]>
Commit | Line | Data |
---|---|---|
418d092a | 1 | import * as express from 'express' |
df0b219d | 2 | import { body, param, query, ValidationChain } from 'express-validator/check' |
c5e4e36d | 3 | import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' |
418d092a C |
4 | import { logger } from '../../../helpers/logger' |
5 | import { UserModel } from '../../../models/account/user' | |
6 | import { areValidationErrors } from '../utils' | |
0f6acda1 | 7 | import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos' |
74dc3bca | 8 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' |
0b16f5f2 | 9 | import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc' |
418d092a | 10 | import { |
0f6acda1 | 11 | doesVideoPlaylistExist, |
9f79ade6 | 12 | isVideoPlaylistDescriptionValid, |
418d092a | 13 | isVideoPlaylistNameValid, |
df0b219d C |
14 | isVideoPlaylistPrivacyValid, |
15 | isVideoPlaylistTimestampValid, | |
16 | isVideoPlaylistTypeValid | |
418d092a C |
17 | } from '../../../helpers/custom-validators/video-playlists' |
18 | import { VideoPlaylistModel } from '../../../models/video/video-playlist' | |
19 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | |
0f6acda1 | 20 | import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels' |
418d092a | 21 | import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' |
418d092a C |
22 | import { authenticatePromiseIfNeeded } from '../../oauth' |
23 | import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model' | |
df0b219d | 24 | import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model' |
418d092a C |
25 | |
26 | const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |
27 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
28 | logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body }) | |
29 | ||
30 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | |
31 | ||
c5e4e36d | 32 | const body: VideoPlaylistCreate = req.body |
0f6acda1 | 33 | if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
c5e4e36d C |
34 | |
35 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | |
36 | cleanUpReqFiles(req) | |
37 | return res.status(400) | |
38 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | |
39 | } | |
418d092a C |
40 | |
41 | return next() | |
42 | } | |
43 | ]) | |
44 | ||
45 | const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |
46 | param('playlistId') | |
47 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
48 | ||
49 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
50 | logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body }) | |
51 | ||
52 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | |
53 | ||
0f6acda1 | 54 | if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req) |
07b1a18a C |
55 | |
56 | const videoPlaylist = res.locals.videoPlaylist | |
57 | ||
418d092a C |
58 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { |
59 | return cleanUpReqFiles(req) | |
60 | } | |
61 | ||
c5e4e36d C |
62 | const body: VideoPlaylistUpdate = req.body |
63 | ||
64 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) { | |
07b1a18a | 65 | cleanUpReqFiles(req) |
c5e4e36d | 66 | return res.status(400) |
07b1a18a C |
67 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) |
68 | } | |
69 | ||
c5e4e36d C |
70 | const newPrivacy = body.privacy || videoPlaylist.privacy |
71 | if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && | |
72 | ( | |
73 | (!videoPlaylist.videoChannelId && !body.videoChannelId) || | |
74 | body.videoChannelId === null | |
75 | ) | |
76 | ) { | |
77 | cleanUpReqFiles(req) | |
78 | return res.status(400) | |
79 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | |
80 | } | |
81 | ||
df0b219d C |
82 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
83 | cleanUpReqFiles(req) | |
c5e4e36d | 84 | return res.status(400) |
df0b219d C |
85 | .json({ error: 'Cannot update a watch later playlist.' }) |
86 | } | |
87 | ||
0f6acda1 | 88 | if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
418d092a C |
89 | |
90 | return next() | |
91 | } | |
92 | ]) | |
93 | ||
94 | const videoPlaylistsDeleteValidator = [ | |
95 | param('playlistId') | |
96 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
97 | ||
98 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
99 | logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) | |
100 | ||
101 | if (areValidationErrors(req, res)) return | |
102 | ||
0f6acda1 | 103 | if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return |
df0b219d | 104 | |
dae86118 | 105 | const videoPlaylist = res.locals.videoPlaylist |
df0b219d | 106 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
c5e4e36d | 107 | return res.status(400) |
df0b219d C |
108 | .json({ error: 'Cannot delete a watch later playlist.' }) |
109 | } | |
110 | ||
418d092a C |
111 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { |
112 | return | |
113 | } | |
114 | ||
115 | return next() | |
116 | } | |
117 | ] | |
118 | ||
119 | const videoPlaylistsGetValidator = [ | |
120 | param('playlistId') | |
121 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
122 | ||
123 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
