[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import * as express from 'express'
import { body, param, query, ValidationChain } from 'express-validator/check'
import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { UserModel } from '../../../models/account/user'
import { areValidationErrors } from '../utils'
import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc'
import {
  doesVideoPlaylistExist,
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { VideoPlaylistModel } from '../../../models/video/video-playlist'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { authenticatePromiseIfNeeded } from '../../oauth'
import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = res.locals.videoPlaylist

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    const body: VideoPlaylistUpdate = req.body

    if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "private" a video playlist that was not private.' })
    }

    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot update a watch later playlist.' })
    }

    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist

    // Video is unlisted, check we used the uuid to fetch it
    if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
      if (isUUIDValid(req.params.playlistId)) return next()

      return res.status(404).end()
    }

    if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      await authenticatePromiseIfNeeded(req, res)

      const user = res.locals.oauth ? res.locals.oauth.token.User : null
      if (
        !user ||
        (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
      ) {
        return res.status(403)
                  .json({ error: 'Cannot get this private video playlist.' })
      }

      return next()
    }

    return next()
  }
]

const videoPlaylistsAddVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist = res.locals.videoPlaylist
    const video = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
      res.status(409)
         .json({ error: 'This video in this playlist already exists' })
         .end()

      return
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.params.videoId, res, 'id')) return

    const videoPlaylist = res.locals.videoPlaylist
    const video = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.status(403).end()
    }

    res.locals.videoPlaylistElement = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')
    .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }).withMessage('Should have a valid range length'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = res.locals.videoPlaylist
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.status(400)
         .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
         .end()

      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.status(400)
         .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
         .end()

      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
    ),

    body('displayName')
      .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
    body('privacy')
      .optional()
      .toInt()
      .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
    body('videoChannelId')
      .optional()
      .customSanitizer(toValueOrNull)
      .toInt()
  ] as (ValidationChain | express.Handler)[]
}

function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
       .end()

    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another user' })
       .end()

