1 import { Request, Response } from 'express'
2 import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
3 import { authenticatePromiseIfNeeded } from '@server/middlewares/auth'
4 import { VideoModel } from '@server/models/video/video'
5 import { VideoChannelModel } from '@server/models/video/video-channel'
6 import { VideoFileModel } from '@server/models/video/video-file'
12 MVideoFormattableDetails,
18 } from '@server/types/models'
19 import { HttpStatusCode, UserRight } from '@shared/models'
21 async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
22 const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
24 const video = await loadVideo(id, fetchType, userId)
28 status: HttpStatusCode.NOT_FOUND_404,
29 message: 'Video not found'
36 res.locals.videoAPI = video as MVideoFormattableDetails
40 res.locals.videoAll = video as MVideoFullLight
43 case 'only-immutable-attributes':
44 res.locals.onlyImmutableVideo = video as MVideoImmutable
48 res.locals.videoId = video as MVideoId
52 res.locals.onlyVideo = video as MVideoThumbnail
59 async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) {
60 if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) {
62 status: HttpStatusCode.NOT_FOUND_404,
63 message: 'VideoFile matching Video not found'
71 async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) {
72 const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
74 if (videoChannel === null) {
75 res.fail({ message: 'Unknown video "video channel" for this instance.' })
79 // Don't check account id if the user can update any video
80 if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
81 res.locals.videoChannel = videoChannel
85 if (videoChannel.Account.id !== user.Account.id) {
87 message: 'Unknown video "video channel" for this account.'
92 res.locals.videoChannel = videoChannel
96 async function checkCanSeeVideoIfPrivate (req: Request, res: Response, video: MVideo, authenticateInQuery = false) {
97 if (!video.requiresAuth()) return true
99 const videoWithRights = await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id)
101 return checkCanSeePrivateVideo(req, res, videoWithRights, authenticateInQuery)
104 async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVideoWithRights, authenticateInQuery = false) {
105 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
107 const user = res.locals.oauth ? res.locals.oauth.token.User : null
109 // Only the owner or a user that have blocklist rights can see the video
110 if (!user || !user.canGetVideo(video)) {
117 function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
118 // Retrieve the user who did the request
119 if (onlyOwned && video.isOwned() === false) {
121 status: HttpStatusCode.FORBIDDEN_403,
122 message: 'Cannot manage a video of another server.'
127 // Check if the user can delete the video
128 // The user can delete it if he has the right
129 // Or if s/he is the video's account
130 const account = video.VideoChannel.Account
131 if (user.hasRight(right) === false && account.userId !== user.id) {
133 status: HttpStatusCode.FORBIDDEN_403,
134 message: 'Cannot manage a video of another user.'
142 // ---------------------------------------------------------------------------
145 doesVideoChannelOfAccountExist,
147 doesVideoFileOfVideoExist,
148 checkUserCanManageVideo,
149 checkCanSeeVideoIfPrivate,
150 checkCanSeePrivateVideo