124 | logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) | |
125 | ||
126 | if (areValidationErrors(req, res)) return | |
127 | ||
0f6acda1 | 128 | if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return |
418d092a | 129 | |
dae86118 | 130 | const videoPlaylist = res.locals.videoPlaylist |
07b1a18a C |
131 | |
132 | // Video is unlisted, check we used the uuid to fetch it | |
133 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { | |
134 | if (isUUIDValid(req.params.playlistId)) return next() | |
135 | ||
136 | return res.status(404).end() | |
137 | } | |
138 | ||
418d092a C |
139 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { |
140 | await authenticatePromiseIfNeeded(req, res) | |
141 | ||
dae86118 | 142 | const user = res.locals.oauth ? res.locals.oauth.token.User : null |
418d092a C |
143 | if ( |
144 | !user || | |
145 | (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) | |
146 | ) { | |
147 | return res.status(403) | |
148 | .json({ error: 'Cannot get this private video playlist.' }) | |
149 | } | |
150 | ||
151 | return next() | |
152 | } | |
153 | ||
154 | return next() | |
155 | } | |
156 | ] | |
157 | ||
158 | const videoPlaylistsAddVideoValidator = [ | |
159 | param('playlistId') | |
160 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
161 | body('videoId') | |
162 | .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), | |
163 | body('startTimestamp') | |
164 | .optional() | |
df0b219d | 165 | .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'), |
418d092a C |
166 | body('stopTimestamp') |
167 | .optional() | |
df0b219d | 168 | .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'), |
418d092a C |
169 | |
170 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
171 | logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params }) | |
172 | ||
173 | if (areValidationErrors(req, res)) return | |
174 | ||
0f6acda1 C |
175 | if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return |
176 | if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return | |
418d092a | 177 | |
dae86118 C |
178 | const videoPlaylist = res.locals.videoPlaylist |
179 | const video = res.locals.video | |
418d092a C |
180 | |
181 | const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) | |
182 | if (videoPlaylistElement) { | |
183 | res.status(409) | |
184 | .json({ error: 'This video in this playlist already exists' }) | |
185 | .end() | |
186 | ||
187 | return | |
188 | } | |
189 | ||
190 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { | |
191 | return | |
192 | } | |
193 | ||
194 | return next() | |
195 | } | |
196 | ] | |
197 | ||
198 | const videoPlaylistsUpdateOrRemoveVideoValidator = [ | |
199 | param('playlistId') | |
200 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
201 | param('videoId') | |
202 | .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), | |
203 | body('startTimestamp') | |
204 | .optional() | |
df0b219d | 205 | .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'), |
418d092a C |
206 | body('stopTimestamp') |
207 | .optional() | |
df0b219d | 208 | .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'), |
418d092a C |
209 | |
210 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
211 | logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params }) | |
212 | ||
213 | if (areValidationErrors(req, res)) return | |
214 | ||
0f6acda1 C |
215 | if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return |
216 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return | |
418d092a | 217 | |
dae86118 C |
218 | const videoPlaylist = res.locals.videoPlaylist |
219 | const video = res.locals.video | |
418d092a C |
220 | |
221 | const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) | |
222 | if (!videoPlaylistElement) { | |
223 | res.status(404) | |
224 | .json({ error: 'Video playlist element not found' }) | |
225 | .end() | |
226 | ||
227 | return | |
228 | } | |
229 | res.locals.videoPlaylistElement = videoPlaylistElement | |
230 | ||
231 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return | |
232 | ||
233 | return next() | |
234 | } | |
235 | ] | |
236 | ||
237 | const videoPlaylistElementAPGetValidator = [ | |
238 | param('playlistId') | |
239 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
240 | param('videoId') | |
241 | .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), | |
242 | ||
243 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
244 | logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params }) | |
245 | ||
246 | if (areValidationErrors(req, res)) return | |
247 | ||
248 | const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId) | |
249 | if (!videoPlaylistElement) { | |
250 | res.status(404) | |
251 | .json({ error: 'Video playlist element not found' }) | |
252 | .end() | |
253 | ||
254 | return | |
255 | } | |
256 | ||
257 | if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { | |
258 | return res.status(403).end() | |
259 | } | |
260 | ||
261 | res.locals.videoPlaylistElement = videoPlaylistElement | |
262 | ||
263 | return next() | |
264 | } | |
265 | ] | |
266 | ||
