[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import * as express from 'express'
import { body, param, query, ValidationChain } from 'express-validator/check'
import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { UserModel } from '../../../models/account/user'
import { areValidationErrors } from '../utils'
import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc'
import {
  doesVideoPlaylistExist,
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { VideoPlaylistModel } from '../../../models/video/video-playlist'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { authenticatePromiseIfNeeded } from '../../oauth'
import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  body('displayName')
    .optional()
    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = res.locals.videoPlaylist

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    const body: VideoPlaylistUpdate = req.body

    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot update a watch later playlist.' })
    }

    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist = res.locals.videoPlaylist

    // Video is unlisted, check we used the uuid to fetch it
    if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
      if (isUUIDValid(req.params.playlistId)) return next()

      return res.status(404).end()
    }

    if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      await authenticatePromiseIfNeeded(req, res)

      const user = res.locals.oauth ? res.locals.oauth.token.User : null

      if (
        !user ||
        (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
      ) {
        return res.status(403)
                  .json({ error: 'Cannot get this private video playlist.' })
      }

      return next()
    }

    return next()
  }
]

const videoPlaylistsAddVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist = res.locals.videoPlaylist
    const video = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
      res.status(409)
         .json({ error: 'This video in this playlist already exists' })
         .end()

      return
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.params.videoId, res, 'id')) return

    const videoPlaylist = res.locals.videoPlaylist
    const video = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.status(403).end()
    }

    res.locals.videoPlaylistElement = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')
    .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }).withMessage('Should have a valid range length'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist = res.locals.videoPlaylist
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.status(400)
         .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
         .end()

      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.status(400)
         .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
         .end()

      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
    ),

    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
    body('privacy')
      .optional()
      .toInt()
      .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
    body('videoChannelId')
      .optional()
      .customSanitizer(toValueOrNull)
      .toInt()
  ] as (ValidationChain | express.Handler)[]
}

function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
       .end()

    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another user' })
       .end()

