1 import express from 'express'
2 import { body, param, query } from 'express-validator'
3 import { MUserAccountUrl } from '@server/types/models'
4 import { HttpStatusCode, UserRight } from '@shared/models'
5 import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
6 import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
7 import { logger } from '../../../helpers/logger'
8 import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
9 import { Hooks } from '../../../lib/plugins/hooks'
10 import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
14 doesVideoCommentExist,
15 doesVideoCommentThreadExist,
20 const listVideoCommentsValidator = [
23 .customSanitizer(toBooleanOrNull)
24 .custom(isBooleanValid)
25 .withMessage('Should have a valid isLocal boolean'),
29 .customSanitizer(toBooleanOrNull)
30 .custom(isBooleanValid)
31 .withMessage('Should have a valid onLocalVideo boolean'),
37 query('searchAccount')
45 (req: express.Request, res: express.Response, next: express.NextFunction) => {
46 logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query })
48 if (areValidationErrors(req, res)) return
54 const listVideoCommentThreadsValidator = [
55 isValidVideoIdParam('videoId'),
57 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
58 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
60 if (areValidationErrors(req, res)) return
61 if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
63 if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return
69 const listVideoThreadCommentsValidator = [
70 isValidVideoIdParam('videoId'),
75 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
76 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
78 if (areValidationErrors(req, res)) return
79 if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
80 if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
82 if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return
88 const addVideoCommentThreadValidator = [
89 isValidVideoIdParam('videoId'),
92 .custom(isValidVideoCommentText),
94 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
95 logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
97 if (areValidationErrors(req, res)) return
98 if (!await doesVideoExist(req.params.videoId, res)) return
100 if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return
102 if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
103 if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
109 const addVideoCommentReplyValidator = [
110 isValidVideoIdParam('videoId'),
112 param('commentId').custom(isIdValid),
114 body('text').custom(isValidVideoCommentText),
116 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
117 logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body })
119 if (areValidationErrors(req, res)) return
120 if (!await doesVideoExist(req.params.videoId, res)) return
122 if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return
124 if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
125 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
126 if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
132 const videoCommentGetValidator = [
133 isValidVideoIdParam('videoId'),
138 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
139 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
141 if (areValidationErrors(req, res)) return
142 if (!await doesVideoExist(req.params.videoId, res, 'id')) return
143 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
149 const removeVideoCommentValidator = [
150 isValidVideoIdParam('videoId'),
155 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
156 logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params })
158 if (areValidationErrors(req, res)) return
159 if (!await doesVideoExist(req.params.videoId, res)) return
160 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
162 // Check if the user who did the request is able to delete the video
163 if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
169 // ---------------------------------------------------------------------------
172 listVideoCommentThreadsValidator,
173 listVideoThreadCommentsValidator,
174 addVideoCommentThreadValidator,
175 listVideoCommentsValidator,
176 addVideoCommentReplyValidator,
177 videoCommentGetValidator,
178 removeVideoCommentValidator
181 // ---------------------------------------------------------------------------
183 function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
184 if (video.commentsEnabled !== true) {
186 status: HttpStatusCode.CONFLICT_409,
187 message: 'Video comments are disabled for this video.'
195 function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
196 if (videoComment.isDeleted()) {
198 status: HttpStatusCode.CONFLICT_409,
199 message: 'This comment is already deleted'
204 const userAccount = user.Account
207 user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
208 videoComment.accountId !== userAccount.id && // Not the comment owner
209 videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
212 status: HttpStatusCode.FORBIDDEN_403,
213 message: 'Cannot remove video comment of another user'
221 async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
222 const acceptParameters = {
224 commentBody: req.body,
225 user: res.locals.oauth.token.User
228 let acceptedResult: AcceptResult
231 const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
233 acceptedResult = await Hooks.wrapFun(
234 isLocalVideoCommentReplyAccepted,
235 acceptReplyParameters,
236 'filter:api.video-comment-reply.create.accept.result'
239 acceptedResult = await Hooks.wrapFun(
240 isLocalVideoThreadAccepted,
242 'filter:api.video-thread.create.accept.result'
246 if (!acceptedResult || acceptedResult.accepted !== true) {
247 logger.info('Refused local comment.', { acceptedResult, acceptParameters })
250 status: HttpStatusCode.FORBIDDEN_403,
251 message: acceptedResult?.errorMessage || 'Refused local comment'