the video playlist's owner
	403	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
	404	res.status(403)
	405	.json({ error: 'Cannot manage video playlist of another user' })
	406	.end()
	407
	408	return false
	409	}
	410
	411	return true
	412	}