server/middlewares/validators/video-channels.ts

   1 import * as express from 'express'
   2 import { body, param } from 'express-validator/check'
   3 import { UserRight } from '../../../shared'
   4 import { checkVideoAccountExists } from '../../helpers/custom-validators/accounts'
   5 import { isVideoChannelDescriptionValid, isVideoChannelNameValid } from '../../helpers/custom-validators/video-channels'
   6 import { checkVideoChannelExists, isIdOrUUIDValid } from '../../helpers/index'
   7 import { logger } from '../../helpers/logger'
   8 import { database as db } from '../../initializers'
   9 import { UserInstance } from '../../models'
  10 import { checkErrors } from './utils'
  11
  12 const listVideoAccountChannelsValidator = [
  13   param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),
  14
  15   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  16     logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
  17
  18     checkErrors(req, res, () => {
  19       checkVideoAccountExists(req.params.accountId, res, next)
  20     })
  21   }
  22 ]
  23
  24 const videoChannelsAddValidator = [
  25   body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  26   body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  27
  28   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  29     logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
  30
  31     checkErrors(req, res, next)
  32   }
  33 ]
  34
  35 const videoChannelsUpdateValidator = [
  36   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  37   body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
  38   body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  39
  40   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  41     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
  42
  43     checkErrors(req, res, () => {
  44       checkVideoChannelExists(req.params.id, res, () => {
  45         // We need to make additional checks
  46         if (res.locals.videoChannel.isOwned() === false) {
  47           return res.status(403)
  48             .json({ error: 'Cannot update video channel of another server' })
  49             .end()
  50         }
  51
  52         if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
  53           return res.status(403)
  54             .json({ error: 'Cannot update video channel of another user' })
  55             .end()
  56         }
  57
  58         next()
  59       })
  60     })
  61   }
  62 ]
  63
  64 const videoChannelsRemoveValidator = [
  65   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  66
  67   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  68     logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
  69
  70     checkErrors(req, res, () => {
  71       checkVideoChannelExists(req.params.id, res, () => {
  72         // Check if the user who did the request is able to delete the video
  73         checkUserCanDeleteVideoChannel(res, () => {
  74           checkVideoChannelIsNotTheLastOne(res, next)
  75         })
  76       })
  77     })
  78   }
  79 ]
  80
  81 const videoChannelsGetValidator = [
  82   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  83
  84   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  85     logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
  86
  87     checkErrors(req, res, () => {
  88       checkVideoChannelExists(req.params.id, res, next)
  89     })
  90   }
  91 ]
  92
  93 // ---------------------------------------------------------------------------
  94
  95 export {
  96   listVideoAccountChannelsValidator,
  97   videoChannelsAddValidator,
  98   videoChannelsUpdateValidator,
  99   videoChannelsRemoveValidator,
 100   videoChannelsGetValidator
 101 }
 102
 103 // ---------------------------------------------------------------------------
 104
 105 function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
 106   const user: UserInstance = res.locals.oauth.token.User
 107
 108   // Retrieve the user who did the request
 109   if (res.locals.videoChannel.isOwned() === false) {
 110     return res.status(403)
 111               .json({ error: 'Cannot remove video channel of another server.' })
 112               .end()
 113   }
 114
 115   // Check if the user can delete the video channel
 116   // The user can delete it if s/he is an admin
 117   // Or if s/he is the video channel's account
 118   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Account.userId !== user.id) {
 119     return res.status(403)
 120               .json({ error: 'Cannot remove video channel of another user' })
 121               .end()
 122   }
 123
 124   // If we reach this comment, we can delete the video
 125   callback()
 126 }
 127
 128 function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
 129   db.VideoChannel.countByAccount(res.locals.oauth.token.User.Account.id)
 130     .then(count => {
 131       if (count <= 1) {
 132         return res.status(409)
 133           .json({ error: 'Cannot remove the last channel of this user' })
 134           .end()
 135       }
 136
 137       callback()
 138     })
 139 }