[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import express from 'express'
import { body, param, query, ValidationChain } from 'express-validator'
import { ExpressPromiseHandler } from '@server/types/express-handler'
import { MUserAccountId } from '@server/types/models'
import { forceNumber } from '@shared/core-utils'
import {
  HttpStatusCode,
  UserRight,
  VideoPlaylistCreate,
  VideoPlaylistPrivacy,
  VideoPlaylistType,
  VideoPlaylistUpdate
} from '@shared/models'
import {
  isArrayOf,
  isIdOrUUIDValid,
  isIdValid,
  isUUIDValid,
  toCompleteUUID,
  toIntArray,
  toIntOrNull,
  toValueOrNull
} from '../../../helpers/custom-validators/misc'
import {
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
import { authenticatePromise } from '../../auth'
import {
  areValidationErrors,
  doesVideoChannelIdExist,
  doesVideoExist,
  doesVideoPlaylistExist,
  isValidPlaylistIdParam,
  VideoPlaylistFetchType
} from '../shared'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
    .custom(isVideoPlaylistNameValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    if (
      !body.videoChannelId &&
      (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
    ) {
      cleanUpReqFiles(req)

      return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
    }

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  isValidPlaylistIdParam('playlistId'),

  body('displayName')
    .optional()
    .custom(isVideoPlaylistNameValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = getPlaylist(res)

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    const body: VideoPlaylistUpdate = req.body

    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)

      return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)

      return res.fail({ message: 'Cannot update a watch later playlist.' })
    }

    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  isValidPlaylistIdParam('playlistId'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = getPlaylist(res)
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.fail({ message: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
  return [
    isValidPlaylistIdParam('playlistId'),

    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
      if (areValidationErrors(req, res)) return

      if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return

      const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary

      // Playlist is unlisted, check we used the uuid to fetch it
      if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
        if (isUUIDValid(req.params.playlistId)) return next()

        return res.fail({
          status: HttpStatusCode.NOT_FOUND_404,
          message: 'Playlist not found'
        })
      }

      if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
        await authenticatePromise(req, res)

        const user = res.locals.oauth ? res.locals.oauth.token.User : null

        if (
          !user ||
          (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
        ) {
          return res.fail({
            status: HttpStatusCode.FORBIDDEN_403,
            message: 'Cannot get this private video playlist.'
          })
        }

        return next()
      }

      return next()
    }
  ]
}

const videoPlaylistsSearchValidator = [
  query('search')
    .optional()
    .not().isEmpty(),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

const videoPlaylistsAddVideoValidator = [
  isValidPlaylistIdParam('playlistId'),

  body('videoId')
    .customSanitizer(toCompleteUUID)
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist = getPlaylist(res)

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  isValidPlaylistIdParam('playlistId'),
  param('playlistElementId')
    .customSanitizer(toCompleteUUID)
    .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = getPlaylist(res)

    const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
    if (!videoPlaylistElement) {
      res.fail({
        status: HttpStatusCode.NOT_FOUND_404,
        message: 'Video playlist element not found'
      })
      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  isValidPlaylistIdParam('playlistId'),
  param('playlistElementId')
    .custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    const playlistElementId = forceNumber(req.params.playlistElementId)
    const playlistId = req.params.playlistId

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
    if (!videoPlaylistElement) {
      res.fail({
        status: HttpStatusCode.NOT_FOUND_404,
        message: 'Video playlist element not found'
      })
      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.fail({
        status: HttpStatusCode.FORBIDDEN_403,
        message: 'Cannot get this private video playlist.'
      })
    }

    res.locals.videoPlaylistElementAP = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  isValidPlaylistIdParam('playlistId'),

  body('startPosition')
    .isInt({ min: 1 }),
  body('insertAfterPosition')
    .isInt({ min: 0 }),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = getPlaylist(res)
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,
  videoPlaylistsSearchValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
      .withMessage(
        'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
        CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
      ),

