]>
Commit | Line | Data |
---|---|---|
feb4bdfd | 1 | const db = require('../../initializers/database') |
65fcc311 C |
2 | import { checkErrors } from './utils' |
3 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | |
4 | import { logger, isVideoDurationValid } from '../../helpers' | |
34ca3b52 | 5 | |
65fcc311 | 6 | function videosAddValidator (req, res, next) { |
f6f7dfee | 7 | req.checkBody('videofile', 'Should have a valid file').isVideoFile(req.files) |
be587647 | 8 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() |
6e07c3de | 9 | req.checkBody('category', 'Should have a valid category').isVideoCategoryValid() |
6f0c39e2 | 10 | req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid() |
3092476e | 11 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() |
31b59b47 | 12 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid() |
be587647 | 13 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() |
e54163c2 | 14 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() |
34ca3b52 | 15 | |
9f10b292 | 16 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) |
34ca3b52 | 17 | |
67100f1f C |
18 | checkErrors(req, res, function () { |
19 | const videoFile = req.files.videofile[0] | |
20 | ||
feb4bdfd | 21 | db.Video.getDurationFromFile(videoFile.path, function (err, duration) { |
67100f1f C |
22 | if (err) { |
23 | return res.status(400).send('Cannot retrieve metadata of the file.') | |
24 | } | |
25 | ||
65fcc311 C |
26 | if (!isVideoDurationValid(duration)) { |
27 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | |
67100f1f C |
28 | } |
29 | ||
30 | videoFile.duration = duration | |
31 | next() | |
32 | }) | |
33 | }) | |
9f10b292 | 34 | } |
34ca3b52 | 35 | |
65fcc311 | 36 | function videosUpdateValidator (req, res, next) { |
feb4bdfd | 37 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
7b1f49de | 38 | req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid() |
6e07c3de | 39 | req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid() |
6f0c39e2 | 40 | req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid() |
3092476e | 41 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() |
31b59b47 | 42 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid() |
7b1f49de C |
43 | req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid() |
44 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | |
34ca3b52 | 45 | |
7b1f49de | 46 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) |
34ca3b52 | 47 | |
9f10b292 | 48 | checkErrors(req, res, function () { |
63d00f5d C |
49 | checkVideoExists(req.params.id, res, function () { |
50 | // We need to make additional checks | |
51 | if (res.locals.video.isOwned() === false) { | |
52 | return res.status(403).send('Cannot update video of another pod') | |
53 | } | |
45abb8b9 | 54 | |
63d00f5d C |
55 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
56 | return res.status(403).send('Cannot update video of another user') | |
57 | } | |
45abb8b9 | 58 | |
63d00f5d C |
59 | next() |
60 | }) | |
7b1f49de C |
61 | }) |
62 | } | |
c173e565 | 63 | |
65fcc311 | 64 | function videosGetValidator (req, res, next) { |
7b1f49de | 65 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
34ca3b52 | 66 | |
7b1f49de C |
67 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
68 | ||
69 | checkErrors(req, res, function () { | |
70 | checkVideoExists(req.params.id, res, next) | |
9f10b292 C |
71 | }) |
72 | } | |
34ca3b52 | 73 | |
65fcc311 | 74 | function videosRemoveValidator (req, res, next) { |
feb4bdfd | 75 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
34ca3b52 | 76 | |
9f10b292 | 77 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |
34ca3b52 | 78 | |
9f10b292 | 79 | checkErrors(req, res, function () { |
818f7987 C |
80 | checkVideoExists(req.params.id, res, function () { |
81 | // We need to make additional checks | |
82 | ||
198b205c GS |
83 | // Check if the user who did the request is able to delete the video |
84 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, function () { | |
85 | next() | |
86 | }) | |
34ca3b52 | 87 | }) |
9f10b292 C |
88 | }) |
89 | } | |
