server/middlewares/validators/videos/video-channels.ts

   1 import * as express from 'express'
   2 import { body, param, query } from 'express-validator'
   3 import { VIDEO_CHANNELS } from '@server/initializers/constants'
   4 import { MChannelAccountDefault, MUser } from '@server/types/models'
   5 import { UserRight } from '../../../../shared'
   6 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
   7 import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor'
   8 import { isBooleanValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
   9 import {
  10   isVideoChannelDescriptionValid,
  11   isVideoChannelNameValid,
  12   isVideoChannelSupportValid
  13 } from '../../../helpers/custom-validators/video-channels'
  14 import { logger } from '../../../helpers/logger'
  15 import { doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../../../helpers/middlewares'
  16 import { ActorModel } from '../../../models/actor/actor'
  17 import { VideoChannelModel } from '../../../models/video/video-channel'
  18 import { areValidationErrors } from '../utils'
  19
  20 const videoChannelsAddValidator = [
  21   body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
  22   body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  23   body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  24   body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
  25
  26   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  27     logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
  28
  29     if (areValidationErrors(req, res)) return
  30
  31     const actor = await ActorModel.loadLocalByName(req.body.name)
  32     if (actor) {
  33       res.fail({
  34         status: HttpStatusCode.CONFLICT_409,
  35         message: 'Another actor (account/channel) with this name on this instance already exists or has already existed.'
  36       })
  37       return false
  38     }
  39
  40     const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
  41     if (count >= VIDEO_CHANNELS.MAX_PER_USER) {
  42       res.fail({ message: `You cannot create more than ${VIDEO_CHANNELS.MAX_PER_USER} channels` })
  43       return false
  44     }
  45
  46     return next()
  47   }
  48 ]
  49
  50 const videoChannelsUpdateValidator = [
  51   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  52   body('displayName')
  53     .optional()
  54     .custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  55   body('description')
  56     .optional()
  57     .custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  58   body('support')
  59     .optional()
  60     .custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
  61   body('bulkVideosSupportUpdate')
  62     .optional()
  63     .custom(isBooleanValid).withMessage('Should have a valid bulkVideosSupportUpdate boolean field'),
  64
  65   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  66     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
  67
  68     if (areValidationErrors(req, res)) return
  69     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
  70
  71     // We need to make additional checks
  72     if (res.locals.videoChannel.Actor.isOwned() === false) {
  73       return res.fail({
  74         status: HttpStatusCode.FORBIDDEN_403,
  75         message: 'Cannot update video channel of another server'
  76       })
  77     }
  78
  79     if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
  80       return res.fail({
  81         status: HttpStatusCode.FORBIDDEN_403,
  82         message: 'Cannot update video channel of another user'
  83       })
  84     }
  85
  86     return next()
  87   }
  88 ]
  89
  90 const videoChannelsRemoveValidator = [
  91   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  92
  93   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  94     logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
  95
  96     if (areValidationErrors(req, res)) return
  97     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
  98
  99     if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
 100     if (!await checkVideoChannelIsNotTheLastOne(res)) return
 101
 102     return next()
 103   }
 104 ]
 105
 106 const videoChannelsNameWithHostValidator = [
 107   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
 108
 109   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 110     logger.debug('Checking videoChannelsNameWithHostValidator parameters', { parameters: req.params })
 111
 112     if (areValidationErrors(req, res)) return
 113
 114     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
 115
 116     return next()
 117   }
 118 ]
 119
 120 const localVideoChannelValidator = [
 121   param('name').custom(isVideoChannelNameValid).withMessage('Should have a valid video channel name'),
 122
 123   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 124     logger.debug('Checking localVideoChannelValidator parameters', { parameters: req.params })
 125
 126     if (areValidationErrors(req, res)) return
 127     if (!await doesLocalVideoChannelNameExist(req.params.name, res)) return
 128
 129     return next()
 130   }
 131 ]
 132
 133 const videoChannelStatsValidator = [
 134   query('withStats')
 135     .optional()
 136     .customSanitizer(toBooleanOrNull)
 137     .custom(isBooleanValid).withMessage('Should have a valid stats flag'),
 138
 139   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 140     if (areValidationErrors(req, res)) return
 141     return next()
 142   }
 143 ]
 144
 145 // ---------------------------------------------------------------------------
 146
 147 export {
 148   videoChannelsAddValidator,
 149   videoChannelsUpdateValidator,
 150   videoChannelsRemoveValidator,
 151   videoChannelsNameWithHostValidator,
 152   localVideoChannelValidator,
 153   videoChannelStatsValidator
 154 }
 155
 156 // ---------------------------------------------------------------------------
 157
 158 function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) {
 159   if (videoChannel.Actor.isOwned() === false) {
 160     res.fail({
 161       status: HttpStatusCode.FORBIDDEN_403,
 162       message: 'Cannot remove video channel of another server.'
 163     })
 164     return false
 165   }
 166
 167   // Check if the user can delete the video channel
 168   // The user can delete it if s/he is an admin
 169   // Or if s/he is the video channel's account
 170   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
 171     res.fail({
 172       status: HttpStatusCode.FORBIDDEN_403,
 173       message: 'Cannot remove video channel of another user'
 174     })
 175     return false
 176   }
 177
 178   return true
 179 }
 180
 181 async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
 182   const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
 183
 184   if (count <= 1) {
 185     res.fail({
 186       status: HttpStatusCode.CONFLICT_409,
 187       message: 'Cannot remove the last channel of this user'
 188     })
 189     return false
 190   }
 191
 192   return true
 193 }