    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid),
    body('privacy')
      .optional()
      .customSanitizer(toIntOrNull)
      .custom(isVideoPlaylistPrivacyValid),
    body('videoChannelId')
      .optional()
      .customSanitizer(toIntOrNull)
  ] as (ValidationChain | ExpressPromiseHandler)[]
}

function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.fail({
      status: HttpStatusCode.FORBIDDEN_403,
      message: 'Cannot manage video playlist of another server.'
    })
    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.fail({
      status: HttpStatusCode.FORBIDDEN_403,
      message: 'Cannot manage video playlist of another user'
    })
    return false
  }

  return true
}

function getPlaylist (res: express.Response) {
  return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
}
Commit	Line	Data
41fb13c3	1	import express from 'express'
c8861d5d	2	import { body, param, query, ValidationChain } from 'express-validator'
f8360396	3	import { ExpressPromiseHandler } from '@server/types/express-handler'
ba5a8d89	4	import { MUserAccountId } from '@server/types/models'
4638cd71	5	import { forceNumber } from '@shared/core-utils'
d17c7b4e C	6	import {
	7	HttpStatusCode,
	8	UserRight,
	9	VideoPlaylistCreate,
	10	VideoPlaylistPrivacy,
	11	VideoPlaylistType,
	12	VideoPlaylistUpdate
	13	} from '@shared/models'
c8861d5d C	14	import {
	15	isArrayOf,
	16	isIdOrUUIDValid,
	17	isIdValid,
	18	isUUIDValid,
d4a8e7a6	19	toCompleteUUID,
c8861d5d C	20	toIntArray,
	21	toIntOrNull,
	22	toValueOrNull
	23	} from '../../../helpers/custom-validators/misc'
418d092a	24	import {
9f79ade6	25	isVideoPlaylistDescriptionValid,
418d092a	26	isVideoPlaylistNameValid,
df0b219d C	27	isVideoPlaylistPrivacyValid,
	28	isVideoPlaylistTimestampValid,
	29	isVideoPlaylistTypeValid
418d092a	30	} from '../../../helpers/custom-validators/video-playlists'
c729caf6	31	import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
418d092a	32	import { cleanUpReqFiles } from '../../../helpers/express-utils'
ba5a8d89 C	33	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
ba5a8d89 C	34	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
26d6bf65	35	import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
2c2befaa	36	import { authenticatePromise } from '../../auth'
d4a8e7a6 C	37	import {
	38	areValidationErrors,
	39	doesVideoChannelIdExist,
	40	doesVideoExist,
	41	doesVideoPlaylistExist,
	42	isValidPlaylistIdParam,
	43	VideoPlaylistFetchType
	44	} from '../shared'
418d092a C	45
418d092a C	46	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
1b319b7a	47	body('displayName')
396f6f01	48	.custom(isVideoPlaylistNameValid),
1b319b7a	49
418d092a	50	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	51	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
418d092a C	52
c5e4e36d	53	const body: VideoPlaylistCreate = req.body
0f6acda1	54	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d	55
d4a8e7a6 C	56	if (
	57	!body.videoChannelId &&
	58	(body.privacy === VideoPlaylistPrivacy.PUBLIC \|\| body.privacy === VideoPlaylistPrivacy.UNLISTED)
	59	) {
c5e4e36d	60	cleanUpReqFiles(req)
76148b27	61
d4a8e7a6	62	return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
c5e4e36d	63	}
418d092a C	64
	65	return next()
	66	}
	67	])
	68
	69	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
d4a8e7a6	70	isValidPlaylistIdParam('playlistId'),
418d092a	71
1b319b7a C	72	body('displayName')
1b319b7a C	73	.optional()
396f6f01	74	.custom(isVideoPlaylistNameValid),
1b319b7a	75
418d092a	76	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	77	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
418d092a C	78
0f6acda1	79	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a	80
453e83ea	81	const videoPlaylist = getPlaylist(res)