34ca3b52 | 90 | |
65fcc311 C |
91 | function videosSearchValidator (req, res, next) { |
92 | const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS | |
be587647 | 93 | req.checkParams('value', 'Should have a valid search').notEmpty() |
46246b5f | 94 | req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns) |
c45f7f84 | 95 | |
9f10b292 | 96 | logger.debug('Checking videosSearch parameters', { parameters: req.params }) |
c45f7f84 | 97 | |
9f10b292 C |
98 | checkErrors(req, res, next) |
99 | } | |
c45f7f84 | 100 | |
65fcc311 | 101 | function videoAbuseReportValidator (req, res, next) { |
55fa55a9 C |
102 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
103 | req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid() | |
104 | ||
105 | logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) | |
106 | ||
107 | checkErrors(req, res, function () { | |
108 | checkVideoExists(req.params.id, res, next) | |
109 | }) | |
110 | } | |
111 | ||
65fcc311 | 112 | function videoRateValidator (req, res, next) { |
d38b8281 C |
113 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
114 | req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid() | |
115 | ||
116 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | |
117 | ||
118 | checkErrors(req, res, function () { | |
119 | checkVideoExists(req.params.id, res, next) | |
120 | }) | |
121 | } | |
122 | ||
65fcc311 | 123 | function videosBlacklistValidator (req, res, next) { |
ab683a8e C |
124 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) |
125 | ||
126 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | |
127 | ||
128 | checkErrors(req, res, function () { | |
129 | checkVideoExists(req.params.id, res, function () { | |
130 | checkVideoIsBlacklistable(req, res, next) | |
131 | }) | |
132 | }) | |
133 | } | |
134 | ||
9f10b292 | 135 | // --------------------------------------------------------------------------- |
c45f7f84 | 136 | |
65fcc311 C |
137 | export { |
138 | videosAddValidator, | |
139 | videosUpdateValidator, | |
140 | videosGetValidator, | |
141 | videosRemoveValidator, | |
142 | videosSearchValidator, | |
143 | ||
144 | videoAbuseReportValidator, | |
145 | ||
146 | videoRateValidator, | |
147 | ||
148 | videosBlacklistValidator | |
149 | } | |
7b1f49de C |
150 | |
151 | // --------------------------------------------------------------------------- | |
152 | ||
153 | function checkVideoExists (id, res, callback) { | |
154 | db.Video.loadAndPopulateAuthorAndPodAndTags(id, function (err, video) { | |
155 | if (err) { | |
156 | logger.error('Error in video request validator.', { error: err }) | |
157 | return res.sendStatus(500) | |
158 | } | |
159 | ||
160 | if (!video) return res.status(404).send('Video not found') | |
161 | ||
162 | res.locals.video = video | |
163 | callback() | |
164 | }) | |
165 | } | |
198b205c GS |
166 | |
167 | function checkUserCanDeleteVideo (userId, res, callback) { | |
168 | // Retrieve the user who did the request | |
169 | db.User.loadById(userId, function (err, user) { | |
170 | if (err) { | |
171 | logger.error('Error in video request validator.', { error: err }) | |
172 | return res.sendStatus(500) | |
173 | } | |
174 | ||
175 | // Check if the user can delete the video | |
ab683a8e C |
176 | // The user can delete it if s/he is an admin |
177 | // Or if s/he is the video's author | |
198b205c GS |
178 | if (user.isAdmin() === false) { |
179 | if (res.locals.video.isOwned() === false) { | |
180 | return res.status(403).send('Cannot remove video of another pod') | |
181 | } | |
182 | ||
183 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | |
184 | return res.status(403).send('Cannot remove video of another user') | |
185 | } | |
186 | } | |
187 | ||
188 | // If we reach this comment, we can delete the video | |
189 | callback() | |
190 | }) | |
191 | } | |
192 | ||
193 | function checkVideoIsBlacklistable (req, res, callback) { | |
194 | if (res.locals.video.isOwned() === true) { | |
ab683a8e | 195 | return res.status(403).send('Cannot blacklist a local video') |
198b205c GS |
196 | } |
197 | ||
198 | callback() | |
199 | } |