    return false
  }

  return true
}
Commit	Line	Data
418d092a	1	import * as express from 'express'
df0b219d	2	import { body, param, query, ValidationChain } from 'express-validator/check'
c5e4e36d	3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
418d092a C	4	import { logger } from '../../../helpers/logger'
	5	import { UserModel } from '../../../models/account/user'
	6	import { areValidationErrors } from '../utils'
0f6acda1	7	import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
74dc3bca	8	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
0b16f5f2	9	import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc'
418d092a	10	import {
0f6acda1	11	doesVideoPlaylistExist,
9f79ade6	12	isVideoPlaylistDescriptionValid,
418d092a	13	isVideoPlaylistNameValid,
df0b219d C	14	isVideoPlaylistPrivacyValid,
	15	isVideoPlaylistTimestampValid,
	16	isVideoPlaylistTypeValid
418d092a C	17	} from '../../../helpers/custom-validators/video-playlists'
	18	import { VideoPlaylistModel } from '../../../models/video/video-playlist'
	19	import { cleanUpReqFiles } from '../../../helpers/express-utils'
0f6acda1	20	import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
418d092a	21	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
418d092a C	22	import { authenticatePromiseIfNeeded } from '../../oauth'
418d092a C	23	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
df0b219d	24	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
418d092a C	25
	26	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
	27	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	28	logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
	29
	30	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	31
c5e4e36d	32	const body: VideoPlaylistCreate = req.body
0f6acda1	33	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d C	34
	35	if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
	36	cleanUpReqFiles(req)
	37	return res.status(400)
	38	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	39	}
418d092a C	40
	41	return next()
	42	}
	43	])
	44
	45	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
	46	param('playlistId')
	47	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	48
	49	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	50	logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
	51
	52	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	53
0f6acda1	54	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a C	55
	56	const videoPlaylist = res.locals.videoPlaylist
	57
418d092a C	58	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	59	return cleanUpReqFiles(req)
	60	}
	61
c5e4e36d C	62	const body: VideoPlaylistUpdate = req.body
	63
	64	if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) {
07b1a18a	65	cleanUpReqFiles(req)
c5e4e36d	66	return res.status(400)
07b1a18a C	67	.json({ error: 'Cannot set "private" a video playlist that was not private.' })
	68	}
	69
c5e4e36d C	70	const newPrivacy = body.privacy \|\| videoPlaylist.privacy
	71	if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
	72	(
	73	(!videoPlaylist.videoChannelId && !body.videoChannelId) \|\|
	74	body.videoChannelId === null
	75	)
	76	) {
	77	cleanUpReqFiles(req)
	78	return res.status(400)
	79	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	80	}
	81
df0b219d C	82	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
df0b219d C	83	cleanUpReqFiles(req)
c5e4e36d	84	return res.status(400)
df0b219d C	85	.json({ error: 'Cannot update a watch later playlist.' })
	86	}
	87
0f6acda1	88	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a C	89
	90	return next()
	91	}
	92	])
	93
	94	const videoPlaylistsDeleteValidator = [
	95	param('playlistId')
	96	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	97
	98	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	99	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
	100
	101	if (areValidationErrors(req, res)) return
	102
0f6acda1	103	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d	104
dae86118	105	const videoPlaylist = res.locals.videoPlaylist
df0b219d	106	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
c5e4e36d	107	return res.status(400)
df0b219d C	108	.json({ error: 'Cannot delete a watch later playlist.' })
	109	}
	110
418d092a C	111	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	112	return
	113	}
	114
	115	return next()
	116	}
	117	]
	118
	119	const videoPlaylistsGetValidator = [
	120	param('playlistId')
	121	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	122
	123	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	124	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
	125
	126	if (areValidationErrors(req, res)) return
	127
0f6acda1	128	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
418d092a	129
dae86118	130	const videoPlaylist = res.locals.videoPlaylist
07b1a18a C	131
	132	// Video is unlisted, check we used the uuid to fetch it
	133	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
	134	if (isUUIDValid(req.params.playlistId)) return next()
	135
	136	return res.status(404).end()
	137	}
	138
418d092a C	139	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	140	await authenticatePromiseIfNeeded(req, res)
	141
dae86118	142	const user = res.locals.oauth ? res.locals.oauth.token.User : null
418d092a C	143	if (
	144	!user \|\|
	145	(videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
	146	) {
	147	return res.status(403)
	148	.json({ error: 'Cannot get this private video playlist.' })
	149	}
	150
	151	return next()
	152	}
	153
	154	return next()
	155	}
	156	]
	157
	158	const videoPlaylistsAddVideoValidator = [
	159	param('playlistId')
	160	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	161	body('videoId')
	162	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
	163	body('startTimestamp')
	164	.optional()
df0b219d	165	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	166	body('stopTimestamp')
418d092a C	167	.optional()
df0b219d	168	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	169
	170	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	171	logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
	172
	173	if (areValidationErrors(req, res)) return
	174
0f6acda1 C	175	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	176	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a	177
dae86118 C	178	const videoPlaylist = res.locals.videoPlaylist
dae86118 C	179	const video = res.locals.video
418d092a C	180
	181	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	182	if (videoPlaylistElement) {
	183	res.status(409)
	184	.json({ error: 'This video in this playlist already exists' })
	185	.end()
	186
	187	return