07b1a18a	82
453e83ea	83	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	84	return cleanUpReqFiles(req)
	85	}
	86
c5e4e36d C	87	const body: VideoPlaylistUpdate = req.body
c5e4e36d C	88
c5e4e36d C	89	const newPrivacy = body.privacy \|\| videoPlaylist.privacy
	90	if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
	91	(
	92	(!videoPlaylist.videoChannelId && !body.videoChannelId) \|\|
	93	body.videoChannelId === null
	94	)
	95	) {
	96	cleanUpReqFiles(req)
76148b27 RK	97
76148b27 RK	98	return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
c5e4e36d C	99	}
c5e4e36d C	100
df0b219d C	101	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
df0b219d C	102	cleanUpReqFiles(req)
76148b27 RK	103
76148b27 RK	104	return res.fail({ message: 'Cannot update a watch later playlist.' })
df0b219d C	105	}
df0b219d C	106
0f6acda1	107	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a C	108
	109	return next()
	110	}
	111	])
	112
	113	const videoPlaylistsDeleteValidator = [
d4a8e7a6	114	isValidPlaylistIdParam('playlistId'),
418d092a C	115
418d092a C	116	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	117	if (areValidationErrors(req, res)) return
418d092a C	118
0f6acda1	119	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d	120
453e83ea	121	const videoPlaylist = getPlaylist(res)
df0b219d	122	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
76148b27	123	return res.fail({ message: 'Cannot delete a watch later playlist.' })
df0b219d C	124	}
df0b219d C	125
453e83ea	126	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	127	return
	128	}
	129
	130	return next()
	131	}
	132	]
	133
453e83ea C	134	const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
453e83ea C	135	return [
d4a8e7a6	136	isValidPlaylistIdParam('playlistId'),
418d092a	137
453e83ea	138	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
453e83ea	139	if (areValidationErrors(req, res)) return
418d092a	140
453e83ea	141	if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
418d092a	142
453e83ea	143	const videoPlaylist = res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
07b1a18a	144
16ccb437	145	// Playlist is unlisted, check we used the uuid to fetch it
453e83ea C	146	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
453e83ea C	147	if (isUUIDValid(req.params.playlistId)) return next()
07b1a18a	148
76148b27 RK	149	return res.fail({
	150	status: HttpStatusCode.NOT_FOUND_404,
	151	message: 'Playlist not found'
	152	})
453e83ea	153	}
07b1a18a	154
453e83ea	155	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
2c2befaa	156	await authenticatePromise(req, res)
418d092a	157
453e83ea	158	const user = res.locals.oauth ? res.locals.oauth.token.User : null
4d09cfba	159
453e83ea C	160	if (
	161	!user \|\|
	162	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
	163	) {
76148b27 RK	164	return res.fail({
	165	status: HttpStatusCode.FORBIDDEN_403,
	166	message: 'Cannot get this private video playlist.'
	167	})
453e83ea C	168	}
	169
	170	return next()
418d092a C	171	}
	172
	173	return next()
	174	}
453e83ea C	175	]
453e83ea C	176	}
418d092a	177
c06af501	178	const videoPlaylistsSearchValidator = [
396f6f01 C	179	query('search')
	180	.optional()
	181	.not().isEmpty(),
c06af501 RK	182
c06af501 RK	183	(req: express.Request, res: express.Response, next: express.NextFunction) => {
c06af501 RK	184	if (areValidationErrors(req, res)) return
	185
	186	return next()
	187	}
	188	]
	189
418d092a	190	const videoPlaylistsAddVideoValidator = [
d4a8e7a6 C	191	isValidPlaylistIdParam('playlistId'),
d4a8e7a6 C	192
418d092a	193	body('videoId')
d4a8e7a6	194	.customSanitizer(toCompleteUUID)
396f6f01	195	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
418d092a C	196	body('startTimestamp')
