]>
Commit | Line | Data |
---|---|---|
69818c93 | 1 | import 'express-validator' |
69818c93 | 2 | import * as express from 'express' |
0a6658fd C |
3 | import * as Promise from 'bluebird' |
4 | import * as validator from 'validator' | |
69818c93 | 5 | |
e02643f3 | 6 | import { database as db } from '../../initializers/database' |
65fcc311 C |
7 | import { checkErrors } from './utils' |
8 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | |
9 | import { logger, isVideoDurationValid } from '../../helpers' | |
0a6658fd | 10 | import { VideoInstance } from '../../models' |
34ca3b52 | 11 | |
69818c93 | 12 | function videosAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
69f616ab C |
13 | // FIXME: Don't write an error message, it seems there is a bug with express-validator |
14 | // 'Should have a valid file' | |
15 | req.checkBody('videofile').isVideoFile(req.files) | |
be587647 | 16 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() |
6e07c3de | 17 | req.checkBody('category', 'Should have a valid category').isVideoCategoryValid() |
6f0c39e2 | 18 | req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid() |
3092476e | 19 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() |
31b59b47 | 20 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid() |
be587647 | 21 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() |
e54163c2 | 22 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() |
34ca3b52 | 23 | |
9f10b292 | 24 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) |
34ca3b52 | 25 | |
075f16ca | 26 | checkErrors(req, res, () => { |
556ddc31 | 27 | const videoFile = req.files['videofile'][0] |
67100f1f | 28 | |
6fcd19ba C |
29 | db.Video.getDurationFromFile(videoFile.path) |
30 | .then(duration => { | |
31 | if (!isVideoDurationValid('' + duration)) { | |
32 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | |
33 | } | |
67100f1f | 34 | |
6fcd19ba C |
35 | videoFile['duration'] = duration |
36 | next() | |
37 | }) | |
38 | .catch(err => { | |
ad0997ad | 39 | logger.error('Error in getting duration from file.', err) |
6fcd19ba C |
40 | res.status(400).send('Cannot retrieve metadata of the file.') |
41 | }) | |
67100f1f | 42 | }) |
9f10b292 | 43 | } |
34ca3b52 | 44 | |
69818c93 | 45 | function videosUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 46 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
7b1f49de | 47 | req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid() |
6e07c3de | 48 | req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid() |
6f0c39e2 | 49 | req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid() |
3092476e | 50 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() |
31b59b47 | 51 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid() |
7b1f49de C |
52 | req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid() |
53 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | |
34ca3b52 | 54 | |
7b1f49de | 55 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) |
34ca3b52 | 56 | |
075f16ca C |
57 | checkErrors(req, res, () => { |
58 | checkVideoExists(req.params.id, res, () => { | |
63d00f5d C |
59 | // We need to make additional checks |
60 | if (res.locals.video.isOwned() === false) { | |
61 | return res.status(403).send('Cannot update video of another pod') | |
62 | } | |
45abb8b9 | 63 | |
63d00f5d C |
64 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
65 | return res.status(403).send('Cannot update video of another user') | |
66 | } | |
45abb8b9 | 67 | |
63d00f5d C |
68 | next() |
69 | }) | |
7b1f49de C |
70 | }) |
71 | } | |
c173e565 | 72 | |
69818c93 | 73 | function videosGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 74 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
34ca3b52 | 75 | |
7b1f49de C |
76 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
77 | ||
075f16ca | 78 | checkErrors(req, res, () => { |
7b1f49de | 79 | checkVideoExists(req.params.id, res, next) |
9f10b292 C |
80 | }) |
81 | } | |
34ca3b52 | 82 | |
69818c93 | 83 | function videosRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 84 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
34ca3b52 | 85 | |
9f10b292 | 86 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |
34ca3b52 | 87 | |
075f16ca C |
88 | checkErrors(req, res, () => { |
89 | checkVideoExists(req.params.id, res, () => { | |
818f7987 C |
90 | // We need to make additional checks |
91 | ||
198b205c | 92 | // Check if the user who did the request is able to delete the video |
075f16ca | 93 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => { |
198b205c GS |
94 | next() |
95 | }) | |
34ca3b52 | 96 | }) |
9f10b292 C |
97 | }) |