    return false
  }

  return true
}
Commit	Line	Data
418d092a	1	import * as express from 'express'
df0b219d	2	import { body, param, query, ValidationChain } from 'express-validator/check'
c5e4e36d	3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
418d092a C	4	import { logger } from '../../../helpers/logger'
	5	import { UserModel } from '../../../models/account/user'
	6	import { areValidationErrors } from '../utils'
0f6acda1	7	import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
74dc3bca	8	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
0b16f5f2	9	import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc'
418d092a	10	import {
0f6acda1	11	doesVideoPlaylistExist,
9f79ade6	12	isVideoPlaylistDescriptionValid,
418d092a	13	isVideoPlaylistNameValid,
df0b219d C	14	isVideoPlaylistPrivacyValid,
	15	isVideoPlaylistTimestampValid,
	16	isVideoPlaylistTypeValid
418d092a C	17	} from '../../../helpers/custom-validators/video-playlists'
	18	import { VideoPlaylistModel } from '../../../models/video/video-playlist'
	19	import { cleanUpReqFiles } from '../../../helpers/express-utils'
0f6acda1	20	import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
418d092a	21	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
418d092a C	22	import { authenticatePromiseIfNeeded } from '../../oauth'
418d092a C	23	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
df0b219d	24	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
418d092a C	25
418d092a C	26	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
1b319b7a C	27	body('displayName')
	28	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	29
418d092a C	30	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	31	logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
	32
	33	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	34
c5e4e36d	35	const body: VideoPlaylistCreate = req.body
0f6acda1	36	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
c5e4e36d C	37
	38	if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
	39	cleanUpReqFiles(req)
	40	return res.status(400)
	41	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	42	}
418d092a C	43
	44	return next()
	45	}
	46	])
	47
	48	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
	49	param('playlistId')
	50	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	51
1b319b7a C	52	body('displayName')
	53	.optional()
	54	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	55
418d092a C	56	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	57	logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
	58
	59	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	60
0f6acda1	61	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a C	62
	63	const videoPlaylist = res.locals.videoPlaylist
	64
418d092a C	65	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	66	return cleanUpReqFiles(req)
	67	}
	68
c5e4e36d C	69	const body: VideoPlaylistUpdate = req.body
c5e4e36d C	70
c5e4e36d C	71	const newPrivacy = body.privacy \|\| videoPlaylist.privacy
	72	if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
	73	(
	74	(!videoPlaylist.videoChannelId && !body.videoChannelId) \|\|
	75	body.videoChannelId === null
	76	)
	77	) {
	78	cleanUpReqFiles(req)
	79	return res.status(400)
	80	.json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
	81	}
	82
df0b219d C	83	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
df0b219d C	84	cleanUpReqFiles(req)
c5e4e36d	85	return res.status(400)
df0b219d C	86	.json({ error: 'Cannot update a watch later playlist.' })
	87	}
	88
0f6acda1	89	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
418d092a C	90
	91	return next()
	92	}
	93	])
	94
	95	const videoPlaylistsDeleteValidator = [
	96	param('playlistId')
	97	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	98
	99	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	100	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
	101
	102	if (areValidationErrors(req, res)) return
	103
0f6acda1	104	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d	105
dae86118	106	const videoPlaylist = res.locals.videoPlaylist
df0b219d	107	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
c5e4e36d	108	return res.status(400)
df0b219d C	109	.json({ error: 'Cannot delete a watch later playlist.' })
	110	}
	111
418d092a C	112	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	113	return
	114	}
	115
	116	return next()
	117	}
	118	]
	119
	120	const videoPlaylistsGetValidator = [
	121	param('playlistId')
	122	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	123
	124	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	125	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
	126
	127	if (areValidationErrors(req, res)) return
	128
0f6acda1	129	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
418d092a	130
dae86118	131	const videoPlaylist = res.locals.videoPlaylist
07b1a18a C	132
	133	// Video is unlisted, check we used the uuid to fetch it
	134	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
	135	if (isUUIDValid(req.params.playlistId)) return next()
	136
	137	return res.status(404).end()
	138	}
	139
418d092a C	140	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	141	await authenticatePromiseIfNeeded(req, res)
	142
dae86118	143	const user = res.locals.oauth ? res.locals.oauth.token.User : null
4d09cfba	144
418d092a C	145	if (
418d092a C	146	!user \|\|
4d09cfba	147	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
418d092a C	148	) {
	149	return res.status(403)
	150	.json({ error: 'Cannot get this private video playlist.' })
	151	}
	152
	153	return next()
	154	}
	155
	156	return next()
	157	}
	158	]
	159
	160	const videoPlaylistsAddVideoValidator = [
	161	param('playlistId')
	162	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	163	body('videoId')
	164	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
	165	body('startTimestamp')
	166	.optional()
df0b219d	167	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	168	body('stopTimestamp')
418d092a C	169	.optional()
df0b219d	170	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	171
	172	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	173	logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
	174
	175	if (areValidationErrors(req, res)) return
	176
0f6acda1 C	177	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	178	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
418d092a	179
dae86118 C	180	const videoPlaylist = res.locals.videoPlaylist
dae86118 C	181	const video = res.locals.video
418d092a C	182
	183	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	184	if (videoPlaylistElement) {
	185	res.status(409)