418d092a C	197	.optional()
396f6f01	198	.custom(isVideoPlaylistTimestampValid),
418d092a C	199	body('stopTimestamp')
418d092a C	200	.optional()
396f6f01	201	.custom(isVideoPlaylistTimestampValid),
418d092a C	202
418d092a C	203	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	204	if (areValidationErrors(req, res)) return
418d092a C	205
0f6acda1 C	206	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	207	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a	208
453e83ea	209	const videoPlaylist = getPlaylist(res)
418d092a	210
453e83ea	211	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
418d092a C	212	return
	213	}
	214
	215	return next()
	216	}
	217	]
	218
	219	const videoPlaylistsUpdateOrRemoveVideoValidator = [
d4a8e7a6	220	isValidPlaylistIdParam('playlistId'),
bfbd9128	221	param('playlistElementId')
d4a8e7a6	222	.customSanitizer(toCompleteUUID)
396f6f01	223	.custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
418d092a C	224	body('startTimestamp')
418d092a C	225	.optional()
396f6f01	226	.custom(isVideoPlaylistTimestampValid),
418d092a C	227	body('stopTimestamp')
418d092a C	228	.optional()
396f6f01	229	.custom(isVideoPlaylistTimestampValid),
418d092a C	230
418d092a C	231	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	232	if (areValidationErrors(req, res)) return
418d092a C	233
0f6acda1	234	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	235
453e83ea	236	const videoPlaylist = getPlaylist(res)
418d092a	237
bfbd9128	238	const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
418d092a	239	if (!videoPlaylistElement) {
76148b27 RK	240	res.fail({
	241	status: HttpStatusCode.NOT_FOUND_404,
	242	message: 'Video playlist element not found'
	243	})
418d092a C	244	return
	245	}
	246	res.locals.videoPlaylistElement = videoPlaylistElement
	247
	248	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	249
	250	return next()
	251	}
	252	]
	253
	254	const videoPlaylistElementAPGetValidator = [
d4a8e7a6	255	isValidPlaylistIdParam('playlistId'),
37190663	256	param('playlistElementId')
396f6f01	257	.custom(isIdValid),
418d092a C	258
418d092a C	259	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	260	if (areValidationErrors(req, res)) return
418d092a C	261
4638cd71	262	const playlistElementId = forceNumber(req.params.playlistElementId)
37190663 C	263	const playlistId = req.params.playlistId
	264
	265	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
418d092a	266	if (!videoPlaylistElement) {
76148b27 RK	267	res.fail({
	268	status: HttpStatusCode.NOT_FOUND_404,
	269	message: 'Video playlist element not found'
	270	})
418d092a C	271	return
	272	}
	273
	274	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
76148b27 RK	275	return res.fail({
	276	status: HttpStatusCode.FORBIDDEN_403,
	277	message: 'Cannot get this private video playlist.'
	278	})
418d092a C	279	}
418d092a C	280
b5fecbf4	281	res.locals.videoPlaylistElementAP = videoPlaylistElement
418d092a C	282
	283	return next()
	284	}
	285	]
	286
	287	const videoPlaylistsReorderVideosValidator = [
d4a8e7a6	288	isValidPlaylistIdParam('playlistId'),
396f6f01	289
418d092a	290	body('startPosition')
396f6f01	291	.isInt({ min: 1 }),
418d092a	292	body('insertAfterPosition')
396f6f01	293	.isInt({ min: 0 }),
418d092a C	294	body('reorderLength')
418d092a C	295	.optional()
396f6f01	296	.isInt({ min: 1 }),
418d092a C	297
418d092a C	298	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
418d092a C	299	if (areValidationErrors(req, res)) return
418d092a C	300
0f6acda1	301	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	302
453e83ea	303	const videoPlaylist = getPlaylist(res)
418d092a C	304	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
418d092a C	305
