server/middlewares/validators/videos/video-channels.ts

   1 import * as express from 'express'
   2 import { body, param } from 'express-validator/check'
   3 import { UserRight } from '../../../../shared'
   4 import {
   5   doesLocalVideoChannelNameExist,
   6   doesVideoChannelNameWithHostExist,
   7   isVideoChannelDescriptionValid,
   8   isVideoChannelNameValid,
   9   isVideoChannelSupportValid
  10 } from '../../../helpers/custom-validators/video-channels'
  11 import { logger } from '../../../helpers/logger'
  12 import { UserModel } from '../../../models/account/user'
  13 import { VideoChannelModel } from '../../../models/video/video-channel'
  14 import { areValidationErrors } from '../utils'
  15 import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor'
  16 import { ActorModel } from '../../../models/activitypub/actor'
  17
  18 const videoChannelsAddValidator = [
  19   body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
  20   body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  21   body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  22   body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
  23
  24   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  25     logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
  26
  27     if (areValidationErrors(req, res)) return
  28
  29     const actor = await ActorModel.loadLocalByName(req.body.name)
  30     if (actor) {
  31       res.status(409)
  32          .send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' })
  33          .end()
  34       return false
  35     }
  36
  37     return next()
  38   }
  39 ]
  40
  41 const videoChannelsUpdateValidator = [
  42   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  43   body('displayName').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
  44   body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
  45   body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
  46
  47   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  48     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
  49
  50     if (areValidationErrors(req, res)) return
  51     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
  52
  53     // We need to make additional checks
  54     if (res.locals.videoChannel.Actor.isOwned() === false) {
  55       return res.status(403)
  56         .json({ error: 'Cannot update video channel of another server' })
  57         .end()
  58     }
  59
  60     if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
  61       return res.status(403)
  62         .json({ error: 'Cannot update video channel of another user' })
  63         .end()
  64     }
  65
  66     return next()
  67   }
  68 ]
  69
  70 const videoChannelsRemoveValidator = [
  71   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  72
  73   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  74     logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
  75
  76     if (areValidationErrors(req, res)) return
  77     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
  78
  79     if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
  80     if (!await checkVideoChannelIsNotTheLastOne(res)) return
  81
  82     return next()
  83   }
  84 ]
  85
  86 const videoChannelsNameWithHostValidator = [
  87   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  88
  89   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  90     logger.debug('Checking videoChannelsNameWithHostValidator parameters', { parameters: req.params })
  91
  92     if (areValidationErrors(req, res)) return
  93
  94     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
  95
  96     return next()
  97   }
  98 ]
  99
 100 const localVideoChannelValidator = [
 101   param('name').custom(isVideoChannelNameValid).withMessage('Should have a valid video channel name'),
 102
 103   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 104     logger.debug('Checking localVideoChannelValidator parameters', { parameters: req.params })
 105
 106     if (areValidationErrors(req, res)) return
 107     if (!await doesLocalVideoChannelNameExist(req.params.name, res)) return
 108
 109     return next()
 110   }
 111 ]
 112
 113 // ---------------------------------------------------------------------------
 114
 115 export {
 116   videoChannelsAddValidator,
 117   videoChannelsUpdateValidator,
 118   videoChannelsRemoveValidator,
 119   videoChannelsNameWithHostValidator,
 120   localVideoChannelValidator
 121 }
 122
 123 // ---------------------------------------------------------------------------
 124
 125 function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) {
 126   if (videoChannel.Actor.isOwned() === false) {
 127     res.status(403)
 128               .json({ error: 'Cannot remove video channel of another server.' })
 129               .end()
 130
 131     return false
 132   }
 133
 134   // Check if the user can delete the video channel
 135   // The user can delete it if s/he is an admin
 136   // Or if s/he is the video channel's account
 137   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
 138     res.status(403)
 139               .json({ error: 'Cannot remove video channel of another user' })
 140               .end()
 141
 142     return false
 143   }
 144
 145   return true
 146 }
 147
 148 async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
 149   const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
 150
 151   if (count <= 1) {
 152     res.status(409)
 153       .json({ error: 'Cannot remove the last channel of this user' })
 154       .end()
 155
 156     return false
 157   }
 158
 159   return true
 160 }