]>
Commit | Line | Data |
---|---|---|
1 | import 'express-validator' | |
2 | import * as express from 'express' | |
3 | import * as Promise from 'bluebird' | |
4 | import * as validator from 'validator' | |
5 | ||
6 | import { database as db } from '../../initializers/database' | |
7 | import { checkErrors } from './utils' | |
8 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | |
9 | import { logger, isVideoDurationValid } from '../../helpers' | |
10 | import { VideoInstance } from '../../models' | |
11 | ||
12 | function videosAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
13 | // FIXME: Don't write an error message, it seems there is a bug with express-validator | |
14 | // 'Should have a valid file' | |
15 | req.checkBody('videofile').isVideoFile(req.files) | |
16 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() | |
17 | req.checkBody('category', 'Should have a valid category').isVideoCategoryValid() | |
18 | req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid() | |
19 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() | |
20 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid() | |
21 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() | |
22 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | |
23 | ||
24 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) | |
25 | ||
26 | checkErrors(req, res, () => { | |
27 | const videoFile = req.files.videofile[0] | |
28 | ||
29 | db.Video.getDurationFromFile(videoFile.path) | |
30 | .then(duration => { | |
31 | if (!isVideoDurationValid('' + duration)) { | |
32 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | |
33 | } | |
34 | ||
35 | videoFile['duration'] = duration | |
36 | next() | |
37 | }) | |
38 | .catch(err => { | |
39 | logger.error('Error in getting duration from file.', err) | |
40 | res.status(400).send('Cannot retrieve metadata of the file.') | |
41 | }) | |
42 | }) | |
43 | } | |
44 | ||
45 | function videosUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
46 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
47 | req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid() | |
48 | req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid() | |
49 | req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid() | |
50 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() | |
51 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid() | |
52 | req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid() | |
53 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | |
54 | ||
55 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) | |
56 | ||
57 | checkErrors(req, res, () => { | |
58 | checkVideoExists(req.params.id, res, () => { | |
59 | // We need to make additional checks | |
60 | if (res.locals.video.isOwned() === false) { | |
61 | return res.status(403).send('Cannot update video of another pod') | |
62 | } | |
63 | ||
64 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | |
65 | return res.status(403).send('Cannot update video of another user') | |
66 | } | |
67 | ||
68 | next() | |
69 | }) | |
70 | }) | |
71 | } | |
72 | ||
73 | function videosGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
74 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
75 | ||
76 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | |
77 | ||
78 | checkErrors(req, res, () => { | |
79 | checkVideoExists(req.params.id, res, next) | |
80 | }) | |
81 | } | |
82 | ||
83 | function videosRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
84 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
85 | ||
86 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | |
87 | ||
88 | checkErrors(req, res, () => { | |
89 | checkVideoExists(req.params.id, res, () => { | |
90 | // We need to make additional checks | |
91 | ||
92 | // Check if the user who did the request is able to delete the video | |
93 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => { | |
94 | next() | |
95 | }) | |
96 | }) | |
97 | }) | |
98 | } | |
99 | ||
100 | function videosSearchValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
101 | const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS | |
102 | req.checkParams('value', 'Should have a valid search').notEmpty() | |
103 | req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns) | |
104 | ||
105 | logger.debug('Checking videosSearch parameters', { parameters: req.params }) | |
106 | ||
107 | checkErrors(req, res, next) | |
108 | } | |
109 | ||
110 | function videoAbuseReportValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
111 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
112 | req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid() | |
113 | ||
114 | logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) | |
115 | ||
116 | checkErrors(req, res, () => { | |
117 | checkVideoExists(req.params.id, res, next) | |
118 | }) | |
119 | } | |
120 | ||
121 | function videoRateValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
122 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
123 | req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid() | |
124 | ||
125 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | |
126 | ||
127 | checkErrors(req, res, () => { | |
128 | checkVideoExists(req.params.id, res, next) | |
129 | }) | |
130 | } | |
131 | ||
132 | function videosBlacklistValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | |
133 | req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid() | |
134 | ||
135 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | |
136 | ||
137 | checkErrors(req, res, () => { | |
138 | checkVideoExists(req.params.id, res, () => { | |
139 | checkVideoIsBlacklistable(req, res, next) | |
140 | }) | |
141 | }) | |
142 | } | |
143 | ||
144 | // --------------------------------------------------------------------------- | |
145 | ||
146 | export { | |
147 | videosAddValidator, | |
148 | videosUpdateValidator, | |
149 | videosGetValidator, | |
150 | videosRemoveValidator, | |
151 | videosSearchValidator, | |
152 | ||
153 | videoAbuseReportValidator, | |
154 | ||
155 | videoRateValidator, | |
156 | ||
157 | videosBlacklistValidator | |
158 | } | |
159 | ||
160 | // --------------------------------------------------------------------------- | |
161 | ||
162 | function checkVideoExists (id: string, res: express.Response, callback: () => void) { | |
163 | let promise: Promise<VideoInstance> | |
164 | if (validator.isInt(id)) { | |
165 | promise = db.Video.loadAndPopulateAuthorAndPodAndTags(+id) | |
166 | } else { // UUID | |
167 | promise = db.Video.loadByUUIDAndPopulateAuthorAndPodAndTags(id) | |
168 | } | |
169 | ||
170 | promise.then(video => { | |
171 | if (!video) return res.status(404).send('Video not found') | |
172 | ||
173 | res.locals.video = video | |
174 | callback() | |
175 | }) | |
176 | .catch(err => { | |
177 | logger.error('Error in video request validator.', err) | |
178 | return res.sendStatus(500) | |
179 | }) | |
180 | } | |
181 | ||
182 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { | |
183 | // Retrieve the user who did the request | |
184 | db.User.loadById(userId) | |
185 | .then(user => { | |
186 | // Check if the user can delete the video | |
187 | // The user can delete it if s/he is an admin | |
188 | // Or if s/he is the video's author | |
189 | if (user.isAdmin() === false) { | |
190 | if (res.locals.video.isOwned() === false) { | |
191 | return res.status(403).send('Cannot remove video of another pod') | |
192 | } | |
193 | ||
194 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | |
195 | return res.status(403).send('Cannot remove video of another user') | |
196 | } | |
197 | } | |
198 | ||
199 | // If we reach this comment, we can delete the video | |
200 | callback() | |
201 | }) | |
202 | .catch(err => { | |
203 | logger.error('Error in video request validator.', err) | |
204 | return res.sendStatus(500) | |
205 | }) | |
206 | } | |
207 | ||
208 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { | |
209 | if (res.locals.video.isOwned() === true) { | |
210 | return res.status(403).send('Cannot blacklist a local video') | |
211 | } | |
212 | ||
213 | callback() | |
214 | } |