]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { body, param, query } from 'express-validator' | |
3 | import { MUserAccountUrl } from '@server/types/models' | |
4 | import { UserRight } from '../../../../shared' | |
5 | import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' | |
6 | import { | |
7 | doesVideoCommentExist, | |
8 | doesVideoCommentThreadExist, | |
9 | isValidVideoCommentText | |
10 | } from '../../../helpers/custom-validators/video-comments' | |
11 | import { logger } from '../../../helpers/logger' | |
12 | import { doesVideoExist } from '../../../helpers/middlewares' | |
13 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' | |
14 | import { Hooks } from '../../../lib/plugins/hooks' | |
15 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' | |
16 | import { areValidationErrors } from '../utils' | |
17 | ||
18 | const listVideoCommentsValidator = [ | |
19 | query('isLocal') | |
20 | .optional() | |
21 | .customSanitizer(toBooleanOrNull) | |
22 | .custom(isBooleanValid) | |
23 | .withMessage('Should have a valid is local boolean'), | |
24 | ||
25 | query('search') | |
26 | .optional() | |
27 | .custom(exists).withMessage('Should have a valid search'), | |
28 | ||
29 | query('searchAccount') | |
30 | .optional() | |
31 | .custom(exists).withMessage('Should have a valid account search'), | |
32 | ||
33 | query('searchVideo') | |
34 | .optional() | |
35 | .custom(exists).withMessage('Should have a valid video search'), | |
36 | ||
37 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
38 | logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query }) | |
39 | ||
40 | if (areValidationErrors(req, res)) return | |
41 | ||
42 | return next() | |
43 | } | |
44 | ] | |
45 | ||
46 | const listVideoCommentThreadsValidator = [ | |
47 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
48 | ||
49 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
50 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) | |
51 | ||
52 | if (areValidationErrors(req, res)) return | |
53 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
54 | ||
55 | return next() | |
56 | } | |
57 | ] | |
58 | ||
59 | const listVideoThreadCommentsValidator = [ | |
60 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
61 | param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | |
62 | ||
63 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
64 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) | |
65 | ||
66 | if (areValidationErrors(req, res)) return | |
67 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | |
68 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return | |
69 | ||
70 | return next() | |
71 | } | |
72 | ] | |
73 | ||
74 | const addVideoCommentThreadValidator = [ | |
75 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
76 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
77 | ||
78 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
79 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) | |
80 | ||
81 | if (areValidationErrors(req, res)) return | |
82 | if (!await doesVideoExist(req.params.videoId, res)) return | |
83 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | |
84 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return | |
85 | ||
86 | return next() | |
87 | } | |
88 | ] | |
89 | ||
90 | const addVideoCommentReplyValidator = [ | |
91 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
92 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
93 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | |
94 | ||
95 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
96 | logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) | |
97 | ||
98 | if (areValidationErrors(req, res)) return | |
99 | if (!await doesVideoExist(req.params.videoId, res)) return | |
100 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | |
101 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
102 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return | |
103 | ||
104 | return next() | |
105 | } | |
106 | ] | |
107 | ||
108 | const videoCommentGetValidator = [ | |
109 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
110 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
111 | ||
112 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
113 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | |
114 | ||
115 | if (areValidationErrors(req, res)) return | |
116 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return | |
117 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return | |
118 | ||
119 | return next() | |
120 | } | |
121 | ] | |
122 | ||
123 | const removeVideoCommentValidator = [ | |
124 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | |
125 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | |
126 | ||
127 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
128 | logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) | |
129 | ||
130 | if (areValidationErrors(req, res)) return | |
131 | if (!await doesVideoExist(req.params.videoId, res)) return | |
132 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | |
133 | ||
134 | // Check if the user who did the request is able to delete the video | |
135 | if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return | |
136 | ||
137 | return next() | |
138 | } | |
139 | ] | |
140 | ||
141 | // --------------------------------------------------------------------------- | |
142 | ||
143 | export { | |
144 | listVideoCommentThreadsValidator, | |
145 | listVideoThreadCommentsValidator, | |
146 | addVideoCommentThreadValidator, | |
147 | listVideoCommentsValidator, | |
148 | addVideoCommentReplyValidator, | |
149 | videoCommentGetValidator, | |
150 | removeVideoCommentValidator | |
151 | } | |
152 | ||
153 | // --------------------------------------------------------------------------- | |
154 | ||
155 | function isVideoCommentsEnabled (video: MVideo, res: express.Response) { | |
156 | if (video.commentsEnabled !== true) { | |
157 | res.status(409) | |
158 | .json({ error: 'Video comments are disabled for this video.' }) | |
159 | ||
160 | return false | |
161 | } | |
162 | ||
163 | return true | |
164 | } | |
165 | ||
166 | function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) { | |
167 | if (videoComment.isDeleted()) { | |
168 | res.status(409) | |
169 | .json({ error: 'This comment is already deleted' }) | |
170 | ||
171 | return false | |
172 | } | |
173 | ||
174 | const userAccount = user.Account | |
175 | ||
176 | if ( | |
177 | user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator | |
178 | videoComment.accountId !== userAccount.id && // Not the comment owner | |
179 | videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner | |
180 | ) { | |
181 | res.status(403) | |
182 | .json({ error: 'Cannot remove video comment of another user' }) | |
183 | ||
184 | return false | |
185 | } | |
186 | ||
187 | return true | |
188 | } | |
189 | ||
190 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { | |
191 | const acceptParameters = { | |
192 | video, | |
193 | commentBody: req.body, | |
194 | user: res.locals.oauth.token.User | |
195 | } | |
196 | ||
197 | let acceptedResult: AcceptResult | |
198 | ||
199 | if (isReply) { | |
200 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) | |
201 | ||
202 | acceptedResult = await Hooks.wrapFun( | |
203 | isLocalVideoCommentReplyAccepted, | |
204 | acceptReplyParameters, | |
205 | 'filter:api.video-comment-reply.create.accept.result' | |
206 | ) | |
207 | } else { | |
208 | acceptedResult = await Hooks.wrapFun( | |
209 | isLocalVideoThreadAccepted, | |
210 | acceptParameters, | |
211 | 'filter:api.video-thread.create.accept.result' | |
212 | ) | |
213 | } | |
214 | ||
215 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
216 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | |
217 | res.status(403) | |
218 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | |
219 | ||
220 | return false | |
221 | } | |
222 | ||
223 | return true | |
224 | } |