07b1a18a C	306	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	307	const startPosition: number = req.body.startPosition
	308	const insertAfterPosition: number = req.body.insertAfterPosition
	309	const reorderLength: number = req.body.reorderLength
	310
	311	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
76148b27	312	res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
07b1a18a C	313	return
	314	}
	315
	316	if (reorderLength && reorderLength + startPosition > nextPosition) {
76148b27	317	res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
07b1a18a C	318	return
	319	}
	320
418d092a C	321	return next()
	322	}
	323	]
	324
df0b219d C	325	const commonVideoPlaylistFiltersValidator = [
	326	query('playlistType')
	327	.optional()
396f6f01	328	.custom(isVideoPlaylistTypeValid),
df0b219d C	329
df0b219d C	330	(req: express.Request, res: express.Response, next: express.NextFunction) => {
df0b219d C	331	if (areValidationErrors(req, res)) return
	332
	333	return next()
	334	}
	335	]
	336
f0a39880 C	337	const doVideosInPlaylistExistValidator = [
	338	query('videoIds')
	339	.customSanitizer(toIntArray)
	340	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	341
	342	(req: express.Request, res: express.Response, next: express.NextFunction) => {
f0a39880 C	343	if (areValidationErrors(req, res)) return
	344
	345	return next()
	346	}
	347	]
	348
418d092a C	349	// ---------------------------------------------------------------------------
	350
	351	export {
	352	videoPlaylistsAddValidator,
	353	videoPlaylistsUpdateValidator,
	354	videoPlaylistsDeleteValidator,
	355	videoPlaylistsGetValidator,
c06af501	356	videoPlaylistsSearchValidator,
418d092a C	357
	358	videoPlaylistsAddVideoValidator,
	359	videoPlaylistsUpdateOrRemoveVideoValidator,
	360	videoPlaylistsReorderVideosValidator,
	361
df0b219d C	362	videoPlaylistElementAPGetValidator,
df0b219d C	363
f0a39880 C	364	commonVideoPlaylistFiltersValidator,
	365
	366	doVideosInPlaylistExistValidator
418d092a C	367	}
	368
	369	// ---------------------------------------------------------------------------
	370
	371	function getCommonPlaylistEditAttributes () {
	372	return [
	373	body('thumbnailfile')
c729caf6	374	.custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
a1587156 C	375	.withMessage(
	376	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
	377	CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	378	),
418d092a	379
418d092a C	380	body('description')
	381	.optional()
	382	.customSanitizer(toValueOrNull)
396f6f01	383	.custom(isVideoPlaylistDescriptionValid),
418d092a C	384	body('privacy')
418d092a C	385	.optional()
c8861d5d	386	.customSanitizer(toIntOrNull)
396f6f01	387	.custom(isVideoPlaylistPrivacyValid),
418d092a C	388	body('videoChannelId')
418d092a C	389	.optional()
c8861d5d	390	.customSanitizer(toIntOrNull)
ba5a8d89	391	] as (ValidationChain \| ExpressPromiseHandler)[]
418d092a C	392	}
418d092a C	393
453e83ea	394	function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
418d092a	395	if (videoPlaylist.isOwned() === false) {
76148b27 RK	396	res.fail({
	397	status: HttpStatusCode.FORBIDDEN_403,
	398	message: 'Cannot manage video playlist of another server.'
	399	})
418d092a C	400	return false
	401	}
	402
	403	// Check if the user can manage the video playlist
	404	// The user can delete it if s/he is an admin
	405	// Or if s/he is the video playlist's owner
	406	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
76148b27 RK	407	res.fail({
	408	status: HttpStatusCode.FORBIDDEN_403,
	409	message: 'Cannot manage video playlist of another user'
	410	})
418d092a C	411	return false
	412	}
	413
	414	return true
	415	}
453e83ea C	416
	417	function getPlaylist (res: express.Response) {
	418	return res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
	419	}