1 import { Request, Response } from 'express'
2 import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
3 import { isAbleToUploadVideo } from '@server/lib/user'
4 import { authenticatePromiseIfNeeded } from '@server/middlewares/auth'
5 import { VideoModel } from '@server/models/video/video'
6 import { VideoChannelModel } from '@server/models/video/video-channel'
7 import { VideoFileModel } from '@server/models/video/video-file'
14 MVideoFormattableDetails,
20 } from '@server/types/models'
21 import { HttpStatusCode, ServerErrorCode, UserRight } from '@shared/models'
23 async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
24 const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
26 const video = await loadVideo(id, fetchType, userId)
30 status: HttpStatusCode.NOT_FOUND_404,
31 message: 'Video not found'
38 res.locals.videoAPI = video as MVideoFormattableDetails
42 res.locals.videoAll = video as MVideoFullLight
45 case 'only-immutable-attributes':
46 res.locals.onlyImmutableVideo = video as MVideoImmutable
50 res.locals.videoId = video as MVideoId
54 res.locals.onlyVideo = video as MVideoThumbnail
61 async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) {
62 if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) {
64 status: HttpStatusCode.NOT_FOUND_404,
65 message: 'VideoFile matching Video not found'
73 async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) {
74 const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
76 if (videoChannel === null) {
77 res.fail({ message: 'Unknown video "video channel" for this instance.' })
81 // Don't check account id if the user can update any video
82 if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
83 res.locals.videoChannel = videoChannel
87 if (videoChannel.Account.id !== user.Account.id) {
89 message: 'Unknown video "video channel" for this account.'
94 res.locals.videoChannel = videoChannel
98 async function checkCanSeeVideoIfPrivate (req: Request, res: Response, video: MVideo, authenticateInQuery = false) {
99 if (!video.requiresAuth()) return true
101 const videoWithRights = await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id)
103 return checkCanSeePrivateVideo(req, res, videoWithRights, authenticateInQuery)
106 async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVideoWithRights, authenticateInQuery = false) {
107 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
109 const user = res.locals.oauth ? res.locals.oauth.token.User : null
111 // Only the owner or a user that have blocklist rights can see the video
112 if (!user || !user.canGetVideo(video)) {
114 status: HttpStatusCode.FORBIDDEN_403,
115 message: 'Cannot fetch information of private/internal/blocklisted video'
124 function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
125 // Retrieve the user who did the request
126 if (onlyOwned && video.isOwned() === false) {
128 status: HttpStatusCode.FORBIDDEN_403,
129 message: 'Cannot manage a video of another server.'
134 // Check if the user can delete the video
135 // The user can delete it if he has the right
136 // Or if s/he is the video's account
137 const account = video.VideoChannel.Account
138 if (user.hasRight(right) === false && account.userId !== user.id) {
140 status: HttpStatusCode.FORBIDDEN_403,
141 message: 'Cannot manage a video of another user.'
149 async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) {
150 if (await isAbleToUploadVideo(user.id, videoFileSize) === false) {
152 status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
153 message: 'The user video quota is exceeded with this video.',
154 type: ServerErrorCode.QUOTA_REACHED
162 // ---------------------------------------------------------------------------
165 doesVideoChannelOfAccountExist,
167 doesVideoFileOfVideoExist,
169 checkUserCanManageVideo,
170 checkCanSeeVideoIfPrivate,
171 checkCanSeePrivateVideo,