98 | } | |
34ca3b52 | 99 | |
69818c93 | 100 | function videosSearchValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
65fcc311 | 101 | const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS |
be587647 | 102 | req.checkParams('value', 'Should have a valid search').notEmpty() |
46246b5f | 103 | req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns) |
c45f7f84 | 104 | |
9f10b292 | 105 | logger.debug('Checking videosSearch parameters', { parameters: req.params }) |
c45f7f84 | 106 | |
9f10b292 C |
107 | checkErrors(req, res, next) |
108 | } | |
c45f7f84 | 109 | |
69818c93 | 110 | function videoAbuseReportValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 111 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
55fa55a9 C |
112 | req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid() |
113 | ||
114 | logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) | |
115 | ||
075f16ca | 116 | checkErrors(req, res, () => { |
55fa55a9 C |
117 | checkVideoExists(req.params.id, res, next) |
118 | }) | |
119 | } | |
120 | ||
69818c93 | 121 | function videoRateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 122 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
d38b8281 C |
123 | req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid() |
124 | ||
125 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | |
126 | ||
075f16ca | 127 | checkErrors(req, res, () => { |
d38b8281 C |
128 | checkVideoExists(req.params.id, res, next) |
129 | }) | |
130 | } | |
131 | ||
69818c93 | 132 | function videosBlacklistValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
0a6658fd | 133 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() |
ab683a8e C |
134 | |
135 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | |
136 | ||
075f16ca C |
137 | checkErrors(req, res, () => { |
138 | checkVideoExists(req.params.id, res, () => { | |
ab683a8e C |
139 | checkVideoIsBlacklistable(req, res, next) |
140 | }) | |
141 | }) | |
142 | } | |
143 | ||
9f10b292 | 144 | // --------------------------------------------------------------------------- |
c45f7f84 | 145 | |
65fcc311 C |
146 | export { |
147 | videosAddValidator, | |
148 | videosUpdateValidator, | |
149 | videosGetValidator, | |
150 | videosRemoveValidator, | |
151 | videosSearchValidator, | |
152 | ||
153 | videoAbuseReportValidator, | |
154 | ||
155 | videoRateValidator, | |
156 | ||
157 | videosBlacklistValidator | |
158 | } | |
7b1f49de C |
159 | |
160 | // --------------------------------------------------------------------------- | |
161 | ||
69818c93 | 162 | function checkVideoExists (id: string, res: express.Response, callback: () => void) { |
0a6658fd C |
163 | let promise: Promise<VideoInstance> |
164 | if (validator.isInt(id)) { | |
165 | promise = db.Video.loadAndPopulateAuthorAndPodAndTags(+id) | |
166 | } else { // UUID | |
167 | promise = db.Video.loadByUUIDAndPopulateAuthorAndPodAndTags(id) | |
168 | } | |
169 | ||
170 | promise.then(video => { | |
7b1f49de C |
171 | if (!video) return res.status(404).send('Video not found') |
172 | ||
173 | res.locals.video = video | |
174 | callback() | |
175 | }) | |
6fcd19ba | 176 | .catch(err => { |
ad0997ad | 177 | logger.error('Error in video request validator.', err) |
6fcd19ba C |
178 | return res.sendStatus(500) |
179 | }) | |
7b1f49de | 180 | } |
198b205c | 181 | |
69818c93 | 182 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { |
198b205c | 183 | // Retrieve the user who did the request |
6fcd19ba C |
184 | db.User.loadById(userId) |
185 | .then(user => { | |
186 | // Check if the user can delete the video | |
187 | // The user can delete it if s/he is an admin | |
188 | // Or if s/he is the video's author | |
189 | if (user.isAdmin() === false) { | |
190 | if (res.locals.video.isOwned() === false) { | |
191 | return res.status(403).send('Cannot remove video of another pod') | |
192 | } | |
193 | ||
194 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | |
195 | return res.status(403).send('Cannot remove video of another user') | |
196 | } | |
198b205c | 197 | } |
198b205c | 198 | |
6fcd19ba C |
199 | // If we reach this comment, we can delete the video |
200 | callback() | |
201 | }) | |
202 | .catch(err => { | |
ad0997ad | 203 | logger.error('Error in video request validator.', err) |
6fcd19ba C |
204 | return res.sendStatus(500) |
205 | }) | |
198b205c GS |
206 | } |
207 | ||
69818c93 | 208 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { |
198b205c | 209 | if (res.locals.video.isOwned() === true) { |
ab683a8e | 210 | return res.status(403).send('Cannot blacklist a local video') |
198b205c GS |
211 | } |
212 | ||
213 | callback() | |
214 | } |