]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/middlewares/validators/videos/video-channels.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
replace numbers with typed http status codes (#3409)
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-channels.ts
1 import * as express from 'express'
2 import { body, param, query } from 'express-validator'
3 import { VIDEO_CHANNELS } from '@server/initializers/constants'
4 import { MChannelAccountDefault, MUser } from '@server/types/models'
5 import { UserRight } from '../../../../shared'
6 import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor'
7 import { isBooleanValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
8 import {
9 isVideoChannelDescriptionValid,
10 isVideoChannelNameValid,
11 isVideoChannelSupportValid
12 } from '../../../helpers/custom-validators/video-channels'
13 import { logger } from '../../../helpers/logger'
14 import { doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../../../helpers/middlewares'
15 import { ActorModel } from '../../../models/activitypub/actor'
16 import { VideoChannelModel } from '../../../models/video/video-channel'
17 import { areValidationErrors } from '../utils'
18 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
19
20 const videoChannelsAddValidator = [
21 body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
22 body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
23 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
24 body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
25
26 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
27 logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
28
29 if (areValidationErrors(req, res)) return
30
31 const actor = await ActorModel.loadLocalByName(req.body.name)
32 if (actor) {
33 res.status(HttpStatusCode.CONFLICT_409)
34 .send({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' })
35 .end()
36 return false
37 }
38
39 const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
40 if (count >= VIDEO_CHANNELS.MAX_PER_USER) {
41 res.status(HttpStatusCode.BAD_REQUEST_400)
42 .send({ error: `You cannot create more than ${VIDEO_CHANNELS.MAX_PER_USER} channels` })
43 .end()
44 return false
45 }
46
47 return next()
48 }
49 ]
50
51 const videoChannelsUpdateValidator = [
52 param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
53 body('displayName')
54 .optional()
55 .custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
56 body('description')
57 .optional()
58 .custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
59 body('support')
60 .optional()
61 .custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
62 body('bulkVideosSupportUpdate')
63 .optional()
64 .custom(isBooleanValid).withMessage('Should have a valid bulkVideosSupportUpdate boolean field'),
65
66 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
67 logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
68
69 if (areValidationErrors(req, res)) return
70 if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
71
72 // We need to make additional checks
73 if (res.locals.videoChannel.Actor.isOwned() === false) {
74 return res.status(HttpStatusCode.FORBIDDEN_403)
75 .json({ error: 'Cannot update video channel of another server' })
76 .end()
77 }
78
79 if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
80 return res.status(HttpStatusCode.FORBIDDEN_403)
81 .json({ error: 'Cannot update video channel of another user' })
82 .end()
83 }
84
85 return next()
86 }
87 ]
88
89 const videoChannelsRemoveValidator = [
90 param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
91
92 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
93 logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
94
95 if (areValidationErrors(req, res)) return
96 if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
97
98 if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
99 if (!await checkVideoChannelIsNotTheLastOne(res)) return
100
101 return next()
102 }
103 ]
104
105 const videoChannelsNameWithHostValidator = [
106 param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
107
108 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
109 logger.debug('Checking videoChannelsNameWithHostValidator parameters', { parameters: req.params })
110
111 if (areValidationErrors(req, res)) return
112
113 if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
114
115 return next()
116 }
117 ]
118
119 const localVideoChannelValidator = [
120 param('name').custom(isVideoChannelNameValid).withMessage('Should have a valid video channel name'),
121
122 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
123 logger.debug('Checking localVideoChannelValidator parameters', { parameters: req.params })
124
125 if (areValidationErrors(req, res)) return
126 if (!await doesLocalVideoChannelNameExist(req.params.name, res)) return
127
128 return next()
129 }
130 ]
131
132 const videoChannelStatsValidator = [
133 query('withStats')
134 .optional()
135 .customSanitizer(toBooleanOrNull)
136 .custom(isBooleanValid).withMessage('Should have a valid stats flag'),
137
138 (req: express.Request, res: express.Response, next: express.NextFunction) => {
139 if (areValidationErrors(req, res)) return
140 return next()
141 }
142 ]
143
144 // ---------------------------------------------------------------------------
145
146 export {
147 videoChannelsAddValidator,
148 videoChannelsUpdateValidator,
149 videoChannelsRemoveValidator,
150 videoChannelsNameWithHostValidator,
151 localVideoChannelValidator,
152 videoChannelStatsValidator
153 }
154
155 // ---------------------------------------------------------------------------
156
157 function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) {
158 if (videoChannel.Actor.isOwned() === false) {
159 res.status(HttpStatusCode.FORBIDDEN_403)
160 .json({ error: 'Cannot remove video channel of another server.' })
161 .end()
162
163 return false
164 }
165
166 // Check if the user can delete the video channel
167 // The user can delete it if s/he is an admin
168 // Or if s/he is the video channel's account
169 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
170 res.status(HttpStatusCode.FORBIDDEN_403)
171 .json({ error: 'Cannot remove video channel of another user' })
172 .end()
173
174 return false
175 }
176
177 return true
178 }
179
180 async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
181 const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
182
183 if (count <= 1) {
184 res.status(HttpStatusCode.CONFLICT_409)
185 .json({ error: 'Cannot remove the last channel of this user' })
186 .end()
187
188 return false
189 }
190
191 return true
192 }
ActivityPub-federated video streaming platform using P2P directly in your web browser