]>
Commit | Line | Data |
---|---|---|
1 | import { Request, Response } from 'express' | |
2 | import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' | |
3 | import { isAbleToUploadVideo } from '@server/lib/user' | |
4 | import { VideoTokensManager } from '@server/lib/video-tokens-manager' | |
5 | import { authenticatePromise } from '@server/middlewares/auth' | |
6 | import { VideoModel } from '@server/models/video/video' | |
7 | import { VideoChannelModel } from '@server/models/video/video-channel' | |
8 | import { VideoFileModel } from '@server/models/video/video-file' | |
9 | import { | |
10 | MUser, | |
11 | MUserAccountId, | |
12 | MUserId, | |
13 | MVideo, | |
14 | MVideoAccountLight, | |
15 | MVideoFormattableDetails, | |
16 | MVideoFullLight, | |
17 | MVideoId, | |
18 | MVideoImmutable, | |
19 | MVideoThumbnail, | |
20 | MVideoWithRights | |
21 | } from '@server/types/models' | |
22 | import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models' | |
23 | ||
24 | async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { | |
25 | const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined | |
26 | ||
27 | const video = await loadVideo(id, fetchType, userId) | |
28 | ||
29 | if (!video) { | |
30 | res.fail({ | |
31 | status: HttpStatusCode.NOT_FOUND_404, | |
32 | message: 'Video not found' | |
33 | }) | |
34 | ||
35 | return false | |
36 | } | |
37 | ||
38 | switch (fetchType) { | |
39 | case 'for-api': | |
40 | res.locals.videoAPI = video as MVideoFormattableDetails | |
41 | break | |
42 | ||
43 | case 'all': | |
44 | res.locals.videoAll = video as MVideoFullLight | |
45 | break | |
46 | ||
47 | case 'only-immutable-attributes': | |
48 | res.locals.onlyImmutableVideo = video as MVideoImmutable | |
49 | break | |
50 | ||
51 | case 'id': | |
52 | res.locals.videoId = video as MVideoId | |
53 | break | |
54 | ||
55 | case 'only-video': | |
56 | res.locals.onlyVideo = video as MVideoThumbnail | |
57 | break | |
58 | } | |
59 | ||
60 | return true | |
61 | } | |
62 | ||
63 | // --------------------------------------------------------------------------- | |
64 | ||
65 | async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) { | |
66 | if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) { | |
67 | res.fail({ | |
68 | status: HttpStatusCode.NOT_FOUND_404, | |
69 | message: 'VideoFile matching Video not found' | |
70 | }) | |
71 | return false | |
72 | } | |
73 | ||
74 | return true | |
75 | } | |
76 | ||
77 | // --------------------------------------------------------------------------- | |
78 | ||
79 | async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) { | |
80 | const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) | |
81 | ||
82 | if (videoChannel === null) { | |
83 | res.fail({ message: 'Unknown video "video channel" for this instance.' }) | |
84 | return false | |
85 | } | |
86 | ||
87 | // Don't check account id if the user can update any video | |
88 | if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) { | |
89 | res.locals.videoChannel = videoChannel | |
90 | return true | |
91 | } | |
92 | ||
93 | if (videoChannel.Account.id !== user.Account.id) { | |
94 | res.fail({ | |
95 | message: 'Unknown video "video channel" for this account.' | |
96 | }) | |
97 | return false | |
98 | } | |
99 | ||
100 | res.locals.videoChannel = videoChannel | |
101 | return true | |
102 | } | |
103 | ||
104 | // --------------------------------------------------------------------------- | |
105 | ||
106 | async function checkCanSeeVideo (options: { | |
107 | req: Request | |
108 | res: Response | |
109 | paramId: string | |
110 | video: MVideo | |
111 | }) { | |
112 | const { req, res, video, paramId } = options | |
113 | ||
114 | if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) { | |
115 | return checkCanSeeAuthVideo(req, res, video) | |
116 | } | |
117 | ||
118 | if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) { | |
119 | return true | |
120 | } | |
121 | ||
122 | throw new Error('Unknown video privacy when checking video right ' + video.url) | |
123 | } | |
124 | ||
