]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { body, param } from 'express-validator/check' | |
3 | import { UserRight } from '../../../../shared' | |
4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | |
5 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' | |
6 | import { doesVideoExist } from '../../../helpers/custom-validators/videos' | |
7 | import { logger } from '../../../helpers/logger' | |
8 | import { UserModel } from '../../../models/account/user' | |
9 | import { VideoModel } from '../../../models/video/video' | |
10 | import { VideoCommentModel } from '../../../models/video/video-comment' | |
11 | import { areValidationErrors } from '../utils' | |
12 | import { Hooks } from '../../../lib/plugins/hooks' | |
13 | import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation' | |
14 | ||
15 | const listVideoCommentThreadsValidator = [ | |
16 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
17 | ||
18 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
19 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) | |
20 | ||
21 | if (areValidationErrors(req, res)) return | |
22 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
23 | ||
24 | return next() | |
25 | } | |
26 | ] | |
27 | ||
28 | const listVideoThreadCommentsValidator = [ | |
29 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
30 | param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | |
31 | ||
32 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
33 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) | |
34 | ||
35 | if (areValidationErrors(req, res)) return | |
36 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
37 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return | |
38 | ||
39 | return next() | |
40 | } | |
41 | ] | |
42 | ||
43 | const addVideoCommentThreadValidator = [ | |
44 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
45 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
46 | ||
47 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
48 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) | |
49 | ||
50 | if (areValidationErrors(req, res)) return | |
51 | if (!await doesVideoExist(req.params.videoId, res)) return | |
52 | if (!isVideoCommentsEnabled(res.locals.video, res)) return | |
53 | if (!await isVideoCommentAccepted(req, res, false)) return | |
54 | ||
55 | return next() | |
56 | } | |
57 | ] | |
58 | ||
59 | const addVideoCommentReplyValidator = [ | |
60 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
61 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
62 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
63 | ||
64 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
65 | logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) | |
66 | ||
67 | if (areValidationErrors(req, res)) return | |
68 | if (!await doesVideoExist(req.params.videoId, res)) return | |
69 | if (!isVideoCommentsEnabled(res.locals.video, res)) return | |
70 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return | |
71 | if (!await isVideoCommentAccepted(req, res, true)) return | |
72 | ||
73 | return next() | |
74 | } | |
75 | ] | |
76 | ||
77 | const videoCommentGetValidator = [ | |
78 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
79 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
80 | ||
81 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
82 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | |
83 | ||
84 | if (areValidationErrors(req, res)) return | |
85 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return | |
86 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return | |
87 | ||
88 | return next() | |
89 | } | |
90 | ] | |
91 | ||
92 | const removeVideoCommentValidator = [ | |
93 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
94 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
95 | ||
96 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
97 | logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) | |
98 | ||
99 | if (areValidationErrors(req, res)) return | |
100 | if (!await doesVideoExist(req.params.videoId, res)) return | |
101 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return | |
102 | ||
103 | // Check if the user who did the request is able to delete the video | |
104 | if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return | |
105 | ||
106 | return next() | |
107 | } | |
108 | ] | |
109 | ||
110 | // --------------------------------------------------------------------------- | |
111 | ||
112 | export { | |
113 | listVideoCommentThreadsValidator, | |
114 | listVideoThreadCommentsValidator, | |
115 | addVideoCommentThreadValidator, | |
116 | addVideoCommentReplyValidator, | |
117 | videoCommentGetValidator, | |
118 | removeVideoCommentValidator | |
119 | } | |
120 | ||
121 | // --------------------------------------------------------------------------- | |
122 | ||
123 | async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) { | |
124 | const videoComment = await VideoCommentModel.loadById(id) | |
125 | ||
126 | if (!videoComment) { | |
127 | res.status(404) | |
128 | .json({ error: 'Video comment thread not found' }) | |
129 | .end() | |
130 | ||
131 | return false | |
132 | } | |
133 | ||
134 | if (videoComment.videoId !== video.id) { | |
135 | res.status(400) | |
136 | .json({ error: 'Video comment is associated to this video.' }) | |
137 | .end() | |
138 | ||
139 | return false | |
140 | } | |
141 | ||
142 | if (videoComment.inReplyToCommentId !== null) { | |
143 | res.status(400) | |
144 | .json({ error: 'Video comment is not a thread.' }) | |
145 | .end() | |
146 | ||
147 | return false | |
148 | } | |
149 | ||
150 | res.locals.videoCommentThread = videoComment | |
151 | return true | |
152 | } | |
153 | ||
154 | async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) { | |
155 | const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) | |
156 | ||
157 | if (!videoComment) { | |
158 | res.status(404) | |
159 | .json({ error: 'Video comment thread not found' }) | |
160 | .end() | |
161 | ||
162 | return false | |
163 | } | |
164 | ||
165 | if (videoComment.videoId !== video.id) { | |
166 | res.status(400) | |
167 | .json({ error: 'Video comment is associated to this video.' }) | |
168 | .end() | |
169 | ||
170 | return false | |
171 | } | |
172 | ||
173 | res.locals.videoComment = videoComment | |
174 | return true | |
175 | } | |
176 | ||
177 | function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { | |
178 | if (video.commentsEnabled !== true) { | |
179 | res.status(409) | |
180 | .json({ error: 'Video comments are disabled for this video.' }) | |
181 | .end() | |
182 | ||
183 | return false | |
184 | } | |
185 | ||
186 | return true | |
187 | } | |
188 | ||
189 | function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { | |
190 | const account = videoComment.Account | |
191 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { | |
192 | res.status(403) | |
193 | .json({ error: 'Cannot remove video comment of another user' }) | |
194 | .end() | |
195 | return false | |
196 | } | |
197 | ||
198 | return true | |
199 | } | |
200 | ||
201 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) { | |
202 | const acceptParameters = { | |
203 | video: res.locals.video, | |
204 | commentBody: req.body, | |
205 | user: res.locals.oauth.token.User | |
206 | } | |
207 | ||
208 | let acceptedResult: AcceptResult | |
209 | ||
210 | if (isReply) { | |
211 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment }) | |
212 | ||
213 | acceptedResult = await Hooks.wrapFun( | |
214 | isLocalVideoCommentReplyAccepted, | |
215 | acceptReplyParameters, | |
216 | 'filter:api.video-comment-reply.create.accept.result' | |
217 | ) | |
218 | } else { | |
219 | acceptedResult = await Hooks.wrapFun( | |
220 | isLocalVideoThreadAccepted, | |
221 | acceptParameters, | |
222 | 'filter:api.video-thread.create.accept.result' | |
223 | ) | |
224 | } | |
225 | ||
226 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
227 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | |
228 | res.status(403) | |
229 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | |
230 | ||
231 | return false | |
232 | } | |
233 | ||
234 | return true | |
235 | } |