[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts

import * as express from 'express'
import { body, param, query, ValidationChain } from 'express-validator/check'
import { UserRight } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { UserModel } from '../../../models/account/user'
import { areValidationErrors } from '../utils'
import { isVideoExist, isVideoFileInfoHashValid, isVideoImage } from '../../../helpers/custom-validators/videos'
import { CONSTRAINTS_FIELDS } from '../../../initializers'
import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toArray, toValueOrNull, toIntArray } from '../../../helpers/custom-validators/misc'
import {
  isVideoPlaylistDescriptionValid,
  isVideoPlaylistExist,
  isVideoPlaylistNameValid,
  isVideoPlaylistPrivacyValid,
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
} from '../../../helpers/custom-validators/video-playlists'
import { VideoPlaylistModel } from '../../../models/video/video-playlist'
import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { isVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
import { VideoModel } from '../../../models/video/video'
import { authenticatePromiseIfNeeded } from '../../oauth'
import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
import { areValidActorHandles } from '../../../helpers/custom-validators/activitypub/actor'

const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

    if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)

    const videoPlaylist = res.locals.videoPlaylist

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }

    if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) {
      cleanUpReqFiles(req)
      return res.status(409)
                .json({ error: 'Cannot set "private" a video playlist that was not private.' })
    }

    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
      return res.status(409)
                .json({ error: 'Cannot update a watch later playlist.' })
    }

    if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)

    return next()
  }
])

const videoPlaylistsDeleteValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(409)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoPlaylistExist(req.params.playlistId, res)) return

    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist

    // Video is unlisted, check we used the uuid to fetch it
    if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
      if (isUUIDValid(req.params.playlistId)) return next()

      return res.status(404).end()
    }

    if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      await authenticatePromiseIfNeeded(req, res)

      const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null

      if (
        !user ||
        (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
      ) {
        return res.status(403)
                  .json({ error: 'Cannot get this private video playlist.' })
      }

      return next()
    }

    return next()
  }
]

const videoPlaylistsAddVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await isVideoExist(req.body.videoId, res, 'only-video')) return

    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
    const video: VideoModel = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
      res.status(409)
         .json({ error: 'This video in this playlist already exists' })
         .end()

      return
    }

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }

    return next()
  }
]

const videoPlaylistsUpdateOrRemoveVideoValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
  body('startTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
  body('stopTimestamp')
    .optional()
    .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await isVideoExist(req.params.videoId, res, 'id')) return

    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
    const video: VideoModel = res.locals.video

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }
    res.locals.videoPlaylistElement = videoPlaylistElement

    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    return next()
  }
]

const videoPlaylistElementAPGetValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('videoId')
    .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
    if (!videoPlaylistElement) {
      res.status(404)
         .json({ error: 'Video playlist element not found' })
         .end()

      return
    }

    if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
      return res.status(403).end()
    }

    res.locals.videoPlaylistElement = videoPlaylistElement

    return next()
  }
]

const videoPlaylistsReorderVideosValidator = [
  param('playlistId')
    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')
    .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
  body('reorderLength')
    .optional()
    .isInt({ min: 1 }).withMessage('Should have a valid range length'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return

    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return

    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
    const startPosition: number = req.body.startPosition
    const insertAfterPosition: number = req.body.insertAfterPosition
    const reorderLength: number = req.body.reorderLength

    if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
      res.status(400)
         .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
         .end()

      return
    }

    if (reorderLength && reorderLength + startPosition > nextPosition) {
      res.status(400)
         .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
         .end()

      return
    }

    return next()
  }
]

const commonVideoPlaylistFiltersValidator = [
  query('playlistType')
    .optional()
    .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

const doVideosInPlaylistExistValidator = [
  query('videoIds')
    .customSanitizer(toIntArray)
    .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  videoPlaylistsAddValidator,
  videoPlaylistsUpdateValidator,
  videoPlaylistsDeleteValidator,
  videoPlaylistsGetValidator,

  videoPlaylistsAddVideoValidator,
  videoPlaylistsUpdateOrRemoveVideoValidator,
  videoPlaylistsReorderVideosValidator,

  videoPlaylistElementAPGetValidator,

  commonVideoPlaylistFiltersValidator,

  doVideosInPlaylistExistValidator
}

// ---------------------------------------------------------------------------

function getCommonPlaylistEditAttributes () {
  return [
    body('thumbnailfile')
      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
    ),

    body('displayName')
      .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
    body('description')
      .optional()
      .customSanitizer(toValueOrNull)
      .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
    body('privacy')
      .optional()
      .toInt()
      .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
    body('videoChannelId')
      .optional()
      .customSanitizer(toValueOrNull)
      .toInt()
  ] as (ValidationChain | express.Handler)[]
}

function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
       .end()

    return false
  }

  // Check if the user can manage the video playlist
  // The user can delete it if s/he is an admin
  // Or if s/he is the video playlist's owner
  if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another user' })
       .end()

