]>
Commit | Line | Data |
---|---|---|
1 | import express from 'express' | |
2 | import { body, param, query } from 'express-validator' | |
3 | import { isResolvingToUnicastOnly } from '@server/helpers/dns' | |
4 | import { isPreImportVideoAccepted } from '@server/lib/moderation' | |
5 | import { Hooks } from '@server/lib/plugins/hooks' | |
6 | import { MUserAccountId, MVideoImport } from '@server/types/models' | |
7 | import { forceNumber } from '@shared/core-utils' | |
8 | import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models' | |
9 | import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model' | |
10 | import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc' | |
11 | import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports' | |
12 | import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos' | |
13 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | |
14 | import { logger } from '../../../helpers/logger' | |
15 | import { CONFIG } from '../../../initializers/config' | |
16 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' | |
17 | import { areValidationErrors, doesVideoChannelOfAccountExist, doesVideoImportExist } from '../shared' | |
18 | import { getCommonVideoEditAttributes } from './videos' | |
19 | ||
20 | const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | |
21 | body('channelId') | |
22 | .customSanitizer(toIntOrNull) | |
23 | .custom(isIdValid), | |
24 | body('targetUrl') | |
25 | .optional() | |
26 | .custom(isVideoImportTargetUrlValid), | |
27 | body('magnetUri') | |
28 | .optional() | |
29 | .custom(isVideoMagnetUriValid), | |
30 | body('torrentfile') | |
31 | .custom((value, { req }) => isVideoImportTorrentFile(req.files)) | |
32 | .withMessage( | |
33 | 'This torrent file is not supported or too large. Please, make sure it is of the following type: ' + | |
34 | CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ') | |
35 | ), | |
36 | body('name') | |
37 | .optional() | |
38 | .custom(isVideoNameValid).withMessage( | |
39 | `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long` | |
40 | ), | |
41 | ||
42 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
43 | const user = res.locals.oauth.token.User | |
44 | const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined | |
45 | ||
46 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | |
47 | ||
48 | if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) { | |
49 | cleanUpReqFiles(req) | |
50 | ||
51 | return res.fail({ | |
52 | status: HttpStatusCode.CONFLICT_409, | |
53 | message: 'HTTP import is not enabled on this instance.' | |
54 | }) | |
55 | } | |
56 | ||
57 | if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) { | |
58 | cleanUpReqFiles(req) | |
59 | ||
60 | return res.fail({ | |
61 | status: HttpStatusCode.CONFLICT_409, | |
62 | message: 'Torrent/magnet URI import is not enabled on this instance.' | |
63 | }) | |
64 | } | |
65 | ||
66 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) | |
67 | ||
68 | // Check we have at least 1 required param | |
69 | if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) { | |
70 | cleanUpReqFiles(req) | |
71 | ||
72 | return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' }) | |
73 | } | |
74 | ||
75 | if (req.body.targetUrl) { | |
76 | const hostname = new URL(req.body.targetUrl).hostname | |
77 | ||
78 | if (await isResolvingToUnicastOnly(hostname) !== true) { | |
79 | cleanUpReqFiles(req) | |
80 | ||
81 | return res.fail({ | |
82 | status: HttpStatusCode.FORBIDDEN_403, | |
83 | message: 'Cannot use non unicast IP as targetUrl.' | |
84 | }) | |
85 | } | |
86 | } | |
87 | ||
88 | if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req) | |
89 | ||
90 | return next() | |
91 | } | |
92 | ]) | |
93 | ||
94 | const getMyVideoImportsValidator = [ | |
95 | query('videoChannelSyncId') | |
96 | .optional() | |
97 | .custom(isIdValid), | |
98 | ||
99 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
100 | if (areValidationErrors(req, res)) return | |
101 | ||
102 | return next() | |
103 | } | |
104 | ] | |
105 | ||
106 | const videoImportDeleteValidator = [ | |
107 | param('id') | |
108 | .custom(isIdValid), | |
109 | ||
110 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
111 | if (areValidationErrors(req, res)) return | |
112 | ||
113 | if (!await doesVideoImportExist(parseInt(req.params.id), res)) return | |
114 | if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return | |
115 | ||
116 | if (res.locals.videoImport.state === VideoImportState.PENDING) { | |
117 | return res.fail({ | |
118 | status: HttpStatusCode.CONFLICT_409, | |
119 | message: 'Cannot delete a pending video import. Cancel it or wait for the end of the import first.' | |
120 | }) | |
121 | } | |
122 | ||
123 | return next() | |
124 | } | |
125 | ] | |
126 | ||
127 | const videoImportCancelValidator = [ | |
128 | param('id') | |
129 | .custom(isIdValid), | |
130 | ||
131 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
132 | if (areValidationErrors(req, res)) return | |
133 | ||
134 | if (!await doesVideoImportExist(forceNumber(req.params.id), res)) return | |
135 | if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return | |
136 | ||
137 | if (res.locals.videoImport.state !== VideoImportState.PENDING) { | |
138 | return res.fail({ | |
139 | status: HttpStatusCode.CONFLICT_409, | |
140 | message: 'Cannot cancel a non pending video import.' | |
141 | }) | |
142 | } | |
143 | ||
144 | return next() | |
145 | } | |
146 | ] | |
147 | ||
148 | // --------------------------------------------------------------------------- | |
149 | ||
150 | export { | |
151 | videoImportAddValidator, | |
152 | videoImportCancelValidator, | |
153 | videoImportDeleteValidator, | |
154 | getMyVideoImportsValidator | |
155 | } | |
156 | ||
157 | // --------------------------------------------------------------------------- | |
158 | ||
159 | async function isImportAccepted (req: express.Request, res: express.Response) { | |
160 | const body: VideoImportCreate = req.body | |
161 | const hookName = body.targetUrl | |
162 | ? 'filter:api.video.pre-import-url.accept.result' | |
163 | : 'filter:api.video.pre-import-torrent.accept.result' | |
164 | ||
165 | // Check we accept this video | |
166 | const acceptParameters = { | |
167 | videoImportBody: body, | |
168 | user: res.locals.oauth.token.User | |
169 | } | |
170 | const acceptedResult = await Hooks.wrapFun( | |
171 | isPreImportVideoAccepted, | |
172 | acceptParameters, | |
173 | hookName | |
174 | ) | |
175 | ||
176 | if (!acceptedResult || acceptedResult.accepted !== true) { | |
177 | logger.info('Refused to import video.', { acceptedResult, acceptParameters }) | |
178 | ||
179 | res.fail({ | |
180 | status: HttpStatusCode.FORBIDDEN_403, | |
181 | message: acceptedResult.errorMessage || 'Refused to import video' | |
182 | }) | |
183 | return false | |
184 | } | |
185 | ||
186 | return true | |
187 | } | |
188 | ||
189 | function checkUserCanManageImport (user: MUserAccountId, videoImport: MVideoImport, res: express.Response) { | |
190 | if (user.hasRight(UserRight.MANAGE_VIDEO_IMPORTS) === false && videoImport.userId !== user.id) { | |
191 | res.fail({ | |
192 | status: HttpStatusCode.FORBIDDEN_403, | |
193 | message: 'Cannot manage video import of another user' | |
194 | }) | |
195 | return false | |
196 | } | |
197 | ||
198 | return true | |
199 | } |