267 | const videoPlaylistsReorderVideosValidator = [ | |
268 | param('playlistId') | |
269 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | |
270 | body('startPosition') | |
271 | .isInt({ min: 1 }).withMessage('Should have a valid start position'), | |
272 | body('insertAfterPosition') | |
273 | .isInt({ min: 0 }).withMessage('Should have a valid insert after position'), | |
274 | body('reorderLength') | |
275 | .optional() | |
276 | .isInt({ min: 1 }).withMessage('Should have a valid range length'), | |
277 | ||
278 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
279 | logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params }) | |
280 | ||
281 | if (areValidationErrors(req, res)) return | |
282 | ||
0f6acda1 | 283 | if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return |
418d092a | 284 | |
dae86118 | 285 | const videoPlaylist = res.locals.videoPlaylist |
418d092a C |
286 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return |
287 | ||
07b1a18a C |
288 | const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id) |
289 | const startPosition: number = req.body.startPosition | |
290 | const insertAfterPosition: number = req.body.insertAfterPosition | |
291 | const reorderLength: number = req.body.reorderLength | |
292 | ||
293 | if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { | |
294 | res.status(400) | |
295 | .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) | |
296 | .end() | |
297 | ||
298 | return | |
299 | } | |
300 | ||
301 | if (reorderLength && reorderLength + startPosition > nextPosition) { | |
302 | res.status(400) | |
303 | .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) | |
304 | .end() | |
305 | ||
306 | return | |
307 | } | |
308 | ||
418d092a C |
309 | return next() |
310 | } | |
311 | ] | |
312 | ||
df0b219d C |
313 | const commonVideoPlaylistFiltersValidator = [ |
314 | query('playlistType') | |
315 | .optional() | |
316 | .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'), | |
317 | ||
318 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
319 | logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params }) | |
320 | ||
321 | if (areValidationErrors(req, res)) return | |
322 | ||
323 | return next() | |
324 | } | |
325 | ] | |
326 | ||
f0a39880 C |
327 | const doVideosInPlaylistExistValidator = [ |
328 | query('videoIds') | |
329 | .customSanitizer(toIntArray) | |
330 | .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'), | |
331 | ||
332 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
333 | logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query }) | |
334 | ||
335 | if (areValidationErrors(req, res)) return | |
336 | ||
337 | return next() | |
338 | } | |
339 | ] | |
340 | ||
418d092a C |
341 | // --------------------------------------------------------------------------- |
342 | ||
343 | export { | |
344 | videoPlaylistsAddValidator, | |
345 | videoPlaylistsUpdateValidator, | |
346 | videoPlaylistsDeleteValidator, | |
347 | videoPlaylistsGetValidator, | |
348 | ||
349 | videoPlaylistsAddVideoValidator, | |
350 | videoPlaylistsUpdateOrRemoveVideoValidator, | |
351 | videoPlaylistsReorderVideosValidator, | |
352 | ||
df0b219d C |
353 | videoPlaylistElementAPGetValidator, |
354 | ||
f0a39880 C |
355 | commonVideoPlaylistFiltersValidator, |
356 | ||
357 | doVideosInPlaylistExistValidator | |
418d092a C |
358 | } |
359 | ||
360 | // --------------------------------------------------------------------------- | |
361 | ||
362 | function getCommonPlaylistEditAttributes () { | |
363 | return [ | |
364 | body('thumbnailfile') | |
365 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( | |
366 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' | |
367 | + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') | |
368 | ), | |
369 | ||
370 | body('displayName') | |
371 | .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'), | |
372 | body('description') | |
373 | .optional() | |
374 | .customSanitizer(toValueOrNull) | |
375 | .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'), | |
376 | body('privacy') | |
377 | .optional() | |
378 | .toInt() | |
379 | .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'), | |
380 | body('videoChannelId') | |
381 | .optional() | |
830b4faf | 382 | .customSanitizer(toValueOrNull) |
418d092a C |
383 | .toInt() |
384 | ] as (ValidationChain | express.Handler)[] | |
385 | } | |
386 | ||
387 | function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) { | |
388 | if (videoPlaylist.isOwned() === false) { | |
389 | res.status(403) | |
390 | .json({ error: 'Cannot manage video playlist of another server.' }) | |
391 | .end() | |
392 | ||
393 | return false | |
394 | } | |
395 | ||
396 | // Check if the user can manage the video playlist | |
397 | // The user can delete it if s/he is an admin | |
398 | // Or if s/he is the video playlist's owner | |
399 | if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) { | |
400 | res.status(403) | |
401 | .json({ error: 'Cannot manage video playlist of another user' }) | |
402 | .end() | |
403 | ||
404 | return false | |
405 | } | |
406 | ||
407 | return true | |
408 | } |