    return false
  }

  return true
}
Commit	Line	Data
418d092a	1	import * as express from 'express'
df0b219d C	2	import { body, param, query, ValidationChain } from 'express-validator/check'
df0b219d C	3	import { UserRight } from '../../../../shared'
418d092a C	4	import { logger } from '../../../helpers/logger'
	5	import { UserModel } from '../../../models/account/user'
	6	import { areValidationErrors } from '../utils'
f0a39880	7	import { isVideoExist, isVideoFileInfoHashValid, isVideoImage } from '../../../helpers/custom-validators/videos'
418d092a	8	import { CONSTRAINTS_FIELDS } from '../../../initializers'
f0a39880	9	import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toArray, toValueOrNull, toIntArray } from '../../../helpers/custom-validators/misc'
418d092a C	10	import {
	11	isVideoPlaylistDescriptionValid,
	12	isVideoPlaylistExist,
	13	isVideoPlaylistNameValid,
df0b219d C	14	isVideoPlaylistPrivacyValid,
	15	isVideoPlaylistTimestampValid,
	16	isVideoPlaylistTypeValid
418d092a C	17	} from '../../../helpers/custom-validators/video-playlists'
	18	import { VideoPlaylistModel } from '../../../models/video/video-playlist'
	19	import { cleanUpReqFiles } from '../../../helpers/express-utils'
	20	import { isVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
	21	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
	22	import { VideoModel } from '../../../models/video/video'
	23	import { authenticatePromiseIfNeeded } from '../../oauth'
	24	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
df0b219d	25	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
f0a39880	26	import { areValidActorHandles } from '../../../helpers/custom-validators/activitypub/actor'
418d092a C	27
	28	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
	29	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	30	logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
	31
	32	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	33
	34	if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
	35
	36	return next()
	37	}
	38	])
	39
	40	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
	41	param('playlistId')
	42	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	43
	44	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	45	logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
	46
	47	if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
	48
09979f89	49	if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
07b1a18a C	50
	51	const videoPlaylist = res.locals.videoPlaylist
	52
418d092a C	53	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	54	return cleanUpReqFiles(req)
	55	}
	56
07b1a18a C	57	if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) {
	58	cleanUpReqFiles(req)
	59	return res.status(409)
	60	.json({ error: 'Cannot set "private" a video playlist that was not private.' })
	61	}
	62
df0b219d C	63	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
	64	cleanUpReqFiles(req)
	65	return res.status(409)
	66	.json({ error: 'Cannot update a watch later playlist.' })
	67	}
	68
418d092a C	69	if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
	70
	71	return next()
	72	}
	73	])
	74
	75	const videoPlaylistsDeleteValidator = [
	76	param('playlistId')
	77	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	78
	79	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	80	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
	81
	82	if (areValidationErrors(req, res)) return
	83
	84	if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
df0b219d C	85
	86	const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
	87	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
	88	return res.status(409)
	89	.json({ error: 'Cannot delete a watch later playlist.' })
	90	}
	91
418d092a C	92	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
	93	return
	94	}
	95
	96	return next()
	97	}
	98	]
	99
	100	const videoPlaylistsGetValidator = [
	101	param('playlistId')
	102	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	103
	104	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	105	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
	106
	107	if (areValidationErrors(req, res)) return
	108
	109	if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
	110
	111	const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
07b1a18a C	112
	113	// Video is unlisted, check we used the uuid to fetch it
	114	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
	115	if (isUUIDValid(req.params.playlistId)) return next()
	116
	117	return res.status(404).end()
	118	}
	119
418d092a C	120	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	121	await authenticatePromiseIfNeeded(req, res)
	122
	123	const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null
	124
	125	if (
	126	!user \|\|
	127	(videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
	128	) {
	129	return res.status(403)
	130	.json({ error: 'Cannot get this private video playlist.' })
	131	}
	132
	133	return next()
	134	}
	135
	136	return next()
	137	}
	138	]
	139
	140	const videoPlaylistsAddVideoValidator = [
	141	param('playlistId')
	142	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	143	body('videoId')
	144	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
	145	body('startTimestamp')
	146	.optional()
df0b219d	147	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	148	body('stopTimestamp')
418d092a C	149	.optional()
df0b219d	150	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	151
	152	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	153	logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
	154
	155	if (areValidationErrors(req, res)) return
	156
09979f89	157	if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return
07b1a18a	158	if (!await isVideoExist(req.body.videoId, res, 'only-video')) return
418d092a C	159
	160	const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
	161	const video: VideoModel = res.locals.video
	162
	163	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	164	if (videoPlaylistElement) {
	165	res.status(409)
	166	.json({ error: 'This video in this playlist already exists' })
	167	.end()
	168
	169	return
	170	}
	171
	172	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
	173	return
	174	}
	175
	176	return next()
	177	}
	178	]
	179
	180	const videoPlaylistsUpdateOrRemoveVideoValidator = [
	181	param('playlistId')
	182	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	183	param('videoId')