	186	.json({ error: 'This video in this playlist already exists' })
	187	.end()
	188
	189	return
	190	}
	191
	192	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
	193	return
	194	}
	195
	196	return next()
	197	}
	198	]
	199
	200	const videoPlaylistsUpdateOrRemoveVideoValidator = [
	201	param('playlistId')
	202	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	203	param('videoId')
	204	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	205	body('startTimestamp')
	206	.optional()
df0b219d	207	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	208	body('stopTimestamp')
418d092a C	209	.optional()
df0b219d	210	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	211
	212	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	213	logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
	214
	215	if (areValidationErrors(req, res)) return
	216
0f6acda1 C	217	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
0f6acda1 C	218	if (!await doesVideoExist(req.params.videoId, res, 'id')) return
418d092a	219
dae86118 C	220	const videoPlaylist = res.locals.videoPlaylist
dae86118 C	221	const video = res.locals.video
418d092a C	222
	223	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	224	if (!videoPlaylistElement) {
	225	res.status(404)
	226	.json({ error: 'Video playlist element not found' })
	227	.end()
	228
	229	return
	230	}
	231	res.locals.videoPlaylistElement = videoPlaylistElement
	232
	233	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	234
	235	return next()
	236	}
	237	]
	238
	239	const videoPlaylistElementAPGetValidator = [
	240	param('playlistId')
	241	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	242	param('videoId')
	243	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	244
	245	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	246	logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
	247
	248	if (areValidationErrors(req, res)) return
	249
	250	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
	251	if (!videoPlaylistElement) {
	252	res.status(404)
	253	.json({ error: 'Video playlist element not found' })
	254	.end()
	255
	256	return
	257	}
	258
	259	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	260	return res.status(403).end()
	261	}
	262
	263	res.locals.videoPlaylistElement = videoPlaylistElement
	264
	265	return next()
	266	}
	267	]
	268
	269	const videoPlaylistsReorderVideosValidator = [
	270	param('playlistId')
	271	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	272	body('startPosition')
	273	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
	274	body('insertAfterPosition')
	275	.isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
	276	body('reorderLength')
	277	.optional()
	278	.isInt({ min: 1 }).withMessage('Should have a valid range length'),
	279
	280	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	281	logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
	282
	283	if (areValidationErrors(req, res)) return
	284
0f6acda1	285	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a	286
dae86118	287	const videoPlaylist = res.locals.videoPlaylist
418d092a C	288	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
418d092a C	289
07b1a18a C	290	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	291	const startPosition: number = req.body.startPosition
	292	const insertAfterPosition: number = req.body.insertAfterPosition
	293	const reorderLength: number = req.body.reorderLength
	294
	295	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
	296	res.status(400)
	297	.json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
	298	.end()
	299
	300	return
	301	}
	302
	303	if (reorderLength && reorderLength + startPosition > nextPosition) {
	304	res.status(400)
	305	.json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
	306	.end()
	307
	308	return
	309	}
	310
418d092a C	311	return next()
	312	}
	313	]
	314
df0b219d C	315	const commonVideoPlaylistFiltersValidator = [
	316	query('playlistType')
	317	.optional()
	318	.custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
	319
	320	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	321	logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
	322
	323	if (areValidationErrors(req, res)) return
	324
	325	return next()
	326	}
	327	]
	328
f0a39880 C	329	const doVideosInPlaylistExistValidator = [
	330	query('videoIds')
	331	.customSanitizer(toIntArray)
	332	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	333
	334	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	335	logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
	336
	337	if (areValidationErrors(req, res)) return
	338
	339	return next()
	340	}
	341	]
	342
418d092a C	343	// ---------------------------------------------------------------------------
	344
	345	export {
	346	videoPlaylistsAddValidator,
	347	videoPlaylistsUpdateValidator,
	348	videoPlaylistsDeleteValidator,
	349	videoPlaylistsGetValidator,
	350
	351	videoPlaylistsAddVideoValidator,
	352	videoPlaylistsUpdateOrRemoveVideoValidator,
	353	videoPlaylistsReorderVideosValidator,
	354
df0b219d C	355	videoPlaylistElementAPGetValidator,
df0b219d C	356
f0a39880 C	357	commonVideoPlaylistFiltersValidator,
	358
	359	doVideosInPlaylistExistValidator
418d092a C	360	}
	361
	362	// ---------------------------------------------------------------------------
	363
	364	function getCommonPlaylistEditAttributes () {
	365	return [
	366	body('thumbnailfile')
	367	.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
	368	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
	369	+ CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	370	),
	371
418d092a C	372	body('description')
	373	.optional()
	374	.customSanitizer(toValueOrNull)
	375	.custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
	376	body('privacy')
	377	.optional()
	378	.toInt()
	379	.custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
	380	body('videoChannelId')
	381	.optional()
830b4faf	382	.customSanitizer(toValueOrNull)
418d092a C	383	.toInt()
	384	] as (ValidationChain \| express.Handler)[]
	385	}
	386
	387	function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
	388	if (videoPlaylist.isOwned() === false) {
	389	res.status(403)
	390	.json({ error: 'Cannot manage video playlist of another server.' })
	391	.end()
	392
	393	return false
	394	}
	395
	396	// Check if the user can manage the video playlist
	397	// The user can delete it if s/he is an admin
	398	// Or if s/he is the video playlist's owner
	399	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
	400	res.status(403)
	401	.json({ error: 'Cannot manage video playlist of another user' })
	402	.end()
	403
	404	return false
	405	}
	406
	407	return true
	408	}