125 | async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) { | |
126 | const fail = () => { | |
127 | res.fail({ | |
128 | status: HttpStatusCode.FORBIDDEN_403, | |
129 | message: 'Cannot fetch information of private/internal/blocked video' | |
130 | }) | |
131 | ||
132 | return false | |
133 | } | |
134 | ||
135 | await authenticatePromise(req, res) | |
136 | ||
137 | const user = res.locals.oauth?.token.User | |
138 | if (!user) return fail() | |
139 | ||
140 | const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId | |
141 | ? video as MVideoWithRights | |
142 | : await VideoModel.loadFull(video.id) | |
143 | ||
144 | const privacy = videoWithRights.privacy | |
145 | ||
146 | if (privacy === VideoPrivacy.INTERNAL) { | |
147 | // We know we have a user | |
148 | return true | |
149 | } | |
150 | ||
151 | const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id | |
152 | ||
153 | if (videoWithRights.isBlacklisted()) { | |
154 | if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true | |
155 | ||
156 | return fail() | |
157 | } | |
158 | ||
159 | if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) { | |
160 | if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true | |
161 | ||
162 | return fail() | |
163 | } | |
164 | ||
165 | // Should not happen | |
166 | return fail() | |
167 | } | |
168 | ||
169 | // --------------------------------------------------------------------------- | |
170 | ||
171 | async function checkCanAccessVideoStaticFiles (options: { | |
172 | video: MVideo | |
173 | req: Request | |
174 | res: Response | |
175 | paramId: string | |
176 | }) { | |
177 | const { video, req, res } = options | |
178 | ||
179 | if (res.locals.oauth?.token.User) { | |
180 | return checkCanSeeVideo(options) | |
181 | } | |
182 | ||
183 | if (!video.hasPrivateStaticPath()) return true | |
184 | ||
185 | const videoFileToken = req.query.videoFileToken | |
186 | if (!videoFileToken) { | |
187 | res.sendStatus(HttpStatusCode.FORBIDDEN_403) | |
188 | return false | |
189 | } | |
190 | ||
191 | if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { | |
192 | return true | |
193 | } | |
194 | ||
195 | res.sendStatus(HttpStatusCode.FORBIDDEN_403) | |
196 | return false | |
197 | } | |
198 | ||
199 | // --------------------------------------------------------------------------- | |
200 | ||
201 | function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { | |
202 | // Retrieve the user who did the request | |
203 | if (onlyOwned && video.isOwned() === false) { | |
204 | res.fail({ | |
205 | status: HttpStatusCode.FORBIDDEN_403, | |
206 | message: 'Cannot manage a video of another server.' | |
207 | }) | |
208 | return false | |
209 | } | |
210 | ||
211 | // Check if the user can delete the video | |
212 | // The user can delete it if he has the right | |
213 | // Or if s/he is the video's account | |
214 | const account = video.VideoChannel.Account | |
215 | if (user.hasRight(right) === false && account.userId !== user.id) { | |
216 | res.fail({ | |
217 | status: HttpStatusCode.FORBIDDEN_403, | |
218 | message: 'Cannot manage a video of another user.' | |
219 | }) | |
220 | return false | |
221 | } | |
222 | ||
223 | return true | |
224 | } | |
225 | ||
226 | // --------------------------------------------------------------------------- | |
227 | ||
228 | async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) { | |
229 | if (await isAbleToUploadVideo(user.id, videoFileSize) === false) { | |
230 | res.fail({ | |
231 | status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, | |
232 | message: 'The user video quota is exceeded with this video.', | |
233 | type: ServerErrorCode.QUOTA_REACHED | |
234 | }) | |
235 | return false | |
236 | } | |
237 | ||
238 | return true | |
239 | } | |
240 | ||
241 | // --------------------------------------------------------------------------- | |
242 | ||
243 | export { | |
244 | doesVideoChannelOfAccountExist, | |
245 | doesVideoExist, | |
246 | doesVideoFileOfVideoExist, | |
247 | ||
248 | checkCanAccessVideoStaticFiles, | |
249 | checkUserCanManageVideo, | |
250 | checkCanSeeVideo, | |
251 | checkUserQuota | |
252 | } |