	184	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	185	body('startTimestamp')
	186	.optional()
df0b219d	187	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
418d092a C	188	body('stopTimestamp')
418d092a C	189	.optional()
df0b219d	190	.custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
418d092a C	191
	192	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	193	logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
	194
	195	if (areValidationErrors(req, res)) return
	196
09979f89	197	if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return
07b1a18a	198	if (!await isVideoExist(req.params.videoId, res, 'id')) return
418d092a C	199
	200	const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
	201	const video: VideoModel = res.locals.video
	202
	203	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
	204	if (!videoPlaylistElement) {
	205	res.status(404)
	206	.json({ error: 'Video playlist element not found' })
	207	.end()
	208
	209	return
	210	}
	211	res.locals.videoPlaylistElement = videoPlaylistElement
	212
	213	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	214
	215	return next()
	216	}
	217	]
	218
	219	const videoPlaylistElementAPGetValidator = [
	220	param('playlistId')
	221	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	222	param('videoId')
	223	.custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
	224
	225	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	226	logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
	227
	228	if (areValidationErrors(req, res)) return
	229
	230	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
	231	if (!videoPlaylistElement) {
	232	res.status(404)
	233	.json({ error: 'Video playlist element not found' })
	234	.end()
	235
	236	return
	237	}
	238
	239	if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
	240	return res.status(403).end()
	241	}
	242
	243	res.locals.videoPlaylistElement = videoPlaylistElement
	244
	245	return next()
	246	}
	247	]
	248
	249	const videoPlaylistsReorderVideosValidator = [
	250	param('playlistId')
	251	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
	252	body('startPosition')
	253	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
	254	body('insertAfterPosition')
	255	.isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
	256	body('reorderLength')
	257	.optional()
	258	.isInt({ min: 1 }).withMessage('Should have a valid range length'),
	259
	260	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	261	logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
	262
263	if (areValidationErrors(req, res)) return
264
09979f89	265	if (!await isVideoPlaylistExist(req.params.playlistId, res, 'all')) return
418d092a C	266
	267	const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
	268	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
	269
07b1a18a C	270	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
	271	const startPosition: number = req.body.startPosition
	272	const insertAfterPosition: number = req.body.insertAfterPosition
	273	const reorderLength: number = req.body.reorderLength
	274
	275	if (startPosition >= nextPosition \|\| insertAfterPosition >= nextPosition) {
	276	res.status(400)
	277	.json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
	278	.end()
	279
	280	return
	281	}
	282
	283	if (reorderLength && reorderLength + startPosition > nextPosition) {
	284	res.status(400)
	285	.json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
	286	.end()
	287
	288	return
	289	}
	290
418d092a C	291	return next()
	292	}
	293	]
	294
df0b219d C	295	const commonVideoPlaylistFiltersValidator = [
	296	query('playlistType')
	297	.optional()
	298	.custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
	299
	300	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	301	logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
	302
	303	if (areValidationErrors(req, res)) return
	304
	305	return next()
	306	}
	307	]
	308
f0a39880 C	309	const doVideosInPlaylistExistValidator = [
	310	query('videoIds')
	311	.customSanitizer(toIntArray)
	312	.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
	313
	314	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	315	logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
	316
	317	if (areValidationErrors(req, res)) return
	318
	319	return next()
	320	}
	321	]
	322
418d092a C	323	// ---------------------------------------------------------------------------
	324
	325	export {
	326	videoPlaylistsAddValidator,
	327	videoPlaylistsUpdateValidator,
	328	videoPlaylistsDeleteValidator,
	329	videoPlaylistsGetValidator,
	330
	331	videoPlaylistsAddVideoValidator,
	332	videoPlaylistsUpdateOrRemoveVideoValidator,
	333	videoPlaylistsReorderVideosValidator,
	334
df0b219d C	335	videoPlaylistElementAPGetValidator,
df0b219d C	336
f0a39880 C	337	commonVideoPlaylistFiltersValidator,
	338
	339	doVideosInPlaylistExistValidator
418d092a C	340	}
	341
	342	// ---------------------------------------------------------------------------
	343
	344	function getCommonPlaylistEditAttributes () {
	345	return [
	346	body('thumbnailfile')
	347	.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
	348	'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
	349	+ CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
	350	),
	351
	352	body('displayName')
	353	.custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
	354	body('description')
	355	.optional()
	356	.customSanitizer(toValueOrNull)
	357	.custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
	358	body('privacy')
	359	.optional()
	360	.toInt()
	361	.custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
	362	body('videoChannelId')
	363	.optional()
830b4faf	364	.customSanitizer(toValueOrNull)
418d092a C	365	.toInt()
	366	] as (ValidationChain \| express.Handler)[]
	367	}
	368
	369	function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
	370	if (videoPlaylist.isOwned() === false) {
	371	res.status(403)
	372	.json({ error: 'Cannot manage video playlist of another server.' })
	373	.end()
	374
	375	return false
	376	}
	377
	378	// Check if the user can manage the video playlist
	379	// The user can delete it if s/he is an admin
	380	// Or if s/he is the video playlist's owner
	381	if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
	382	res.status(403)
	383	.json({ error: 'Cannot manage video playlist of another user' })
	384	.end()
	385
	386	return false
	387	}
	388
	389	return true
	390	}