]>
Commit | Line | Data |
---|---|---|
1 | import express from 'express' | |
2 | import { body, param, query } from 'express-validator' | |
3 | import { MUserAccountUrl } from '@server/types/models' | |
4 | import { HttpStatusCode, UserRight } from '@shared/models' | |
5 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' | |
6 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' | |
7 | import { logger } from '../../../helpers/logger' | |
8 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' | |
9 | import { Hooks } from '../../../lib/plugins/hooks' | |
10 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' | |
11 | import { | |
12 | areValidationErrors, | |
13 | checkCanSeeVideoIfPrivate, | |
14 | doesVideoCommentExist, | |
15 | doesVideoCommentThreadExist, | |
16 | doesVideoExist, | |
17 | isValidVideoIdParam | |
18 | } from '../shared' | |
19 | ||
20 | const listVideoCommentsValidator = [ | |
21 | query('isLocal') | |
22 | .optional() | |
23 | .customSanitizer(toBooleanOrNull) | |
24 | .custom(isBooleanValid) | |
25 | .withMessage('Should have a valid is local boolean'), | |
26 | ||
27 | query('search') | |
28 | .optional() | |
29 | .custom(exists).withMessage('Should have a valid search'), | |
30 | ||
31 | query('searchAccount') | |
32 | .optional() | |
33 | .custom(exists).withMessage('Should have a valid account search'), | |
34 | ||
35 | query('searchVideo') | |
36 | .optional() | |
37 | .custom(exists).withMessage('Should have a valid video search'), | |
38 | ||
39 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
40 | logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query }) | |
41 | ||
42 | if (areValidationErrors(req, res)) return | |
43 | ||
44 | return next() | |
45 | } | |
46 | ] | |
47 | ||
48 | const listVideoCommentThreadsValidator = [ | |
49 | isValidVideoIdParam('videoId'), | |
50 | ||
51 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
52 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) | |
53 | ||
54 | if (areValidationErrors(req, res)) return | |
55 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
56 | ||
57 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return | |
58 | ||
59 | return next() | |
60 | } | |
61 | ] | |
62 | ||
63 | const listVideoThreadCommentsValidator = [ | |
64 | isValidVideoIdParam('videoId'), | |
65 | ||
66 | param('threadId') | |
67 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | |
68 | ||
69 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
70 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) | |
71 | ||
72 | if (areValidationErrors(req, res)) return | |
73 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
74 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return | |
75 | ||
76 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return | |
77 | ||
78 | return next() | |
79 | } | |
80 | ] | |
81 | ||
82 | const addVideoCommentThreadValidator = [ | |
83 | isValidVideoIdParam('videoId'), | |
84 | ||
85 | body('text') | |
86 | .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
87 | ||
88 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
89 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) | |
90 | ||
91 | if (areValidationErrors(req, res)) return | |
92 | if (!await doesVideoExist(req.params.videoId, res)) return | |
93 | ||
94 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return | |
95 | ||
96 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | |
97 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return | |
98 | ||
99 | return next() | |
100 | } | |
101 | ] | |
102 | ||
103 | const addVideoCommentReplyValidator = [ | |
104 | isValidVideoIdParam('videoId'), | |
105 | ||
106 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
107 | ||
108 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
109 | ||
110 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
111 | logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) | |
112 | ||
113 | if (areValidationErrors(req, res)) return | |
114 | if (!await doesVideoExist(req.params.videoId, res)) return | |
115 | ||
116 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return | |
117 | ||
118 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | |
119 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
120 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return | |
121 | ||
122 | return next() | |
123 | } | |
124 | ] | |
125 | ||
126 | const videoCommentGetValidator = [ | |
127 | isValidVideoIdParam('videoId'), | |
128 | ||
129 | param('commentId') | |
130 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
131 | ||
132 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
133 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | |
134 | ||
135 | if (areValidationErrors(req, res)) return | |
136 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return | |
137 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return | |
138 | ||
139 | return next() | |
140 | } | |
141 | ] | |
142 | ||
143 | const removeVideoCommentValidator = [ | |
144 | isValidVideoIdParam('videoId'), | |
145 | ||
146 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
147 | ||
148 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
149 | logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) | |
150 | ||
151 | if (areValidationErrors(req, res)) return | |
152 | if (!await doesVideoExist(req.params.videoId, res)) return | |
153 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
154 | ||
155 | // Check if the user who did the request is able to delete the video | |
156 | if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return | |
157 | ||
158 | return next() | |
159 | } | |
160 | ] | |
161 | ||
162 | // --------------------------------------------------------------------------- | |
163 | ||
164 | export { | |
165 | listVideoCommentThreadsValidator, | |
166 | listVideoThreadCommentsValidator, | |
167 | addVideoCommentThreadValidator, | |
168 | listVideoCommentsValidator, | |
169 | addVideoCommentReplyValidator, | |
170 | videoCommentGetValidator, | |
171 | removeVideoCommentValidator | |
172 | } | |
173 | ||
174 | // --------------------------------------------------------------------------- | |
175 | ||
176 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { | |
177 | if (video.commentsEnabled !== true) { | |
178 | res.fail({ | |
179 | status: HttpStatusCode.CONFLICT_409, | |
180 | message: 'Video comments are disabled for this video.' | |
181 | }) | |
182 | return false | |
183 | } | |
184 | ||
185 | return true | |
186 | } | |
187 | ||
188 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { | |
189 | if (videoComment.isDeleted()) { | |
190 | res.fail({ | |
191 | status: HttpStatusCode.CONFLICT_409, | |
192 | message: 'This comment is already deleted' | |
193 | }) | |
194 | return false | |
195 | } | |
196 | ||
197 | const userAccount = user.Account | |
198 | ||
199 | if ( | |
200 | user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator | |
201 | videoComment.accountId !== userAccount.id && // Not the comment owner | |
202 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner | |
203 | ) { | |
204 | res.fail({ | |
205 | status: HttpStatusCode.FORBIDDEN_403, | |
206 | message: 'Cannot remove video comment of another user' | |
207 | }) | |
208 | return false | |
209 | } | |
210 | ||
211 | return true | |
212 | } | |
213 | ||
214 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { | |
215 | const acceptParameters = { | |
216 | video, | |
217 | commentBody: req.body, | |
218 | user: res.locals.oauth.token.User | |
219 | } | |
220 | ||
221 | let acceptedResult: AcceptResult | |
222 | ||
223 | if (isReply) { | |
224 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) | |
225 | ||
226 | acceptedResult = await Hooks.wrapFun( | |
227 | isLocalVideoCommentReplyAccepted, | |
228 | acceptReplyParameters, | |
229 | 'filter:api.video-comment-reply.create.accept.result' | |
230 | ) | |
231 | } else { | |
232 | acceptedResult = await Hooks.wrapFun( | |
233 | isLocalVideoThreadAccepted, | |
234 | acceptParameters, | |
235 | 'filter:api.video-thread.create.accept.result' | |
236 | ) | |
237 | } | |
238 | ||
239 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
240 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | |
241 | ||
242 | res.fail({ | |
243 | status: HttpStatusCode.FORBIDDEN_403, | |
244 | message: acceptedResult?.errorMessage || 'Refused local comment' | |
245 | }) | |
246 | return false | |
247 | } | |
248 | ||
249 | return true | |
250 | } |