1 import express from 'express'
2 import { body, param, query } from 'express-validator'
3 import { MUserAccountUrl } from '@server/types/models'
4 import { HttpStatusCode, UserRight } from '@shared/models'
5 import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
6 import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
7 import { logger } from '../../../helpers/logger'
8 import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
9 import { Hooks } from '../../../lib/plugins/hooks'
10 import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
13 checkCanSeeVideoIfPrivate,
14 doesVideoCommentExist,
15 doesVideoCommentThreadExist,
20 const listVideoCommentsValidator = [
23 .customSanitizer(toBooleanOrNull)
24 .custom(isBooleanValid)
25 .withMessage('Should have a valid is local boolean'),
29 .custom(exists).withMessage('Should have a valid search'),
31 query('searchAccount')
33 .custom(exists).withMessage('Should have a valid account search'),
37 .custom(exists).withMessage('Should have a valid video search'),
39 (req: express.Request, res: express.Response, next: express.NextFunction) => {
40 logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query })
42 if (areValidationErrors(req, res)) return
48 const listVideoCommentThreadsValidator = [
49 isValidVideoIdParam('videoId'),
51 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
52 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
54 if (areValidationErrors(req, res)) return
55 if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
57 if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
59 status: HttpStatusCode.FORBIDDEN_403,
60 message: 'Cannot list comments of private/internal/blocklisted video'
68 const listVideoThreadCommentsValidator = [
69 isValidVideoIdParam('videoId'),
72 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'),
74 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
75 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
77 if (areValidationErrors(req, res)) return
78 if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
79 if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
81 if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
83 status: HttpStatusCode.FORBIDDEN_403,
84 message: 'Cannot list threads of private/internal/blocklisted video'
92 const addVideoCommentThreadValidator = [
93 isValidVideoIdParam('videoId'),
96 .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
98 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
99 logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
101 if (areValidationErrors(req, res)) return
102 if (!await doesVideoExist(req.params.videoId, res)) return
104 if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) {
106 status: HttpStatusCode.FORBIDDEN_403,
107 message: 'Cannot access to this ressource'
111 if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
112 if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
118 const addVideoCommentReplyValidator = [
119 isValidVideoIdParam('videoId'),
121 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
123 body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
125 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
126 logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body })
128 if (areValidationErrors(req, res)) return
129 if (!await doesVideoExist(req.params.videoId, res)) return
131 if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) {
133 status: HttpStatusCode.FORBIDDEN_403,
134 message: 'Cannot access to this ressource'
138 if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
139 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
140 if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
146 const videoCommentGetValidator = [
147 isValidVideoIdParam('videoId'),
150 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
152 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
153 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
155 if (areValidationErrors(req, res)) return
156 if (!await doesVideoExist(req.params.videoId, res, 'id')) return
157 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
163 const removeVideoCommentValidator = [
164 isValidVideoIdParam('videoId'),
166 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
168 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
169 logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params })
171 if (areValidationErrors(req, res)) return
172 if (!await doesVideoExist(req.params.videoId, res)) return
173 if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
175 // Check if the user who did the request is able to delete the video
176 if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
182 // ---------------------------------------------------------------------------
185 listVideoCommentThreadsValidator,
186 listVideoThreadCommentsValidator,
187 addVideoCommentThreadValidator,
188 listVideoCommentsValidator,
189 addVideoCommentReplyValidator,
190 videoCommentGetValidator,
191 removeVideoCommentValidator
194 // ---------------------------------------------------------------------------
196 function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
197 if (video.commentsEnabled !== true) {
199 status: HttpStatusCode.CONFLICT_409,
200 message: 'Video comments are disabled for this video.'
208 function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
209 if (videoComment.isDeleted()) {
211 status: HttpStatusCode.CONFLICT_409,
212 message: 'This comment is already deleted'
217 const userAccount = user.Account
220 user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
221 videoComment.accountId !== userAccount.id && // Not the comment owner
222 videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
225 status: HttpStatusCode.FORBIDDEN_403,
226 message: 'Cannot remove video comment of another user'
234 async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
235 const acceptParameters = {
237 commentBody: req.body,
238 user: res.locals.oauth.token.User
241 let acceptedResult: AcceptResult
244 const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
246 acceptedResult = await Hooks.wrapFun(
247 isLocalVideoCommentReplyAccepted,
248 acceptReplyParameters,
249 'filter:api.video-comment-reply.create.accept.result'
252 acceptedResult = await Hooks.wrapFun(
253 isLocalVideoThreadAccepted,
255 'filter:api.video-thread.create.accept.result'
259 if (!acceptedResult || acceptedResult.accepted !== true) {
260 logger.info('Refused local comment.', { acceptedResult, acceptParameters })
263 status: HttpStatusCode.FORBIDDEN_403,
264 message: acceptedResult?.errorMessage || 'Refused local comment'