	188	}
	189
	190	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
	191	return
	192	}
	193
	194	return next()
	195	}
	196	]
	197
	198	const videoPlaylistsUpdateOrRemoveVideoValidator = [
	199	param('playlistId')
	200	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	201	param('videoId')
	202	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	203	body('startTimestamp')
	204	.optional()
df0b219d	205	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	206	body('stopTimestamp')
418d092a C	207	.optional()
df0b219d	208	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	209
	210	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	211	logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
	212
	213	if (areValidationErrors(req, res)) return
	214
0f6acda1 C	215	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	216	if (!await doesVideoExist(req.params.videoId, res, 'id')) return
418d092a	217
dae86118 C	218	const videoPlaylist = res.locals.videoPlaylist
dae86118 C	219	const video = res.locals.video
418d092a C	220
	221	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	222	if (!videoPlaylistElement) {
	223	res.status(404)
	224	.json({ error: 'Video playlist element not found' })
	225	.end()
	226
	227	return
	228	}
	229	res.locals.videoPlaylistElement = videoPlaylistElement
	230
	231	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	232
	233	return next()
	234	}
	235	]
	236
	237	const videoPlaylistElementAPGetValidator = [
	238	param('playlistId')
	239	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	240	param('videoId')
	241	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	242
	243	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	244	logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
	245
	246	if (areValidationErrors(req, res)) return
	247
	248	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
	249	if (!videoPlaylistElement) {
	250	res.status(404)
	251	.json({ error: 'Video playlist element not found' })
	252	.end()
	253
	254	return
	255	}
	256
	257	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	258	return res.status(403).end()
	259	}
	260
	261	res.locals.videoPlaylistElement = videoPlaylistElement
	262
	263	return next()
	264	}
	265	]
	266
	267	const videoPlaylistsReorderVideosValidator = [
	268	param('playlistId')
	269	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	270	body('startPosition')
	271	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
	272	body('insertAfterPosition')
	273	.isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
	274	body('reorderLength')
	275	.optional()
	276	.isInt({ min: 1 }).withMessage('Should have a valid range length'),
	277
	278	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	279	logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
	280
	281	if (areValidationErrors(req, res)) return
	282
0f6acda1	283	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	284
dae86118	285	const videoPlaylist = res.locals.videoPlaylist
418d092a C	286	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
418d092a C	287
07b1a18a C	288	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	289	const startPosition: number = req.body.startPosition
	290	const insertAfterPosition: number = req.body.insertAfterPosition
	291	const reorderLength: number = req.body.reorderLength
	292
	293	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
	294	res.status(400)
	295	.json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
	296	.end()
	297
	298	return
	299	}
	300
	301	if (reorderLength && reorderLength + startPosition > nextPosition) {
	302	res.status(400)
	303	.json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
	304	.end()
	305
	306	return
	307	}
	308
418d092a C	309	return next()
	310	}
	311	]
	312
df0b219d C	313	const commonVideoPlaylistFiltersValidator = [
	314	query('playlistType')
	315	.optional()
	316	.custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
	317
	318	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	319	logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
	320
	321	if (areValidationErrors(req, res)) return
	322
	323	return next()
	324	}
	325	]
	326
f0a39880 C	327	const doVideosInPlaylistExistValidator = [
	328	query('videoIds')
	329	.customSanitizer(toIntArray)
	330	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	331
	332	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	333	logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
	334
	335	if (areValidationErrors(req, res)) return
	336
	337	return next()
	338	}
	339	]
	340
418d092a C	341	// ---------------------------------------------------------------------------
	342
	343	export {
	344	videoPlaylistsAddValidator,
	345	videoPlaylistsUpdateValidator,
	346	videoPlaylistsDeleteValidator,
	347	videoPlaylistsGetValidator,
	348
	349	videoPlaylistsAddVideoValidator,
	350	videoPlaylistsUpdateOrRemoveVideoValidator,
	351	videoPlaylistsReorderVideosValidator,
	352
df0b219d C	353	videoPlaylistElementAPGetValidator,
df0b219d C	354
f0a39880 C	355	commonVideoPlaylistFiltersValidator,
	356
	357	doVideosInPlaylistExistValidator
418d092a C	358	}
	359
	360	// ---------------------------------------------------------------------------
	361
	362	function getCommonPlaylistEditAttributes () {
	363	return [
	364	body('thumbnailfile')
	365	.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
	366	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
	367	+ CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	368	),
	369
	370	body('displayName')
	371	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	372	body('description')
	373	.optional()
	374	.customSanitizer(toValueOrNull)
	375	.custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
	376	body('privacy')
	377	.optional()
	378	.toInt()
	379	.custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
	380	body('videoChannelId')
	381	.optional()
830b4faf	382	.customSanitizer(toValueOrNull)
418d092a C	383	.toInt()
	384	] as (ValidationChain \| express.Handler)[]
	385	}
	386
	387	function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
	388	if (videoPlaylist.isOwned() === false) {
	389	res.status(403)
	390	.json({ error: 'Cannot manage video playlist of another server.' })
	391	.end()
	392
	393	return false
	394	}
	395
	396	// Check if the user can manage the video playlist
	397	// The user can delete it if s/he is an admin
	398	// Or if s/he is the video playlist's owner
	399	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
	400	res.status(403)
	401	.json({ error: 'Cannot manage video playlist of another user' })
	402	.end()
	403
	404	return false
	405	}
	406
	407	return true
	408	}