server/middlewares/validators/video-channels.ts

   1 import * as express from 'express'
   2 import { body, param } from 'express-validator/check'
   3 import { UserRight } from '../../../shared'
   4 import { logger } from '../../helpers'
   5 import { isAccountIdExist } from '../../helpers/custom-validators/accounts'
   6 import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
   7 import {
   8   isVideoChannelDescriptionValid,
   9   isVideoChannelExist,
  10   isVideoChannelNameValid
  11 } from '../../helpers/custom-validators/video-channels'
  12 import { UserModel } from '../../models/account/user'
  13 import { VideoChannelModel } from '../../models/video/video-channel'
  14 import { areValidationErrors } from './utils'
  15
  16 const listVideoAccountChannelsValidator = [
  17   param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),
  18
  19   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  20     logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
  21
  22     if (areValidationErrors(req, res)) return
  23     if (!await isAccountIdExist(req.params.accountId, res)) return
  24
  25     return next()
  26   }
  27 ]
  28
  29 const videoChannelsAddValidator = [
  30   body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  31   body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  32
  33   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  34     logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
  35
  36     if (areValidationErrors(req, res)) return
  37
  38     return next()
  39   }
  40 ]
  41
  42 const videoChannelsUpdateValidator = [
  43   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  44   body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  45   body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  46
  47   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  48     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
  49
  50     if (areValidationErrors(req, res)) return
  51     if (!await isVideoChannelExist(req.params.id, res)) return
  52
  53     // We need to make additional checks
  54     if (res.locals.videoChannel.isOwned() === false) {
  55       return res.status(403)
  56         .json({ error: 'Cannot update video channel of another server' })
  57         .end()
  58     }
  59
  60     if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
  61       return res.status(403)
  62         .json({ error: 'Cannot update video channel of another user' })
  63         .end()
  64     }
  65
  66     return next()
  67   }
  68 ]
  69
  70 const videoChannelsRemoveValidator = [
  71   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  72
  73   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  74     logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
  75
  76     if (areValidationErrors(req, res)) return
  77     if (!await isVideoChannelExist(req.params.id, res)) return
  78
  79     // Check if the user who did the request is able to delete the video
  80     if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
  81     if (!await checkVideoChannelIsNotTheLastOne(res)) return
  82
  83     return next()
  84   }
  85 ]
  86
  87 const videoChannelsGetValidator = [
  88   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  89
  90   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  91     logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
  92
  93     if (areValidationErrors(req, res)) return
  94     if (!await isVideoChannelExist(req.params.id, res)) return
  95
  96     return next()
  97   }
  98 ]
  99
 100 // ---------------------------------------------------------------------------
 101
 102 export {
 103   listVideoAccountChannelsValidator,
 104   videoChannelsAddValidator,
 105   videoChannelsUpdateValidator,
 106   videoChannelsRemoveValidator,
 107   videoChannelsGetValidator
 108 }
 109
 110 // ---------------------------------------------------------------------------
 111
 112 function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
 113   if (videoChannel.Actor.isOwned() === false) {
 114     res.status(403)
 115               .json({ error: 'Cannot remove video channel of another server.' })
 116               .end()
 117
 118     return false
 119   }
 120
 121   // Check if the user can delete the video channel
 122   // The user can delete it if s/he is an admin
 123   // Or if s/he is the video channel's account
 124   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
 125     res.status(403)
 126               .json({ error: 'Cannot remove video channel of another user' })
 127               .end()
 128
 129     return false
 130   }
 131
 132   return true
 133 }
 134
 135 async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
 136   const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
 137
 138   if (count <= 1) {
 139     res.status(409)
 140       .json({ error: 'Cannot remove the last channel of this user' })
 141       .end()
 142
 143     return false
 144   }
 145
 146   return true
 147 }